Issue Summary

When we have to bounce a customer’s incoming email, we send them a notification letting them know the reason for the bounce. Currently these bounce emails from bounce@atlassian.net are failing DMARC, therefore customers are unable to receive them or treat them as a trusted email.

Steps to Reproduce

1. Send any email to "jira@thistenantdoesnotexistinatlasisan.atlassian.net" You should receive a bounce email indicating that the mailbox doesn’t exist.
2. The bounce email will have from address "bounce@atlassian.net". This is a verified domain (with DKIM) in the region’s we support inbound.
3. You may have to check your spam folder because the DMARC policy for atlassian.net is set to quarantine.
4. Inspect the headers of the bounce email.
5. Notice that there’s no DKIM signing, and we can’t get an aligned SPF result. As a result, DMARC fails.

Expected Results

The bounce emails shouldn't fail DMARC.

Actual Results

DMARC is failing with the following details:

dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=atlassian.net (policy=quarantine); spf=pass

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available