gmail rejecting emails from one of my domains

[mmaciel]

hello everyone

so, gmail is rejecting emails from one domain, it returns an error message saying dkim and spf is not properly configured

Delivery to the following recipients failed permanently: * person@gmail.com Reason: There was an error while attempting to deliver your message with [Subject: "asdfasdf"] to person@gmail.com. MTA godaddyrelayserver.secureserver.net received this response from the destination host IP - 142.250.101.26 - 550 , 550-5.7.26 This mail is unauthenticated, which poses a security risk to the 550-5.7.26 sender and Gmail users, and has been blocked. The sender must 550-5.7.26 authenticate with at least one of SPF or DKIM. For this message, 550-5.7.26 DKIM checks did not pass and SPF check for [mydomain.com] did 550-5.7.26 not pass with ip: [208.109.80.52 (godaddy relay server)]. The sender should visit 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for 550 5.7.26 instructions on setting up authentication. n3-20020a17090ab80300b0023a147a7892si1094067pjr.64 - gsmtp

thing is, i have multiple domains on this same server, with same ip and all, and only this one domain is giving me this error... cpanel says spf and dkim are valid and properly configured, but gmail thinks otherwise, but seeing how it is accusing the relay server ip, maybe the problem lies there? we don't have access to these relay servers, so maybe i should talk to them?

appreciate any help

 

[cPRex]

Hey there! If the issue is with the relay server IP, you'll likely need to add that to your SPF record like this:

yourdomain.com. 14400   IN      TXT     "v=spf1 ip4:1.2.3.4 +ip4:4.3.2.1 ~all"

as that would let you authenticate your messages from multiple IPs.

If that doesn't help, reaching out to the relay provider would be the best option as they have likely run into this issue before.

 

[mmaciel]

Hey there! If the issue is with the relay server IP, you'll likely need to add that to your SPF record like this:

yourdomain.com. 14400   IN      TXT     "v=spf1 ip4:1.2.3.4 +ip4:4.3.2.1 ~all"

as that would let you authenticate your messages from multiple IPs.

If that doesn't help, reaching out to the relay provider would be the best option as they have likely run into this issue before.

hey Rex, thanks for the reply

i did that, unfortunately it didn't work, but the error message now changed

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
host dedrelay.secureserver.net [208.109.80.210]
SMTP error from remote mail server after end of data:
550 5.2.0 589Gqijq3Q2SS589GqTTQm :DED: message not accepted due to spam ruleset
Reporting-MTA: dns; myipsecureserver.net

Action: failed
Final-Recipient: rfc822;[email protected]
Status: 5.0.0
Remote-MTA: dns; dedrelay.secureserver.net
Diagnostic-Code: smtp; 550 5.2.0 589Gqijq3Q2SS589GqTTQm :DED: message not accepted due to spam ruleset

before it would take a minute or two to receive the error message, now this one immediatly appears in my inbox as soon as i press send

 

[cPRex]

Well, unfortunately it looks like they are just blocking you as spam now and not even checking anything in the headers. It would be best to reach out to that provider and see if they have any ideas.

 

[mmaciel]

Well, unfortunately it looks like they are just blocking you as spam now and not even checking anything in the headers. It would be best to reach out to that provider and see if they have any ideas.

hey, so i added +include:secureserver.net at the spf record and now apparently it works, gonna do a few more tests, but already received a message from this domain to my gmail

thanks Rex

 

[cPRex]

Interesting - let us know how it works out!

 

[mmaciel]

Interesting - let us know how it works out!

apparently it's fine now, sent a bunch of emails from different accounts under this domain to a bunch of different gmail accounts and all arrived

thanks again Rex, i was so fixated on the godaddy ip, thinking the problem surely was with the relay server that i didn't even think of changing the spf myself hehe

 

[cPRex]

I'm glad the more generic SPF record for GoDaddy worked well!

 

[sparek-3]

In my experience Gmail also requires a DMARC record, even if that DMARC record is something utterly stupid:

_dmarc 900 IN TXT "v=DMARC1; p=none"

I've never been a huge fan of DMARC, because it's basically telling recipient mail servers how to react to failed SPF and DKIM authentications... which begs the question, why does SPF and DKIM need oversight? Where does the oversight end? Is there eventually going to be another record to tell recipient servers how to react to DMARC records?