Is DMARC the end of email forwarding?
I asked Mailgun support about this problem and was not given any helpful answers. However, the solution is actually in their documentation:
Note If you forward messages to another email address, then you should disable click tracking, open tracking and unsubscribes, by editing your domain settings in the Control Panel. If these features are enabled, the content of each message is modified by Mailgun before forwarding, which invalidates the DKIM signature. If the message comes from a domain publishing a DMARC policy (like Yahoo! Mail), the message will be rejected as spam by the forwarding destination.
https://documentation.mailgun.com/en/latest/user_manual.html#routes
So, I turned off all of those features on my main domain which I use to receive mail and that solved the DMARC bouncing. If you want to use any of those features, you will need to setup a sub-domain for outgoing mail.
I think the problem you are coming accross is not the forwarding, but the DKIM alignment. Yes, SPF will Fail, but DKIM should Pass, but the DKIM Alignment might not pass. DMARC requires alignment to be strict or relaxed, based on your policy. You can read up more on alignments here: Identifier Alignments
There are testing tools like sending an email to [email protected]
that will show the alignment on the results, but it's a paid feature.
Since this is a problem, there is a new specification in the works called "ARC" the intent of this is to solve this very problem, you can read about that here: ARC Spec
As mentioned above, the issue is that upon sending an email somedomain.com stamps the email with a DKIM (a unique hash of the email's content). When Mailgun forwards the message to Gmail, it inserts it's open/click/unsubscribe modifications which then invalidates the DKIM hash.
Because somedomain.com DMARC says "reject anything that has had the DKIM invalidated" Gmail or other services reject the email.
The workaround I found was to to use a native mailbox solution. WhoIs comes with one which is easy to setup for example: https://manage.whois.com/kb/servlet/KBServlet/faq579.html
Afterwards I simply added the POP mailbox in Settings of Gmail. (As of Gmail December 24, 2017). I was able to re-enable Open and Click tracking and now everything works and I happily get my mails in Gmail still.
As a bonus, we use the email as a shared inbox so now everyone can see the sent emails in their inbox instead of just the forwarded responses.
[Edit] After doing this I realized I was now only getting my emails in the native mailbox solution but no longer in Mailgun where I also needed them.
To work around this, I added MX records to point to mxa.mailgun.org using a subdomain, so mg.exampledomain.com
Then I used a forwarding rule in WhoIs to send all emails that are delivered to [email protected] to also be delivered to [email protected]. Now I get the messages in Mailgun and am still able to see it in Gmail through the POP mailbox.