Why does DMARC fail when I send from Apple Mail with my custom domain via Gmail?

DMARC fails when the domain in your email's visible "From" address doesn't align with the domain that actually authenticated the email via SPF or DKIM. In this case, your Apple Mail might be sending through a personal Gmail SMTP server, which authenticates for gmail.com , not your custom domain. This mismatch causes the DMARC failure.

How do I fix the configuration in Apple Mail?

You need to ensure your Apple Mail account settings for your custom domain are using the correct Google Workspace SMTP server (typically smtp.gmail.com ) with your Workspace credentials. Avoid having it default to a personal Gmail SMTP if you want to send as your custom domain. Check the Outgoing Mail Server (SMTP) dropdown in Apple Mail's preferences .

How can I tell if this specific DMARC alignment issue is affecting my emails?

You can inspect the email headers of a sent message. Look for the "Authentication-Results" section. If the smtp.mailfrom (or Return-Path) shows a gmail.com address while the "From" header shows your custom domain, it indicates this specific alignment issue. You can use an email deliverability tester to analyze your headers.

Will DMARC failures always lead to emails going to spam or being rejected?

Yes, if your DMARC policy is set to p=quarantine or p=reject , emails that fail DMARC will likely be sent to the spam folder or rejected entirely. This is why fixing the underlying configuration is critical for email deliverability. For more information, check out Why your emails fail .

How do I fix Apple Mail DMARC failure when sending from Gmail with a non-Gmail domain? - Troubleshooting - Email deliverability - Knowledge base

It can be frustrating when emails sent from your custom domain via Apple Mail, using a Gmail SMTP server, start failing DMARC authentication. This often leads to your important messages landing in spam folders or being outright rejected by recipients. The issue typically arises from a mismatch between the domain in your email's "From" header and the domain used for authentication during the sending process.

I’ve encountered this problem numerous times. It's especially prevalent for individuals and businesses using a custom domain with Google Workspace, who then configure their Apple Mail client to send emails through a personal Gmail account's outgoing server. DMARC (Domain-based Message Authentication, Reporting, and Conformance) is designed to prevent email spoofing and phishing by verifying that an email’s sender is legitimate. When authentication fails, it signals to receiving mail servers that something is amiss, triggering their spam filters. Let's explore how to diagnose and fix this specific DMARC failure.

Suped DMARC monitoring

Free forever, no credit card required

Learn more

Trusted by teams securing millions of inboxes

Understanding the DMARC failure

The core of this DMARC failure lies in how email authentication protocols like SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) align with the "From" domain. For an email to pass DMARC, either its SPF or DKIM (or both) must align with the domain in the RFC5322.From header (the visible sender address). When you send an email from Apple Mail configured with a non-Gmail custom domain, but route it through a personal Gmail SMTP server, here's what typically happens.

Gmail's SMTP server authenticates the email based on the credentials of the personal

Gmail.com account used to send the message. This means the message will pass SPF and DKIM authentication for

Google.com or

1e100.net, not your custom domain. The crucial problem is that the "From" header (your custom domain) does not align with the authenticated domain. This is a classic DMARC alignment failure. You can learn more about how DMARC authenticates emails in our simple guide to DMARC, SPF, and DKIM.

DMARC alignment

DMARC requires that the domain in the "From" address (RFC5322.From) aligns with the domain authenticated by SPF (Return-Path) or DKIM (d= domain). If you're sending from yourdomain.com but the email is SPF/DKIM authenticated by gmail.com, DMARC will fail.

Even if your Google

Workspace account has SPF and DKIM properly configured for your custom domain, if Apple Mail uses your personal

Gmail account as the outbound SMTP server, those custom domain authentications won't be applied. The email will be signed by

Gmail's server, leading to the DMARC failure. This exact issue is detailed in why DMARC authentication fails when SPF and DKIM pass.

Diagnosing the misconfiguration

To confirm this is your issue, you'll need to examine the email headers of a failed message. The key is to look at the Authentication-Results header and compare the domains. You'll likely see something similar to the example below. Notice how the smtp.mailfrom (Return-Path) is a

Gmail address, while the header.from (the visible sender) is your custom domain.

Example of DMARC Failure in Email Headerstext

Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of cameron.herold@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=cameron.herold@gmail.com;
       dmarc=fail (p=QUARANTINE sp=NONE dis=QUARANTINE) header.from=cooalliance.com
Return-Path: <cameron.herold@gmail.com>
From: Cameron Herold <cameron@cooalliance.com>

This clearly shows that

Gmail passed SPF for its own domain, but then DMARC failed because cooalliance.com (the "From" domain) did not align with the authenticated gmail.com domain. You can also send the email to other providers, such as

Outlook.com, as their headers can sometimes offer more verbose error messages for DKIM failures or other authentication issues. For comprehensive troubleshooting, review our guide on how to troubleshoot DMARC failures.

Correcting Apple Mail SMTP settings

The simplest and most direct solution is to ensure your

Apple Mail client is correctly configured to use the

Google Workspace SMTP server associated with your custom domain, not a personal

Gmail SMTP server. Apple Mail, when encountering issues with the designated outbound server, sometimes defaults to another configured account, like a personal

Gmail account, which then causes the DMARC alignment failure.

Here’s how to check and correct your outgoing mail server settings in

Apple Mail: open Mail > Settings (or Preferences), go to the Accounts tab, select your custom domain account, and locate Outgoing Mail Server (SMTP). Ensure it's set to the correct

Google Workspace SMTP server for your domain, typically smtp.gmail.com, with the correct username and password for your

Workspace account.

Incorrect setup

SMTP server: Configured to a personal Gmail.com SMTP server (e.g., smtp.gmail.com) associated with a gmail.com email address.
Authentication mismatch: Emails are authenticated for Gmail, but the visible "From" address is your custom domain, causing a DMARC failure.

Correct setup

SMTP server: Ensure it's configured to the Google Workspace SMTP server for your custom domain, using your Workspace credentials.
Correct authentication: Emails are authenticated by Google Workspace for your custom domain, ensuring DMARC alignment and successful delivery.

Once you've adjusted the SMTP settings, send a test email to verify. You should observe that the Authentication-Results header now shows SPF and DKIM passing for your custom domain, and critically, DMARC also passing. This simple adjustment often resolves the issue entirely.

Maintaining email authentication and monitoring

Even after fixing this specific issue, ongoing monitoring of your email authentication is crucial for maintaining good email deliverability. DMARC, SPF, and DKIM are foundational to ensuring your emails reach their intended inboxes and avoid falling into the spam folder or being put on a blocklist (or blacklist).

Implement a DMARC policy that's appropriate for your sending volume and domain reputation. While p=none is a good starting point for gathering reports, aiming for p=quarantine or p=reject offers stronger protection against spoofing. Our guide on safely transitioning your DMARC policy can help you navigate this process.

Protocol	Purpose	Key for DMARC
SPF (Sender Policy Framework)	Authorizes mail servers that can send email on behalf of your domain.	Authenticates the Return-Path domain; must align with the From: header domain for DMARC compliance.
DKIM (DomainKeys Identified Mail)	Digitally signs outgoing emails, allowing recipients to verify that the message wasn't altered in transit and came from the claimed domain.	Authenticates the signing domain (d= tag); must align with the From: header domain for DMARC compliance.
DMARC (Domain-based Message Authentication, Reporting, and Conformance)	Tells receiving servers what to do with emails that fail SPF or DKIM authentication.	Requires alignment between the From: header domain and either the SPF or DKIM authenticated domain.

Regularly check your DMARC reports to identify any unexpected authentication failures or potential spoofing attempts. These reports provide invaluable insights into your email traffic and can help you quickly detect and address issues like these configuration mismatches. Tools like DMARC monitoring can automate this process, and you can delve deeper into understanding DMARC reports from Google and Yahoo to ensure deliverability.

Views from the trenches

Best practices

Always ensure your Apple Mail client is configured with the correct SMTP server for your specific email domain, especially for Google Workspace accounts.

Verify that your custom domain's SPF and DKIM records are correctly published and aligned to ensure DMARC passes consistently.

Regularly monitor your DMARC reports to catch any authentication failures or potential spoofing attempts early.

If using multiple email accounts in Apple Mail, double-check that the outgoing server is correctly selected for each sending identity.

Use strong DMARC policies (p=quarantine or p=reject) once confident in your authentication setup to enhance domain security.

Common pitfalls

Defaulting to a personal Gmail SMTP server when sending from a custom domain, causing DMARC alignment failures.

Not configuring DKIM for your Google Workspace domain, leading to authentication issues for messages sent via their servers.

Ignoring DMARC failure reports, which can hide underlying authentication problems or active spoofing of your domain.

Assuming email clients like Apple Mail will automatically choose the correct outbound server without explicit configuration.

Lack of consistent review of email headers to diagnose specific authentication failures and identify the root cause.

Expert tips

The specific issue is often Apple Mail incorrectly using a personal Gmail SMTP for a custom domain, leading to a DMARC failure.

Always verify that the outgoing SMTP server in Apple Mail matches the domain you are trying to send from.

Even if SPF passes for the SMTP server, DMARC will fail if the "From" domain doesn't align with SPF or DKIM.

If Apple Mail prompts to use an alternative SMTP server, ensure it's one authorized to send for your custom domain.

Setting up domain authentication correctly for Google Workspace is crucial for proper DMARC compliance when using Apple Mail.

Marketer view

Marketer from Email Geeks says: The outbound server for the account likely defaulted to a personal Gmail account. This can be fixed by simply changing the dropdown menu to the correct outbound account for the email address.

2025-01-20 - Email Geeks

Marketer view

Marketer from Email Geeks says: When sending mail from Gmail, but using a non-Gmail domain in the From header, DMARC interprets this as an unauthorized attempt.

2025-01-20 - Email Geeks

Ensuring email delivery from Apple Mail

Resolving DMARC failures when sending from

Apple Mail with a non-Gmail domain through

Gmail requires a clear understanding of email authentication and careful configuration. The primary culprit is often an incorrect outgoing SMTP server setting in your mail client, leading to a DMARC alignment failure. By ensuring that your Apple Mail client uses the appropriate

Google Workspace SMTP server for your custom domain, you can prevent these issues and significantly improve your email deliverability.

Beyond this specific fix, adopting a proactive approach to email authentication, including regular DMARC report analysis and consistent configuration practices, is key to maintaining a healthy sending reputation. This ensures your legitimate emails always reach their intended recipients, free from the disruptions caused by authentication failures or blocklisting (or blacklisting).