All,

I am having an issue where email being sent by a third party vendor is automatically being quarantined. We have white listed all domains and IP's, but the problem persists. I worked with google support and they stated that the security quarantine spoofing rules are causing the failure. Looking at the headers I see an amended version of this, coming from the 3rd party: 

dkim=pass header.i=@3rdpartyvendor.com header.s=pic header.b=m4Moig+l;
spf=pass (google.com: domain of bounce+65eb58.85e784c-2032.endusername=mydomain@3rdpartyvendordomain designates 1.1.1.1 as permitted sender) smtp.mailfrom="bounce+65eb58.85e784c-2032.endusername=mydomain@3rdpartyvendordomain

"Return-Path: <bounce+65eb58.85e784c-2032.endusername=mydomain@3rdpartyvendordomain. 

Google support is stating that regardless of whitelisting and adding the 3rd party domain to all lists, that the spoofing security takes place after the mail has been delivered. The problem is that the 3rd party company is an application that handles communication for teachers, parents, and students for a school system. So basically all learning applications communications between these parties are being quarantined causing endless touches and constant allow exceptions. 

Unfortunately the sys admin is no longer with us and I am the network admin, so a bit out of my element. I do not want to disable the spoofing security check, as that simply allows all "real" spoofing, at the same time I don't want to use the "send to inbox with an alert" option as that just teaches all the customers and staff to start ignoring security alerts.

I have reached out to the 3rd party company to see why they are injecting our end users email and our domain in their return-path, but as I am ignorant on email, maybe this is completely normal for companies. 

Assuming the 3rd party comes back and states that "this is just how we do it", is there anyway on my end, other than disable or send the messages with a warning, to allow these messages to go through?