We have been receiving DKIM aggregated reports showing SPF failures for messages from our own website domain even though everything is configured correctly to use our SMTP server.
I have tracked this down to emails sent from CScart where the 'Reply To' field is populated with the customers email address instead of our own address. Because the domains don't match it causes a misalignment error in SPF validation causing it to fail thereby triggering a spam alert.
This only seems to be happening only on emails that are sent via the 'Notify Orders Department' option so I think may be a 'feature' designed so that replying to such an email sends the reply to the customer instead of ourselves in order to save having to look up and cut/paste the customer's email. Nevertheless it is worrying because it means our system is regarding our own emails sent to ourselves as spam and as such is bad practise nowadays.
Is it possible to change this (bad)functionality ?