Allow me to start by explaining I'm not a BT customer but rather I am a Virgin Media customer. I am active on Virgin Media's Forums - mainly helping people with email. The reason I'm here is because I'm trying to help one of their users who is having difficulty receiving mail sent from btinternet.com
The person in question has his own domain, but he does not host his emails on their own server.
Rather - he has email forwarding set up where the mail arrives at servers owned by the registrar and is then forwarded immediately to his Virgin Media email address.
He's reported that he receives an error message when friends reply to his emails:
Now while the error comes from Virgin Media's email systems, they come in an apparent response to BT's DMARC policy.
Now I know that BT are instituting a p=reject policy. However I have to ask is do you use DKIM to authenticate your outgoing mail?
If not then these errors will be common.
DMARC and SPF alone is a bad combination to use a p=reject policy, precisely because of setups where people forward their mail to a third party server. This causes SPF validation to fail. DKIM on the other hand survives this kind of forwarding (in most cases)
While there used to be a workaround for the problem with SPF and this was even proposed as an IETF standard (which never got past the draft stage) - the DMARC mechanisms mean that even where forwarders have implemented the solution SPF validation will still fail as DMARC requires that the Sender and Authors address be aligned.
Now I hope I'm wrong in my assumption, but is anyone able to confirm whether or not BT sign their outgoing btinternet.com mails using DKIM?
More clarification on this issue can be found by reading the thead on the Virgin Media Community here