Hi there, Im unable to send email to gmail from my new account. I clicked on cloudflare’s auto email set up (since the domain is registered with cloudflare) and so its set up as per the image attached. How do I adjust these settings in the image so it will actually work in conjuction with the DMARC policy for google?
550-5.7.26 Unauthenticated email from <domain> is not accepted due to domain's
550-5.7.26 DMARC policy. Please contact the administrator of xxxx domain if
550-5.7.26 this was a legitimate mail. Please visit
550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about the
550 5.7.26 DMARC initiative. p20-20020a5d9c94000000b0078372b9ed61si3831965iop.111 - gsmtp
And so in my account the set up looks like this (except with server and IP filled in)
Your SPF record specifies that your domain is not used to send email and that anyone receiving email from it should not accept it.
An SPF record needs to list the servers that are allowed to send email on behalf of your domain. If you have a simple setup (not, for example, doing transactional or promotional email using an outside provider) then it just needs to list your mail server.
Thanks @i40west . I used your link to create a strict DMarc policy. which didnt work, That overwrote the cloudflare settings, that didnt work either then I combined them and that didnt work either.
host gmail-smtp-in.l.google.com [209.85.146.27]
SMTP error from remote mail server after end of data:
550-5.7.26 Unauthenticated email from is not accepted due to domain’s
550-5.7.26 DMARC policy. Please contact the administrator of if
550-5.7.26 this was a legitimate mail. Please visit
550-5.7.26 Control unauthenticated mail from your domain - Gmail Help to learn about the
550 5.7.26 DMARC initiative. u18-20020a02c952000000b00418b0511af8si5651478jao.12 - gsmtp
TXT Type: TXTHost/Name: Value: v=spf1 ip4: -all (as generated by your link. Cloudflares markup control does not allow the exact text I typed to be displayed, the IP address is there)
Okay, a couple things. First, is the IP address correct? If you’re sending email with PHP, the necessary address may not be the address of your server, since you may be contacting another email server to actually send the mail. If you’re sending through a service provider, they would know the SPF entry you need.
Is your sending server configured to add DKIM signatures, using the same key used to generate the DKIM record?
Try this site to test your setup. It has you send a test email to them and then breaks down the validation process for you, telling you what worked and what didn’t.
Thanks that helped. Despite me using both Cloudflare and that other site you gave to set this up, that linked you sent failed my email for both SPF and DKIM and it didnt give suggestions on how to fix it. To be honest all of this is a completely unecessary waste of everyone’s time, mine and yours included. There should be a button we all push that takes care of all this stuff, end of problem (unless we are spammers in which case we get our just desserts)
It did tell me in English what the problem was, but not the code to copy and paste. To be honest all of this is email setup security setup is a completely unnecessary waste of everyone’s time, mine and yours included. There should be a button we all push that takes care of all this stuff, end of problem (unless we are spammers in which case we get our just desserts). I dont have the time, skills or inclination to try and make up my own code and spent all day trying to test if it works
It said “I see you haven’t included a DKIM signature. Therefore, I am unable to authenticate the email and determine if the message was altered during transit. The Auth Result is none.” (I have no clue how to fix this)
It also said " I’ve found the following DMARC policy at _dmarc.: “v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;”.
Found policy: reject" This was the policy that was generated by Cloudflare- absolutely no idea what any of that means or why Cloudflare set whatever it was to REJECT
Then it said "SPF auth result did not produce a pass. DMARC SPF result is fail.
DKIM auth result did not produce a pass. DMARC DKIM result is fail.
Because at least the SPF or DKIM check has to produce a pass result and have their domain be in alignment, the DMARC result is fail"
Then said Have a Nice day and it went off and had a cup of coffee I think
NOTE:
Despite spending further time on my Sunday setting all this up, and doing exactly as I’m told, nothing still works, in fact it’s worse and using the Cloudflare settings is a complete waste of time that seems certain, the test site found that to be ridiculous
Starting with a reject policy makes things difficult if you aren’t already familiar with DMARC implementation. Start with v=DMARC1; p=none; [email protected]; while you are learning, evaluating, and testing. The address [email protected] should be replaced with one assigned to by your DMARC reporting service. Cloudflare has one, although I find it short on useful details in its current state when compared to dmarcian or other services.
I feel the same way about power outlets and toilets, so I hire an electrician and a plumber. What was it about email that made you think it would be trivial to DIY?
DKIM signing needs to be set up on the sending mail server. Whatever provider you’re using to send your email needs to set this up (or maybe they have provided a management interface to do it). They would then give you the DKIM TXT record to add to your DNS at Cloudflare.
Your SPF record probably has the wrong IP address, as I mentioned before. Your email provider should be able to tell you what your SPF record should be, but a good place to start is whatever IP address the testing tool said it received your email from. They may have multiple addresses, though, so again, they need to give you this information. The only involvement of Cloudflare is that it’s where you enter that information to publish it.
This wouldn’t matter. Google will reject no matter what your policy is set to, if you don’t have one of SPF or DKIM passing (and your domain isn’t grandfathered in).
Im not here to UNDERSTAND how DMARC etc works, I just want it working. Cloudflare should not be setting things to FAIL/ REJECT. None of these tools work and Ive spent 3 days on and off trying to get my cloudflare established domain to send one darn EMAIL to GMAIL. I ABSOLUTELY SHOULD NOT have to be a trade certified engineer to make THAT happen.
Damn nerds.
“Your SPF record probably has the wrong IP address, as I mentioned before. Your email provider should be able to tell you what your SPF record should be, but a good place to start is whatever IP address the testing tool said it received your email from. They may have multiple addresses, though, so again, they need to give you this information. The only involvement of Cloudflare is that it’s where you enter that information to publish it.”
I got my IP address correct OK and thats validated by the DMARC website, Lets actually try and get things to actually work shall we instead of presuming that people are stupid if they get mad with incompetence
I’m from a planet where the business owners who value the proper and secure operation of their technology in fact do pay to have their systems, including DMARC, configured and managed so they can do what they are good at instead of spending their time engaging in emotional outbursts on technical forums.
I expect that cloudflare with all its brilliance and capability will GET THIS RIGHT. Its not an outburst, its a GET THE BASICS RIGHT TOO comment. What not to understand about that? Get it right…
Cloudflare doesn’t offer email service. None of the problems you are experiencing have anything to do with Cloudflare, but we’re trying to help you anyway.
The only role Cloudflare plays in this is that it’s where you enter the information about your email setup in order to publish it for the internet to see. It’s the last step in the process, and the easiest, but it won’t work unless you have your email server set up properly and have all the right information from there. Cloudflare can’t really help you with that part, but I don’t work for Cloudflare and I do email professionally so I figured I could help you anyway. Sorry that didn’t work out.
I agree you have tried to help and its not your fault things dont work, but dont attack me, presuming Im stupid when in fact its the systems I use to help set these policies that are not doing their job and now a simple task like sending an email does not work and has become enormously unnecessarily complicated for such a simple job and now I have to have some form of TRAINING to UNDERSTAND all the details of email sending? NO WAY JOSE.
Cloudflare doesnt offer email and neither did I say it did. Cloudflare DOES do DNS settings and thats what the problem is, NOT the actual email itself.
