Thats exactly what im talking about, this DMARC Strict Identity Alignment.If a host only publishes a SPF record (no DKIM record), and sets up DMARC with Strict Identity Alignment, then you will need to rewrite or encapsulate the From: & MAIL FROM adress on any forwarded email to match your own server instead.
The best thing to do as I said, is to encapsulate the mail in a new message/rfc822 container, where the outer container will have your domain and your DKIM signature, while the inner container contains the original email, and where the outer subject contains "Fwd:" in addition to the original subject.
Just like you pressed "Forward" in your email client.By doing so, you have covered so your service can forward any email, with any SPF/DKIM/DMARC configuration, without any problems.
smime.p7s
Description: S/MIME Cryptographic Signature