It’s crucial to recognize that DomainKeys Identified Mail (DKIM) is an advised security measure that ought to be activated in Google Workspace for your domain. For step-by-step guidance on activating DKIM in Google Workspace, please refer to my articles on ‘Google Workspace (G suite) - Enabling DKIM.’
The Problem
Google Calendar invite and other Google applications are not capable of send emails that are DMARC compliant using SPF. There is also a known issue were receivers who interact with Google's email body invite links, as Google spoofs the invitee's domain to generate a notification. If the recipient's domain has a DMARC policy set to Reject will result in a bounce back message to be sent to the recipient, which can be confusing for everyone.
Depending on where you’re viewing an invitation, there are two ways to accept it. You can use the ‘Yes, Maybe, No’ options at the bottom of the message; these are Google links.
Interacting with Google links will update the organizer’s calendar and generate an email notification sent by a Google server that spoofs the domain of the invitee. In this case, your domain. Since your domain is protected with DMARC, Google does not technically have permission to send on your behalf, and the email notification delivery fails.
These headers demonstrate how the From: header domain is outlook.com, while the SPF and DKIM identifier belong to the organizational domain google.com. In some instances, a bounce may be received if the invitee domain is using a DMARC policy of reject. This can confuse the average user and even email administrators unaware of this behavior.
The Solution
To work around this issue, utilize the features of your email application to engage with the invitation while disregarding the Google links.
The following example was acquired from Microsoft Office:
The Problem
Google Calendar invite and other Google applications are not capable of send emails that are DMARC compliant using SPF. There is also a known issue were receivers who interact with Google's email body invite links, as Google spoofs the invitee's domain to generate a notification. If the recipient's domain has a DMARC policy set to Reject will result in a bounce back message to be sent to the recipient, which can be confusing for everyone.
Depending on where you’re viewing an invitation, there are two ways to accept it. You can use the ‘Yes, Maybe, No’ options at the bottom of the message; these are Google links.
Interacting with Google links will update the organizer’s calendar and generate an email notification sent by a Google server that spoofs the domain of the invitee. In this case, your domain. Since your domain is protected with DMARC, Google does not technically have permission to send on your behalf, and the email notification delivery fails.
These headers demonstrate how the From: header domain is outlook.com, while the SPF and DKIM identifier belong to the organizational domain google.com. In some instances, a bounce may be received if the invitee domain is using a DMARC policy of reject. This can confuse the average user and even email administrators unaware of this behavior.
The Solution
To work around this issue, utilize the features of your email application to engage with the invitation while disregarding the Google links.
The following example was acquired from Microsoft Office: