G Suite - I want to send emails using two domain names using one email account

Assume, that I have two domains:

a.com (in this domain I create account)
b.pl (additional domain)

I want to give the user x the ability to send emails as [email protected] and [email protected] via one email account.

Is such a scenario possible in GSuite?

The most similar functionality I managed to find is "Add alias" in admin panel, while adding alias in Gmail via "Settings". -> "Accounts" -> "Send as".

The problem is that this configuration causes a behavior similar to that of logging into a.com account by the telnet and then spoofing the "from" header as b.pl.

Received-SPF: pass (google.com: domain of [email protected] designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41;
From: "X" <[email protected]>
Subject: Test message
To: Y <[email protected]>

This configuration fails DMARC so I want to improve it.

dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=QUARANTINE) header.from=b.pl

Solution

To fix this: You may want to setup DKIM signing for both domains. Follow this guidance.

Google should sign the emails with the private key that corresponds to the public key for the domain that is in the Header.From field.

What happened: For DMARC to pass, either DKIM or SPF should produce a Pass, in alignment with the organizational domain in the Header.From, in your case b.pl

Google is DKIM signing your emails using its own key pair for domain a-com.20150623.gappssmtp.com. That doesn't align with your organizational domain b.pl and thus doesn't Pass DMARC.

On the other hand, the Header.From field contains an address in the domain b.pl, while the Return-Path is set to an address in the domain a.com. So for SPF to produce a DMARC Pass, the required alignment is missing as well.