My school recently changed the email provider they used to Microsoft Exchange and this had lead to a problem.
I have a digitalocean account which is setup with my school's email account. In turn, my school's email account is setup to redirect to my personal gmail account.
Any emails by digitalocean make it to my school inbox just fine but when my school email tries to redirect them to my personal gmail, I get the following error
The original message was received at Sat, 1 Sep 2018 23:02:40 -0700
from its-exchange05.sfu.ca [10.28.0.6]
----- The following addresses had permanent fatal errors -----
<*** Email address is removed for privacy ***>
(reason: 550-5.7.1 Unauthenticated email from digitalocean.com is
not accepted due to)
----- Transcript of session follows -----
... while talking to gmail-smtp-in.l.google.com.:
>>> DATA
<<< 550-5.7.1 Unauthenticated email from digitalocean.com is not accepted
due to
<<< 550-5.7.1 domain's DMARC policy. Please contact the administrator of
<<< 550-5.7.1 digitalocean.com domain if this was a legitimate mail. Please
visit
<<< 550-5.7.1 https://support.google.com/mai to
learn about the
<<< 550 5.7.1 DMARC initiative. n19-v6si6443293pgk.491 - gsmtp
554 5.0.0 Service unavailable
When I asked DigitalOcean about this issue they said
From what we are able to see, our emails are being sent to your mailbox. Please have a word with your organisation's email administrator as well and ask them to whitelist *** Email address is removed for privacy ***..
Then I sent this info to my school email admins, at which point they responded with:
in this case you can only ask Google to whitelist that email address. if you look at the error log that you gave me in the first email:
----- Transcript of session follows -----
... while talking to gmail-smtp-in.l.google.com.:
>>> DATA <<<
550-5.7.1 Unauthenticated email from support.digitalocean.com is not accepted
<<< 550-5.7.1 due to domain's DMARC policy.
it was the Google DMARC strict policy that block it -> that is something we have no control over it.
Which lead me to making this forum on Google asking how to resolve this and got this response
When I linked it to my school email admins, they responded with
The folks on that forum aren't clear on where the problem lies
The issue is that we (SFU) can not forward mail that originates from DigitalOcean.com. When we do, it violates the policy that DigitalOcean has published for its domain. Gmail chooses to enforce that policy, so it rejects the message. DigitalOcean isn't going to change their domain policy just so we can forward your mail, and there's no way for them to make an exception for an individual person.
The problem partly stems from the way Microsoft Exchange (which SFU Mail runs on) redirects mail when you forward it. It modifies it very slightly. Unfortunately, this modification, along with the fact that we are sending mail that is actually from DigitalOcean, combine to violate DigitalOcean's forwarding policy. We have no ability to modify how Microsoft Exchange works.
At this point, I feel like between DigitalOcean, my school email admins and google forums, I am getting the run around and quite frankly, I am a bit out of my depth as I know very little about this DMARC policy but I feel like there should be a way to get this fixed as Gmail doesnt have the issues but Microsoft Exchange does and I feel like it currently doesn't work just because either Gmail or Microsoft has a bug that they just dont feel like fixing cause its an edge case and its frustrating me.
Long story short, how can this situation be resolved without just forwarding the DigitalOcean accounts from my school email? I want to use redirect with any and all emails that go through my school email.