Are you sending Google Calendar invites and not getting replies, or maybe your invitees tell you they tried to reply and it was blocked? Or maybe you are trying reply to Google Calendar invites and being blocked saying the mail is not accepted due to your domain’s DMARC policy?
This is an issue I have been seeing, so I did some digging and I have figured out what is going on. Before I get to the cause, let’s look at a little background on Google Calendar invites.
When a Google Calendar invite arrives, you will usually see options within the message space to send your reply – Yes, Maybe or No. You may also see response buttons that are “out-of-band” – which is a fancy way of saying outside the area that contains the actual mail content. This is added by the mail client you are using to view the message.
For example, this is an invitation from a Google Calendar in a yahoo.com mailbox. There’s a green box around the reply options that are added out-of-band by Yahoo outside the message and a red box around the reply options that Google added when the invite was sent.
While you might expect that these would generally function the same way, there is a very important difference that has an effect on domains that are protected by a DMARC reject policy.
If I use the out-of-band response buttons, then Yahoo! generates and sends a response to Google to accept/reject the calendar invite. If I use the Google response options in the body of the invitation, it is Google that generates and sends a response to Google – and this is where we have a problem.
When Google generates the response, it is sent via email, from a Google server. The header From address used is the email address of the person accepting the invite. So in this case, we have a yahoo.com email coming from a Google server and as a result, Google refuses the message in accordance with the Yahoo! DMARC reject policy.
The invite recipient can work around the issue by using the out-of-band response buttons, although they may not know this. And in other cases a recipient may not even have out-of-band options. For example, recipients on aol.com appear to only have the Google response options. I’m using yahoo.com and aol.com as examples because they both have DMARC records using reject policies and this issue will only affect replies for invites sent to domains with DMARC reject policies.
This issue will affect Google Calendar invites for recipients on domains with DMARC reject policies, such as AOL and Yahoo!. However, Microsoft’s webmail domains (outlook.com, hotmail.com, live.com etc.) are unaffected as they have not yet been moved to DMARC reject policies. Likewise, Apple’s domains (me.com, mac.com and cloud.com) are also unaffected.
For invites sent to recipients on corporate domains, dmarc.org has a list of some well-known organizations and the status of their DMARC policies at https://dmarc.org/who-is-using-dmarc/. You can also use our DMARC lookup tool to see if a recipient domain is using a reject policy at this time: https://www.agari.com/project/dmarc.
This issue will only be resolved if Google redesigns the responses generated by these buttons to use a Google domain in the Header From address or if these messages are sent in a way that would not be subject to a DMARC check.
Until then, if you’re having issues replying to Google Calendar invites, I recommend using the out-of-band response options if your mail client includes them. If your mail client doesn’t provide out-of-band response options and your invite responses using the Google buttons are failing, I would suggest replying to the sender as an email. If you’re sending Google Calendar invites, there’s not much you can do, but now you’ll at least be aware that recipients may have issues responding.