Emails from JSD that was sent out using domain other than atlassian.net is rejected by DMARC.
Both SPF and DKIM checks are performed against the atlassian.net domain. So as far as DMARC is concerned no relevant validation has taken place for the domain and therefore got rejected.
Update : Upon further investigation it looks like DMARC is not compatible with the custom email address setting in Jira Cloud. DMARC explicitly check that the domain in the From: header matches those that pass in the DKIM-Signature: header.
This is further corroborated by this FAQ entry on the dmarc.org website. At this time there is no option to control the Reply-To: header in Jira Cloud. This option need to be added to in the Jira product and is raised with this feature request.
The following workaround is suggested for affected instance with this limitation.
- Whitelist IP range from this https://confluence.atlassian.com/cloud/atlassian-cloud-ip-ranges-and-domains-744721662.html
- Use From: address the default <user>@<instance>.atlassian.net email address