At the moment received emails are piped to the application where they are then forwarded on as a new email from an AnonAddy domain. So they currently pass SPF and DKIM checks as my DMARC reports show.