Your software
My Mautic version is: 4.3.1
My PHP version is: 7.4.28
My Database type and version is: MariaDB 10.5.15
Your problem
Hi folks, I’m in a bit of a pickle.
So we use a sending setup where we send email through our own SMTP server/app to Amazon SES, which then distrubutes emails to inboxes. This is to allow for maximum possible sending speeds without queuing up on Mautic side. Possibly other reasons - this is how my IT admins want it, not sure of all the reasons, alas this is the setup.
Since the new DMARC gmail rules, our Mautic emails are ending up in spam for Google users. By investigating, we figured out that the problem is that emails sent from Mautic are failing DMARC because of a missing DKIM signature for our send/envelope domain, only the signature for amazonses.com is present in headers, causing domain misalignment, and thus the DMARC fail.
The catch is that if we send an email from the same SMTP server (but directly from server console, not via Mautic) to SES, it’s then delivered with correct headers = including a second DKIM sig for our domain along with sig for amazonses.com = DMARC passes = email is succesfuly inboxed to Gmail.
It’s clear the cause is somewhere in Mautic, or on the way from Mautic to our SMTP server.
What gives? Has anyone experienced anything like this before? Please share your thoughts. Thank you!
We did of course investigate headers, that’s how I know that emails from Mautic using the STMP send method to SES come with incorrect DKIM signature, and emails directly sent from the smtp sending server console to SES have the correct DKIM signature.
I don’t fully understand the topic so it may be confusing I admit
That Mautic can’t mess with DKIM signatures is what I learned as well in the past 2 days.
My problem isn’t just specifically misalignment, but that we fail DMARC because of that misalignment (or more like because of difference between sender envelope, which uses our company domain, and the sender domain being identified in header as amazonses due to dkim being present only for amazonses).
Strangely, we today found out that this was happening only on one specific email address (noreply@), other addresses pass DMARC succesfuly and have correct DKIMs.
So in other words, just confirmed it has likely nothing to do with Mautic specifically in the end