Separate envelope-from and reply-to email addresses to avoid DMARC failure

Because it’s a catch all for the domain, only one email is being used for discourse.

Not necessarily, I’m currently using it without VERP and it’s working. My issue is that I can’t have have the user respond directly to gmail without a SPF / DMARC failure due to the way discourse sets the envelope-from and reply-to addresses. Instead I have to have the MTA forward it to gmail. If I could have it reply directly to gmail (without a DMARC/SPF failure) then I can use VERP for securing the responses but yes the VERP will be ignored for bounced email. It’s still more secure than the current implementation.

That’ not an option as I explained here. It’s only practical to use gmail it for inbound. Setting up your own direct inbound MX when you already have a MX from your hosting provider can be challenging for the uninitiated. Direct gmail replies is far easier and less error prone.

Maybe I’m missing something in your line of thought. I can only see upsides to separating the envelope-from and reply-to addresses, it supports more diverse ecosystems and it’s more secure while helping to avoid SPF/MARC failures.