Why does Gmail show 'via' even when DMARC passes?

Key findings

• Relaxed alignment: DMARC relaxed alignment (often denoted as adkim=r or aspf=r) allows subdomains to align with the organizational domain. For example, mail.example.com can align with example.com. However, Gmail's display of 'via' can still occur if there's a difference in subdomains, even if technically aligned under DMARC.
• DKIM's role: The 'via' message in Gmail is strongly linked to DKIM. If the d= (DKIM signing domain) does not exactly match the From: header domain, Gmail may add the 'via' tag, even if DMARC passes due to relaxed alignment or SPF.
• Sender header: The presence and domain of the Sender header can also influence Gmail's display. If the Sender domain differs from the From: domain, it can trigger the 'via' tag, indicating the actual sending agent or platform.
• Gmail-specific behavior: There are instances where Gmail might show the 'via' tag even for messages that appear to be fully aligned and authenticated. This could sometimes be a bug or an ongoing update to Gmail's user interface and authentication display logic. Always keep an eye on Google Postmaster Tools for insights into how Google perceives your sending.

Key considerations

• Subdomain alignment: Even with relaxed DMARC alignment, Google may prefer a more direct match. Ideally, the From: domain should precisely match the DKIM d= domain to avoid the 'via' tag. Consider sending from a subdomain that is directly covered by your DKIM signature.
• Sender header implications: Review whether your Email Service Provider (ESP) or sending platform is adding a Sender header that differs from your From: domain. This can be a common reason for the 'via' display. Some platforms allow you to remove or modify this header.
• Consistent branding: For the best sender experience and brand consistency, aim for exact domain alignment across your From: address, DKIM d= tag, and any Sender headers. This ensures Gmail displays your email without additional qualifying information like 'via'.
• Monitor and test: Regularly check how your emails appear in various mailbox providers, especially Gmail. Send test emails to different Gmail accounts and inspect the displayed sender information to ensure it meets your expectations for branding and deliverability. Tools that provide an email authentication check can be very useful.

Key opinions

• Subdomain misalignment: Many marketers believe the 'via' occurs when the subdomain in the From: address is different from the subdomain used in the DKIM d= tag, even if both share the same root domain and DMARC passes. This is a common point of confusion.
• DKIM's primary influence: There is a strong sentiment that the 'via' display is more closely related to DKIM authentication than DMARC itself. If DKIM alignment isn't exact (strict), Gmail may add the 'via' tag.
• Sender header impact: Several marketers have observed that the Sender header, often inserted by ESPs, can be a direct cause of the 'via' tag. When the Sender domain differs from the From: domain, Gmail highlights the actual sending party.
• Gmail's rendering: Many marketers consider this to be a specific rendering choice or a potential bug on Gmail's part, as other mailbox providers might not display such a 'via' for similarly configured emails.

Key considerations

• Exact domain matching: To remove the 'via' tag, marketers should strive for exact domain alignment between the From: address and the DKIM signing domain. This often means sending from the same subdomain that is used for DKIM authentication.
• ESP configuration: Investigate your ESP's settings. Some allow greater control over DKIM signing domains or the inclusion/exclusion of the Sender header. Adjusting these can help eliminate the 'via' tag. Understanding why DMARC fails with Sendgrid can provide valuable context.
• Consistency is key: Even if DMARC passes with relaxed alignment, aiming for strict alignment in practice (where possible) can often lead to a cleaner display in Gmail and other stringent mailbox providers.
• Regular testing: Marketers should consistently test their email appearance in various inboxes, especially Gmail, to catch any unexpected display issues like the 'via' tag and adjust sending practices accordingly. This continuous monitoring is vital for maintaining a strong sender reputation.

Key opinions

• Potential Gmail bug: Some experts propose that the 'via' display for otherwise perfectly aligned and authenticated messages could be a temporary bug or an undergoing change in Gmail's user interface code base. This suggests it might not always be a configuration error on the sender's part.
• DMARC relaxed alignment nuances: While DMARC relaxed alignment means subdomains of the same organizational domain are considered aligned, experts highlight that Gmail's internal display logic might have a stricter interpretation, leading to 'via' if the From: and DKIM d= domains aren't an exact match, even if they're cousins (subdomains of the same parent domain).
• Sender header as a trigger: A key opinion among experts is that the Sender header is often the root cause of the 'via' tag. When this header's domain differs from the From: domain, Gmail highlights the actual sending agent, regardless of DMARC pass/fail. This is a common setup for ESPs.
• DKIM over DMARC for 'via': Some experts posit that the 'via' is primarily DKIM-related rather than directly DMARC-related. This means that even if DMARC passes (possibly via SPF alignment), a slight DKIM domain mismatch (e.g., d= and From: being different subdomains) can trigger the 'via' display.

Key considerations

• Review DKIM alignment: Experts recommend ensuring your DKIM d= domain matches your From: header domain as closely as possible. Ideally, they should be identical. If you're using an ESP, configure it to sign with your sending domain's DKIM. This helps avoid DKIM failing for Microsoft as well.
• Inspect Sender header: Check if your sending platform is inserting a Sender header that conflicts with your branding. If the Sender header contains a domain different from your From:, this is a strong candidate for triggering the 'via' tag.
• Test systematically: To pinpoint the exact cause, systematically test different combinations of From: domains and DKIM d= domains. This empirical approach can help clarify Gmail's behavior for your specific setup.
• Stay updated: Given that Gmail's algorithms and display rules can change, experts advise staying informed about any updates to email authentication standards or Gmail's specific guidelines to ensure ongoing optimal display. Keeping up with Gmail's blocking reasons can be helpful.

Key findings

• DMARC alignment: The DMARC standard (RFC 7489) defines two types of alignment: strict (exact match) and relaxed (organizational domain match). Even with relaxed alignment, if the From: domain and the authenticated domain are different subdomains, some receivers might still opt for a more granular display, such as the 'via' tag.
• DKIM signing domain: According to DKIM (RFC 6376), the d= tag in the DKIM signature specifies the domain responsible for signing the email. If this domain is not an exact match to the From: header domain, even if they are related subdomains, it can trigger transparency features in email clients.
• Sender header standard: RFC 5322 (Internet Message Format) defines the Sender header as an optional field that specifies the mailbox agent responsible for sending the message when it differs from the From: header. Mailbox providers, including Gmail, often use this header to display the intermediary sender via a 'via' tag.
• Interpreting authentication: While DMARC reports (RFC 7489) indicate pass/fail status and alignment, they don't dictate how a Mail User Agent (MUA) should display the sender. Gmail's display decisions are based on a combination of authentication results, header information, and its own user experience goals, often aiming to provide transparency about the actual sender or sending path. This helps address issues like those where emails from third-party vendors fail DMARC for display reasons.

Key considerations

• Strict alignment preference: Although relaxed alignment passes DMARC, a stricter alignment (where From: domain directly matches DKIM d= or SPF Return-Path) is more likely to result in a clean display in Gmail, free of the 'via' tag. This aligns with Gmail's emphasis on strong authentication.
• DMARC policy for transparency: Even with a p=none DMARC policy, which instructs receivers not to take action on failing emails, the authentication results still provide information used by MUAs for display purposes. The 'via' tag serves as a transparency mechanism. Review simple DMARC examples for more context.
• Header review: Senders should perform a thorough analysis of their email headers to understand how various fields, especially From:, Sender, and DKIM d=, interact. This technical scrutiny helps in diagnosing and resolving the root cause of the 'via' display. Our guide on what RFC 5322 says vs. what actually works is relevant here.
• User experience focus: Documentation often highlights that the end goal of email authentication is to build user trust. Email clients like Gmail prioritize transparency, and the 'via' tag, while potentially undesirable for marketers, serves to inform the recipient about the actual sender or sending infrastructure.