We have a classified ads website. Buyers can contact sellers. The message is directly generated on the site (php7) and sent to the user by email.
If we follow the recommandations from openspf, we have these 2 solutions:
Solution 1
Return-path: service@my-classified-ads-website.com
Sender: service@my-classified-ads-website.com
From: buyer@hotmail.com
Subject: I am interessted
To: seller@gmail.com
Solution 2
Return-Path: service@my-classified-ads-website.com
From: service@my-classified-ads-website.com
Reply-To: buyer@hotmail.com
Subject: I am interessted
To: seller@gmail.com
These work okish with spf but:
Solution 1 is simply rejected by domains having a strict DMARC policy (p=reject
), for exemple yahoo.com:
v=DMARC1; p=reject; pct=100; rua=mailto:dmarc_y_rua@yahoo.com;
Solution 2 is less and less working. When replying many mobile phones (Chinese brands) and email clients do not consider Reply-To
but only From
. Also, for exemple Gmail displays an enormeous warning message which scares users.
Be careful with this message
This email claims to come from my-classified-ads-website.com, but replies will go
to an email address at another domain. Avoid replying to this email
unless you reach out to the sender by other means to ensure that
this email address is legitimate.
Is there a solution?
(We would like to avoid a solution like craigslist or obliging users to use an internal message solution a-la-facebook).