I use GoDaddy which gives me up to 100 email aliases for my domain. We never send email with these forwarding aliases, just receive email and forward them to another email address.
For example president@ourgroup.org forwards emails to our organization’s president at bob@gmail.com. If Bob wants to reply to these emails, he’ll use his bob@gmail.com account.
I recently got an email from someone telling me that the DMARC record isn’t set, and he can spoof an email as if it’s coming from president@ourgroup.org. That can be a security issue.
The problem is that we never use the ourgroup.org domain to actually send out emails. What happens if I setup a DMARC record? Will our forwarding fail if the forwarded address checks for the DMARC record?
If not, I’ll just create a bogus DMARC record. They’ll prevent someone from spoofing as if emails are coming from our domain.