Why don’t most ESP forwarders use SRS?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Because SRS solves an SPF-specific problem in a world that has mostly moved on from relying on SPF alone.
SRS was built to fix SPF failures during forwarding by rewriting the envelope sender (Return-Path) to use the forwarder's domain. That's a real fix for SPF. But it only helps SPF. It doesn't touch DKIM alignment, which is what most mailbox providers now treat as the more reliable authentication signal. DKIM survives simple forwarding on its own, as long as nothing modifies the message. For the cases where DKIM breaks (mailing lists, message modification), ARC is the more complete answer.
So the calculation for ESP forwarders works out like this: implement SRS, a complex address rewriting scheme that only fixes SPF, or rely on DKIM alignment (which handles forwarding better) and push for ARC support. Most chose the latter. The implementation cost of SRS isn't trivial, and the benefit it provides is narrow.
There's also a bounce handling complexity. SRS-rewritten addresses have to be decoded when bounces come back. Getting that right adds operational overhead that most forwarding services decided wasn't worth it.
If your DMARC reports are showing forwarding-related authentication failures, DKIM alignment is almost always the right place to look first. Our free DKIM record lookup can confirm your key is published and valid.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.