I thought I'd pass this along to others that run into this issue. The conditions are:

* You are using the Volusion "VSMTP" code to accept and relay email to a mailbox
* You are capturing the user's "from" address
* The address is from a DMARC restricted domain (yahoo.com, aol.com)
* You are using the "from" to send "as" the captured address

The short of it is, that if you "send as" someone's address at aol.com and yahoo.com, the email will not be delivered to your mailbox and will NDR back to the requester.

Here is my converstation with Volusion support:

ISSUE: Use use the VSMTP to send email from Volusion's ASP page into the Volusion mail system. We send this email "FROM" the customer's entered email address (e.g. bob@aol.com). Using the FROM address allows two things - first is that it is possible to reply directly to the email from our mail system without copying and pasting and secondly and more importantly, for emails send to Volusion CRM system, the "FROM" is required to match up to the address in the customer record or otherwise it is not possible to have the CRM ticket come in as the customer.

SOLUTION: Either Volusion needs to allow sending email "FROM" their emailsrvr.com server and ignore the DMARC requirements or allow customers to use the "REPLY-TO" header instead of the "FROM" header in SMTP.

REQUESTED INFORMATION: I do not see any documented method of sending email via VSMTP using Volusion. Can you provide me details on how I can use the REPLY-TO SMTP header to send email via VSMTP?

Here is a NDR back to a customer for which the email was sent FROM the email address customer@yahoo.com:

> The mail system
>
> <sales@volusionsite.com>:
> host mx1.emailsrvr.com[173.203.187.1] said: 550 5.7.1
> Email rejected per DMARC policy for yahoo.com
> (G15) (in reply to end of
> DATA command)
>


--------------------------------------
After investigating this issue, it appears that this may be related to a recent update enacted by Yahoo & AOL regarding their DMARC Policies. As of now, all DMARC compliant mail receivers (including Yahoo, Hotmail, and Gmail) are now bouncing emails sent as Yahoo email addresses, if that email was not in fact sent through Yahoo mail servers.

A possible solution for this, may be to add the Yahoo Email Host Name to the SPF (TXT) Mail Record in the Manage DNS section of your My Volusion account. In order for us to try this, we will need your express permission to alter the current SPF Record (seen below), in order to add the Yahoo mail server. If you are comfortable with editing the DNS records yourself, then you may also navigate to Manage DNS and add an include for the Yahoo Mail Host Name to the SPF Record. Within 1 - 2 hours, that record should propagate, and you should be able to run a test with a yahoo email account.

The SPF Record looks as follows:

"v=spf1 ip4:73.76.5.0/24 ip4:99.45.202.0/24 include:comcast.net include:emailsrvr.com include:smtp5.volusion.com ~all"

From my research, the Yahoo Mail Host Name should be [smtp.mail.yahoo.com]. With that, the correct SPF Record should look like this:

"v=spf1 ip4:73.76.5.0/24 ip4:99.45.202.0/24 include:smtp.mail.yahoo.com include:comcast.net include:emailsrvr.com include:smtp5.volusion.com ~all"


NOTE: SPF records should *include* the quotations when entered into the system. Please verify with yahoo if that Mail Host Name is correct, and let us know if you'd like us to enter this record into your DNS Records.

If you have any further questions or concerns in the meantime, please don't hesitate to contact us again.


-------------------------------------------

For reference, here is a typical SMTP header for a successful relay from VSMTP:

Received: from rd1.dynip.com (204.225.44.16) by SERVER.domain.net
(192.168.1.202) with Microsoft SMTP Server id 14.3.319.2; Sat, 5 Nov 2016
08:12:05 -0500
Received: (qmail 56306 invoked from network); 5 Nov 2016 13:12:05 -0000

Received: from gate.forward.smtp.ord1c.emailsrvr.com (108.166.43.128) by
rd1.dynip.com with SMTP; 5 Nov 2016 13:12:05 -0000
Return-Path: <customer@customer.gov>
X-Spam-Exception: WHITELISTED
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-MessageSniffer-Scan-Result: 0
X-MessageSniffer-Rules: 0-0-0-2220-c
X-CMAE-Scan-Result: 0
X-CNFS-Analysis: v=2.2 cv=WIM9ZTkR c=1 sm=1 tr=0 a=WE9HwkjOM2WyZd2LMgZbkw==:117 a=WE9HwkjOM2WyZd2LMgZbkw==:17 a=kj9zAlcOel0A:10 a=L24OOQBejmoA:10 a=dt23Gv2Xl10Ch7-CDJ8A:9 a=CjuIK1q_8ugA:10 a=Yx78NBEyIjgA:10 a=GhUQPsB9rdMA:10
X-Orig-To: sales@volusionstore.com
X-Originating-Ip: [209.216.97.10]
Authentication-Results: smtp54.gate.ord1c.rsapps.net; iprev=pass policy.iprev="209.216.97.10"; spf=fail smtp.mailfrom="customer@customer.gov" smtp.helo="smtp5.volusion.net"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=customer.gov
X-Classification-ID: 6ef85392-a359-11e6-b275-b8ca3a5bca5c-1-1

Received: from [209.216.97.10] ([209.216.97.10:17890] helo=smtp5.volusion.net)
by smtp54.gate.ord1c.rsapps.net (envelope-from
<customer@customer.gov>) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with
ESMTP id A5/54-18243-F9ADD185; Sat, 05 Nov 2016 09:11:59 -0400

Message-ID: <A5.54.18243.F9ADD185@smtp54.gate.ord1c.rsapps.net >
MIME-Version: 1.0
From: <customer@customer.gov>
To: <sales@volusionstore.com>
Date: Sat, 5 Nov 2016 06:11:59 -0700
Subject: Order Question: OLD | ORDERCORRECTION | 27223
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MS-Exchange-Organization-AuthSource: SERVER.domain.net
X-MS-Exchange-Organization-AuthAs: Anonymous


I think there is a fundamental mis-understanding on how SPF records work. First is that the host rejecting the email is mx1.emailsrvr.com. So, why does this matter? Here is the process:

1 - Email is submitted via VSMTP with the FROM in the header as "something@yahoo.com". That email goes through Volusions internal SMTP system (ecelerity and smtp5.volusion.net)
2 - Email then is forwarded to gate.forward.smtp.ord1c.emailsrvr.com by Volusion's servers.
3 - The servers at "emailsrvr.com" then evaluate the FROM address for "yahoo.com" using SPF records which look like:
v=spf1 ptr:yahoo.com ptr:yahoo.net ?all
4 - emailsrvr.com's system then determines that volusion is not a valid "sender" as they are not hosts "yahoo.net", so emailsrvr.com then rejects the email with the following NDR:

host mx1.emailsrvr.com[173.203.187.1] said: 550 5.7.1 mail rejected per DMARC policy for yahoo.com (G15) (in reply to end of DATA command)

So, it won't matter that my host name (volusionstore.com) is in the TO field because the only thing that the server is looking at is FROM in the header and whoever is sending email for the domain yahoo.com has to be in the SPF record for that domain, which volusion is of course, not in.

So, there is NO method that is proper to send email "from" any domain other than what you own (and can put in SPF records for). Of course, there is no way we can modify yahoo's SPT records to allow emailsrvr.com to send email "as" yahoo.com.

The solution here is not to try adjusting SPF records, which will do nothing. The solution is to allow volusion people to use the REPLY-TO in-addition or instead of the FROM header field. If that is possible now, I just need to know what the method is to invoke this because currently we use the following for the "FROM" header:

&FromEmailAddress

So, it looks like this currently:

Set HTTPRequest = CreateObject("WinHTTP.WinHTTPRequest.5.1")
HTTPRequest.Open "POST", "http://" & Request.ServerVariables("LOCAL_ADDR") & "/vsmtp.asp", False
HTTPRequest.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
HTTPRequest.SetRequestHeader "Host", Request.ServerVariables("SERVER_NAME")
HTTPRequest.Send _
"VsmtpKey=" & vsmtpKey &_
"&Subject=" & Server.URLEncode(subject) &_
"&FromEmailAddress=" & email_from &_
"&ToEmailAddress=" & email_to &_
"&Body_TextOnly=" & Server.URLEncode(strMsg)
Set HTTPRequest = Nothing

I simply need to know what the "REPLY-TO" header method is instead of the "FromEmailAddress" header (which is actually FROM in SMTP).

-------------------------------------------------

Thank you for your clarification in your last reply.

I did some checking to see if our system's emailform.asp page (the page that processes those email submissions) was coded to look for and use the REPLY-TO field you discussed. When I did not see any signs of it there, I also experimented in my own test store to see if using a field with a similar name in the contact form's HTML might get caught by code I am simply not able to see. (ie name="email_Reply_To", name="email_Reply-To", etc). I am afraid that our documentation does not mention any support of this field, nor did my experiments turn up a field that was just not mentioned in docs or the code I can see.

At the time, I am afraid that you will not be able to use Reply-To with our email contact form. Your idea, however, is a very good one and it might be useful to other merchants as well. We have a suggestion site at https://volusion.uservoice.com where you could suggest to our developers to open up fields like this for merchant use. While we in Technical Support cannot code or influence that change, I do hope the Uservoice tool will help your feature request become a reality in our system.

------------------------------------------

So the jist is, that you can't use Volusion's own VSMTP to send tickets into CRM or send "as" a customer in a DMARC compliant method.