Hi,
I have a client who is getting 550 5.7.26 on all a lot of his emails.
I have setup the SPF, DKIM and DMARC records, but run out of knowledge.
the domain is blackbirdagency.co.uk
Thank you
Hi,
I have a client who is getting 550 5.7.26 on all a lot of his emails.
I have setup the SPF, DKIM and DMARC records, but run out of knowledge.
the domain is blackbirdagency.co.uk
Thank you
Welcome to the Cloudflare Community.
That ESMTP response is not going to be enough to determine the issue.
Unrelated to your question, you have an a
mechanism in your SPF that resolves to Cloudflare proxy IPs. Those will never send emails on behalf of your domain. You can remove that a
and reduce by one the number of DNS lookups required to evaluate your SPF.
Hi @epic.network ,
Thank you for the reply.
The emails are being sent from the Gmail web interface,
Was that error copy/pasted? Because there is a typo in the sender address that would explain the problem.
The NDR that you shared in response to the second bullet point is not the DMARC report data that I was asking about. You would need to find that in your DMARC reporting service, which appears to be Cloudflare. It will tell you why your message failed DMARC.
If you haven’t taken steps to publish your Google Workspace DKIM public keys, recipients will not be able to validate signatures. If the parts of the message used to create the signatures are altered after signing, validation will fail. It may be that your recipient doesn’t like your DMARC policy of none
.
The best course of action is to work with the intended recipient to identify why their MTA doesn’t want your message. Unless you need to update a related DNS record, there won’t be anything to do with Cloudflare.
Thank you, I tried DMARC with Reject and got the same responce.
I will check with the clints DKIM keys in Google Workspace
This is sending from ther clients Google Workspace to my Google Workspace.
You may need to ask Google about it.
I have uploaded an image, but it needs approval
Looking at both both “client”, and “his emails” here:
The blackbirdagency.co.uk
domain name, …
… Is it (also) your domain name?
… Is it the domain name of a third party, that is trying to send email to you?
Your image seems to indicate #2 would be the answer?
One thing you must understand, is that DKIM signing alone isn’t necessarily the same as DKIM signing with alignment, to your own domain name, as DMARC requires.
Google Workspace does with some default DKIM signing using a sub-domain under the “.gappssmtp.com
” domain name, whereas Microsoft Office 365 does something similar under the “.onmicrosoft.com
” domain name.
There can technically be a dozen of different DKIM signatures on your email, -
However, if the DKIM signing have been made on a different domain name than the one in the “From:
” header, it will not be enough, to satisfy a DMARC “reject
” policy, as there is no alignment to the alleged sender domain, that appears in the “From:
” header.
→
An email address have been sent to you privately.
If you wish, you can try sending an email, from that blackbirdagency.co.uk
domain name, in the same way as when it provides you the above error, and I’ll respond to this thread with what I see, at the first possible moment after having received it.