Summary
Forwarding emails originating from Gmail through Salesforce Marketing Cloud (SFMC) poses a risk of Gmail impersonation if not carefully managed. The core issue is the potential disruption of email authentication protocols like SPF, DKIM, and DMARC. When an email is forwarded, SFMC might lack authorization to send on behalf of the original Gmail domain, leading to authentication failures. This can result in emails being flagged as spam, rejected, or triggering spoofing alerts. Proper configuration of SFMC's Sender Authentication Package (SAP), adherence to Gmail's sending policies, and awareness of Gmail's sending limits are crucial to avoid these issues. Additionally, internal systems that perform DMARC checks could flag forwarded emails as failures, further complicating deliverability.
Key findings
- DMARC Failure Risk: Forwarding often breaks DMARC authentication because SFMC is not authorized to send on behalf of the Gmail domain, resulting in potential deliverability problems.
- SPF/DKIM Configuration Issues: Improperly configured SPF and DKIM records can lead to emails being marked as impersonation attempts, damaging sender reputation.
- Gmail Sending Limits: Sending large volumes of emails originating from Gmail through SFMC can violate Gmail's sending limits, affecting deliverability.
- Spoofing Potential: If not configured correctly, forwarding can inadvertently trigger email spoofing alerts, impacting email trustworthiness.
- Importance of Authentication: Email authentication is key to ensure deliverability; forwarding from a Gmail account through SFMC could lead to issues if the forwarding setup breaks the authentication chain.
Key considerations
- SAP Configuration: Carefully configure Salesforce Marketing Cloud's Sender Authentication Package (SAP) to properly handle forwarding and maintain authentication integrity.
- DMARC Compliance: Ensure that forwarding mechanisms do not violate DMARC policies to avoid legitimate emails being rejected or flagged as spam.
- SPF Record Management: Configure SPF records to accurately reflect authorized sending sources, including SFMC, to prevent sender address forgery.
- Gmail Sending Policy Adherence: Adhere strictly to Gmail's sending policies and guidelines when forwarding to avoid being flagged as spam or impersonation.
- Internal DMARC Checks: Ensure that internal systems are not performing DMARC checks that might flag forwarded emails as authentication failures.
What email marketers say
10 marketer opinions
Forwarding emails originating from Gmail through Salesforce Marketing Cloud (SFMC) can be considered Gmail impersonation if not handled correctly. The primary concern revolves around email authentication protocols such as SPF, DKIM, and DMARC. When an email is forwarded, it may fail these authentication checks because the forwarding server (SFMC) is not authorized to send emails on behalf of the original Gmail sender. This can lead to deliverability issues, with emails being flagged as spam or rejected. Improper configuration and failure to adhere to Gmail's sending policies can exacerbate these problems.
Key opinions
- DMARC Failure: DMARC policies can cause forwarded emails to fail authentication checks, leading to deliverability issues.
- SPF/DKIM Issues: Incorrectly configured SPF and DKIM records can result in emails being flagged as impersonation attempts.
- Gmail Limits: Sending large volumes of emails originating from Gmail through other systems can violate Gmail's sending limits.
- Spoofing Risk: Forwarding without proper authentication may trigger email spoofing alerts.
Key considerations
- Authentication Setup: Ensure proper SPF, DKIM, and DMARC authentication is in place for both Gmail and SFMC.
- DMARC Handling: Verify that SFMC properly handles DMARC checks for forwarded emails to prevent failures.
- Policy Compliance: Adhere to Gmail's sending policies to avoid being flagged as spam or impersonation.
- Internal Checks: Check that internal systems aren't running DMARC checks, which would flag forwarded emails as failures.
- Volume Awareness: Be aware of Gmail sending limits if you are sending large volumes of emails that originate from Gmail.
Marketer view
Email marketer from Reddit shares that DMARC (Domain-based Message Authentication, Reporting & Conformance) policies can cause forwarded emails to fail authentication checks, potentially leading to deliverability issues or being marked as spam. Forwarding from Gmail could be problematic if the forwarding service doesn't properly handle DMARC.
3 Nov 2022 - Reddit
Marketer view
Email marketer from Litmus explains that email authentication is key to ensure deliverability. Forwarding from a Gmail account through SFMC could lead to issues if the forwarding setup breaks the authentication chain, potentially being seen as impersonation.
1 Apr 2022 - Litmus
What the experts say
3 expert opinions
Forwarding emails originating from Gmail through Salesforce Marketing Cloud (SFMC) can lead to Gmail impersonation if not handled correctly. A core issue is that forwarding can break DMARC authentication, as the forwarding server (SFMC) typically lacks authorization to send emails on behalf of the original Gmail domain. This can cause authentication failures, leading to emails being rejected or treated as spam. If the 'From:' header shows a @gmail.com address, and you're not sending directly through Gmail, you're potentially impersonating Gmail.
Key opinions
- DMARC Failure: Forwarding can break DMARC authentication because SFMC isn't authorized to send on behalf of the Gmail domain.
- Impersonation via From Header: If the recipient sees a @gmail.com address in the From: header and the email isn't sent via Gmail, it's impersonation.
- Authentication Issues: Forwarding problems arise when the forwarder lacks the authority to send emails that originate from gmail.com, leading to authentication failures.
Key considerations
- Authentication Configuration: Ensure proper authentication settings (SPF, DKIM, DMARC) are correctly configured on SFMC to handle forwarded emails.
- From Header Review: Carefully examine the 'From:' header to avoid displaying a @gmail.com address if the email isn't being sent through Gmail's servers.
- Authorization Verification: Verify that the forwarding system (SFMC) is properly authorized to send emails on behalf of the original sender's domain to prevent authentication failures.
Expert view
Expert from Email Geeks explains that if the recipient receives an email and the address in the From: header ends with @gmail.com then you are impersonating Gmail, and you need to stop doing that.
12 Jun 2023 - Email Geeks
Expert view
Expert from Spam Resource explains that forwarding can have problems as the forwarder might not have the authority to send emails that originate from gmail.com. This causes authentication failures and can be flagged as spam or impersonation attempts.
13 Dec 2024 - Spam Resource
What the documentation says
5 technical articles
Forwarding emails from Gmail through Salesforce Marketing Cloud (SFMC) raises concerns about potential Gmail impersonation. While Gmail's settings manage copy retention, they don't address impersonation. SFMC utilizes Sender Authentication Package (SAP) for deliverability via SPF, DKIM, and DMARC, necessitating specific configurations to prevent flagging as impersonation. DMARC, designed to prevent spoofing, can be compromised by forwarding, potentially rejecting legitimate emails if not handled correctly. Proper SPF configuration, which prevents sender address forgery, is crucial for SFMC. Microsoft's SPF guidance, though not directly related, offers insights on authentication during forwarding.
Key findings
- DMARC Interference: Forwarding mechanisms can interfere with DMARC checks, causing legitimate emails to be rejected or flagged.
- SPF Configuration is Key: Proper SPF configuration is crucial to prevent sender address forgery when forwarding through SFMC.
- SFMC Requires Specific Configuration: SFMC needs specific configurations to manage SPF, DKIM, and DMARC to prevent emails from being flagged as impersonation.
Key considerations
- DMARC Compliance: Ensure forwarding mechanisms do not violate DMARC policies to avoid deliverability issues.
- SAP Configuration: Carefully configure SFMC's SAP settings to properly handle forwarding and maintain authentication.
- Authentication Protocol Implementation: Implement SPF and other authentication protocols meticulously to prevent emails from being flagged as impersonation.
Technical article
Documentation from Salesforce explains that Salesforce Marketing Cloud uses Sender Authentication Package (SAP) to manage email deliverability, including SPF, DKIM, and DMARC. Forwarding emails through SFMC might require specific configurations to ensure proper authentication and prevent being flagged as impersonation.
27 Apr 2025 - Salesforce Help
Technical article
Documentation from DMARC.org explains that DMARC policies are designed to prevent email spoofing and phishing. Forwarding mechanisms can interfere with DMARC checks, potentially causing legitimate emails to be rejected or flagged. Proper handling is needed to avoid these issues.
20 Nov 2021 - DMARC.org
Can a domain with poor reputation negatively affect other domains in Google Workspace?
Can changing the sender name impact email deliverability?
Can the sender name impact email delivery to spam in Hotmail/Outlook?
Does the sender name matching the email impact email deliverability?
How can I avoid Gmail security warnings on emails?
How do I ensure email deliverability with different return-path addresses and subdomains?
