We are facing SPF Softfail issue after mail pass through Cisco ESA and then go to GSuite.
We have a main domain that is working fine: example.com
We have a secondary domain on GSuite: xy.example.com
For some users we've to redirect mails to xy.example.com and to do that we 've created a specific smtp route on ESA for the domain xy.example.com: the flow is working fine, but sometimes mails go into SPAM because of spf softfail. Infact analyzing the received header we are able to see that no original IP address is evaluated and that's why SPF check fails.
What we did on ESA was: 1) create the smtp route for xy.example.com; 2) create an Incoming policy that for specific recipient redirect mails to domain xy.example.com. The route is working and GSuite is configured as indicated in the Cisco official guide https://www.cisco.com/c/en/us/support/docs/security/cloud-email-security/214736-configuring-g-suite-gmail-with-cisco-c.html Can you suggest how to approach?