Unable to send emails to Gmail from my domain
-
@scottalanmiller said in Unable to send emails to Gmail from my domain:
@Pete-S said in Unable to send emails to Gmail from my domain:
@Mr-Jones said in Unable to send emails to Gmail from my domain:
GoDaddy TXT Record:
v=spf1 a:mail.contoso.com ip4: 104.200.130.82 -allThis is invalid. There should be no space between ip4: and the ip address.
Also it's common to do
~all
instead of-all
when starting out.
~
will cause a soft fail on SPF failure while-
will cause a hard fail.We did that this week, too! This thread is like "yesterday's project" line for line, basically.
Yeah, I've done it a couple of times as well, but not this week
The only thing I don't have a clue about is how you set up DKIM on on-prem Exchange so all messages are signed.
-
@scottalanmiller said in Unable to send emails to Gmail from my domain:
@Pete-S said in Unable to send emails to Gmail from my domain:
Also the fact that you are sending from your own IP is also a sign that it is spam. Mail servers build up IP reputation on servers that send them emails. This is different from the blacklists.
If you haven't checked your IP against blacklists you must do so as well.That implies that you are running your own email server which isn't exactly forbidden, but it's a "no no". If you are running your own email server, it's expected that you will proxy through a big sender with clean IPs that have been cleared already.
For all intents and purposes, the modern email frameworks are built around limiting email sending from big senders (Amazon, MS, Google, Zoho) only and all others are suspect and/or blocked outright. Even people running their own email servers typically (without knowing) block or restrict receiving emails from anyone but the giant carriers.
Yeah, I agree. But since we are looking at SPF records with IPs then that is what the OP is doing (sending emails from their own IPs).
But it's better to use an email service to send stuff out and have them worry about IP reputation, blacklist etc.
-
@Pete-S
Good catch. There wasn't actually a space there, I just goofed.I'll try ~all.
-
@Pete-S
Very first thing I did.I found one of the issues to be that our Network Firewall was configured with the wrong IP address for outbound traffic of that Exchange Server, so it was picking up the next available (our VPN IP) and using that to pass traffic. The SPF didn't match because of this.
Currently I can send now, but it always goes straight to Spam folder. Likely because we don't have DMARC set up yet.
-
@Mr-Jones said in Unable to send emails to Gmail from my domain:
Currently I can send now, but it always goes straight to Spam folder. Likely because we don't have DMARC set up yet.
Yes, you need all of it to increase your odds. And look at routing your exchange emails through another SMTP gateway as mentioned above.
-
@scottalanmiller said in Unable to send emails to Gmail from my domain:
@Pete-S said in Unable to send emails to Gmail from my domain:
@Mr-Jones said in Unable to send emails to Gmail from my domain:
*I'm still waiting for Budget approval/acquisition for the DMARC stuff.
There is nothing you need to buy to implement it.
You should implement SPF, DKIM and DMARC.
The only thing you might want to buy is a service that will watch your DMARC reports and generate notifications if there is a problem.
I think this is very good and good value as well:
https://www.uriports.com/pricingUse their awesome free service to test your email setup and learn more about DMARC.
https://www.learndmarc.com/Exactly, it's just part of the configuration of setting up email. It's a setting.
Expand on this, please. It's my understanding there is no out-of-the-box support for DMARC or DKIM for On-Prem Exchange Servers.
-
This post is deleted! -
@scottalanmiller said in Unable to send emails to Gmail from my domain:
@Pete-S said in Unable to send emails to Gmail from my domain:
Also the fact that you are sending from your own IP is also a sign that it is spam. Mail servers build up IP reputation on servers that send them emails. This is different from the blacklists.
If you haven't checked your IP against blacklists you must do so as well.That implies that you are running your own email server which isn't exactly forbidden, but it's a "no no". If you are running your own email server, it's expected that you will proxy through a big sender with clean IPs that have been cleared already.
For all intents and purposes, the modern email frameworks are built around limiting email sending from big senders (Amazon, MS, Google, Zoho) only and all others are suspect and/or blocked outright. Even people running their own email servers typically (without knowing) block or restrict receiving emails from anyone but the giant carriers.
Seems like a good time to try convincing the boss we should move our emails to O365. I know he'll say no, but this is ammo for sure.
-
@Pete-S said in Unable to send emails to Gmail from my domain:
@Mr-Jones said in Unable to send emails to Gmail from my domain:
*I'm still waiting for Budget approval/acquisition for the DMARC stuff.
There is nothing you need to buy to implement it.
You should implement SPF, DKIM and DMARC.
The only thing you might want to buy is a service that will watch your DMARC reports and generate notifications if there is a problem.
I think this is very good and good value as well:
https://www.uriports.com/pricingUse their awesome free service to test your email setup and learn more about DMARC.
https://www.learndmarc.com/Really cool links there! Thank you!
-
@Mr-Jones said in Unable to send emails to Gmail from my domain:
@scottalanmiller said in Unable to send emails to Gmail from my domain:
@Pete-S said in Unable to send emails to Gmail from my domain:
Also the fact that you are sending from your own IP is also a sign that it is spam. Mail servers build up IP reputation on servers that send them emails. This is different from the blacklists.
If you haven't checked your IP against blacklists you must do so as well.That implies that you are running your own email server which isn't exactly forbidden, but it's a "no no". If you are running your own email server, it's expected that you will proxy through a big sender with clean IPs that have been cleared already.
For all intents and purposes, the modern email frameworks are built around limiting email sending from big senders (Amazon, MS, Google, Zoho) only and all others are suspect and/or blocked outright. Even people running their own email servers typically (without knowing) block or restrict receiving emails from anyone but the giant carriers.
Seems like a good time to try convincing the boss we should move our emails to O365. I know he'll say no, but this is ammo for sure.
Maybe, maybe not. DMARC updates are the same local or MS365 so not a big "time to switch" moment. But, maybe overall delivery will matter.
-
@Mr-Jones said in Unable to send emails to Gmail from my domain:
Seems like a good time to try convincing the boss we should move our emails to O365. I know he'll say no, but this is ammo for sure.
I don't think that email only justify cost of O365.
I have excellent mail experience with different web hosting providers that provide email service included for a fraction of price of O365.For example, Hetzner offers 300GB space with unlimited mail accounts for 17 EUR / cca. 20 USD a month.
(I have not used Hetzner's mail services but I have very good experinece with them in cloud/bare metal services)I mean - you would not convince me to buy O365 with this argument
-
@Mario-Jakovina said in Unable to send emails to Gmail from my domain:
I don't think that email only justify cost of O365.
I have excellent mail experience with different web hosting providers that provide email service included for a fraction of price of O365.I would agree. MS365 email is, to me, only a middle of the road product. It's certainly good, but it's nowhere near the best. But it is a price premium for people who think that they have to buy from MS, not for people doing price comparisons.
We use Zoho here for 25% the cost of MS365, we love it. AND we get MS365 for free. So for us, we find that paying for Zoho is better than getting MS365 for free! So imagine how hard it seems it must be to choose to pay 400% more for something we see as significantly inferior.
-
@Mario-Jakovina said in Unable to send emails to Gmail from my domain:
For example, Hetzner offers 300GB space with unlimited mail accounts for 17 EUR / cca. 20 USD a month.
(I have not used Hetzner's mail services but I have very good experinece with them in cloud/bare metal services)Every web host does that. That I guarantee is bad. Nothing against Hetzner, but it's a recurring model of vendors that do web / cloud and include a blind, crap service email with exactly that model.
Hetzner, according to quick Reddit research, is just like any cPanel web host. Those vendors are web hosts, not email hosts. They do web hosting and for confused customer they offer low cost email just so that they have something, but the service is insanely basic and always really bad. It's not a part of their business, just something free they offer as a convenience (or really cheap in this case.)
-
@Mario-Jakovina said in Unable to send emails to Gmail from my domain:
@Mr-Jones said in Unable to send emails to Gmail from my domain:
Seems like a good time to try convincing the boss we should move our emails to O365. I know he'll say no, but this is ammo for sure.
I don't think that email only justify cost of O365.
I have excellent mail experience with different web hosting providers that provide email service included for a fraction of price of O365.For example, Hetzner offers 300GB space with unlimited mail accounts for 17 EUR / cca. 20 USD a month.
(I have not used Hetzner's mail services but I have very good experinece with them in cloud/bare metal services)I mean - you would not convince me to buy O365 with this argument
Agreed. We already have O365, but I've been instructed to keep Exchange On-Prem exclusively. Sorry that wasn't implied more clearly.