> Apparently, mail.example.org and ASPMX.L.GOOGLE.com enforce DMARC > in different ways. > > Regardless, if the DMARC policy does not authorize host Y to send > mail on behalf of domain $myorigin, then you need to fix the DMARC > policy so that those bounces sent by host Y aren't violating DMARC, > or you need to somehow route those bounces from host Y through a > host that is DMARC-authorized.
All normal mail gets delivered just fine. The domain in question (example.com) has an SPF record including the server's (outside) IP address (and proper A and PTR records), and OpenDKIM signs all regular email. Examining the headers of all normal (non-NDR) post receipts show they pass both SPF, and DKIM tests and therefore DMARC as well. Plus the majority of sent posts are to the Google servers (with no issues). It's only the bounces/NDR's that have an issue. Thanks, Chris
