DMARC Forward Reply Rewrite

Reply Mail Management

Replies are routed through Engagement when a reply email leaves the email server of an email service provider and goes to the Engagement mail server. The reply then leaves the mail server and goes to the email service providers mail server. The email has an Engagement IP address associated with it upon delivery. The DMARC checks the IP from the domain on the sender address and verifies it matches the IP addresses or DNS records. Since the reply email has the Engagement IP address associated with it, the email needs an Engagement domain for the sender record to not get rejected. If the reply mail kept the original email service provider domain and the Engagement IP address, due to the DMARC rejection practice, the email is rejected.

Engagement’s Reply Mail Management (RMM) functionality adds a dynamically generated reply-to header to outbound email messages. This header includes a special, per-recipient unique email address that brings any replies back to Engagement for processing. The RMM mail handling service receives the replies. Depending on the account’s configuration, the RMM service processes any unsubscribes, deletes any spam, and then takes any other replies and forwards them to a designated address.

DMARC: Can Prevent Email Forwarding

DMARC (Domain-based Message Authentication, Reporting, and Conformance) allows email service providers to publish a policy directing how unauthenticated mail from those domains is handled - typically requiring that they be rejected or sent to spam.

Replies forwarded by RMM preserve the original headers. Thus, a message with a From address 'jane@example.com' is delivered this way by Engagement. Because Engagement doesn’t own the @example.com domain and can’t send it with SPF or DKIM authentication features, the forwarded reply is rejected by most DMARC policies.

Allowlisting

To ensure the deliverability of RMM-forwarded replies, it’s possible to allowlist IPs used by RMM machines to forward emails. This strategy is ideal in scenarios where preserving mail headers is preferred, such as when replies are destined for into an Email-to-Case system.

When allowlisting isn’t feasible, DMARC Forward Reply Rewrite can be used.

DMARC Forward Reply Rewrite Fixes This Issue

When DMARC Forward Reply Rewrite is enabled, RMM rewrites email headers to avoid rejection. The From Name is rewritten as <From Name> <user> at <domain>. For example, a subscriber reply from Teresa Lee, tlee@example.com, is rewritten as “Teresa Lee tlee at example.com”. The From Email is rewritten as <user>.<domain>@<reply subdomain>. For example, a subscriber reply from tlee@example.com with the reply subdomain email.company.com is rewritten as tlee.example.com@email.company.com.

Engagement maintains an internal list of domains that publish restrictive DMARC policies. This list is referenced to determine which email replies headers to rewrite.

All accounts are enabled to rewrite headers, as necessary, to handle most email forwarding scenarios. If that potentially works better for your workflow, the functionality can be disabled upon request, or it can be configured to always rewrite headers for all replies. Contact Salesforce Customer Support for assistance.