Email Routing problem to Gmail

I am (/was) forwarding from Cloudflare to a Gmail account and in the dashboard saw a number of rejects from Google servers which have blacklisted the Cloudflare IP.

The dashboard error is: Unknown error: transient error (421): 4.7.28 [104.30.1.170 15] Our system has detected an unusual rate of\n4.7.28 unsolicited mail originating from your IP address. To protect our\n4.7.28 users from spam, mail sent from your IP address has been tempor…

I had that same notification from a number of different CF IPs (104.30.1.170, 104.30.2.111, 104.30.5.136, 104.30.3.34, 104.30.1.141, 104.30.4.138, 104.30.1.86, 104.30.2.189, 104.30.2.168, 104.30.5.26 15, 104.30.5.24), I’m assuming the service tried to resent the email from a different IP to get deliverability.

Surely unless CF implements spam filtering this is going to be a problem, as CF essential forwards all mails to Gmail (or wherever) even if they’re spammy, then Gmail picks up on this and decides the sending IP can’t be trusted … which means legitimate mails are blackholed.

Just wanted to check how this was being managed, if perhaps I was unlucky, or if this is just to be expected with a large-scale forwarding service.

6 Likes

Hi,
I am sorry, I don’t have an answer, but I have a similar issue. Email forwarding to gmail does not work at all. Email forwarding to yahoo works, but the emails land in the spam folder.
What I would be interested (since I am a beginner) is how you investigate the issue. Where do you find out that Google servers blacklist the Cloudflare IPs and where do you get the Cloudflare IPs from?
Thank you in advance! Sorry if I bother you.

I got the information from the logs in the Cloudflare dashboard. If you’re not seeing your emails land in Gmail then that’s the place to look if they were sent (forwarded) or dropped or if there was an error.

If they are leaving Cloudflare and not arriving at Google then you could set up DMARC which will give you reports from providers which will give you a little more information about how they’ve treated your mail.

Adding a DNS record such as this:

TXT _dmarc v=DMARC1; p=none; ruf=mailto:[email protected]

will give you a daily aggregate report. It’s hard to understand (it’s in XML format) but there are inline tools you can upload it to which will provide at least some visibility into if your message is being rejected by Google and why.

Personally most of my mail hit Gmail without any issues. There were only a few cases where it seemed to hit this spam wall. I’ve moved all my MX records back to Google for now so the emails are no longer being forwarded by CF as I just met silence on this issue.

2 Likes

Ok, thank you very much for the tips!

Same problem here. A lot of delivery failed messages (including dmarc reports).

i am also getting this error
please help me dear team

Hi,
Does anyone have a solution?
I am getting the same problem…
Thanks in advance for your answer!

2 Likes

Same here.

Emails that are sent from google.com domain (e.g. account related emails) are failing to be forwarded to Gmail.

In my case, I cannot confirm alternative email in Google account, because verification email is being rejected, thus not reaching my Gmail inbox.

Rejected reason from Cloudflare Dashboard / Email Routing / Activity Log:

Unknown error: transient error (421): 4.7.28 [2405:8100:c000:1::1fd:1c 15]
Our system has detected an unusual4.7.28 rate of unsolicited mail originating from your IP address.
To4.7.28 protect our users from spam, mail sent from your IP address has been4.7.28 temporarily rate limited.
Please visit4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to4.7.28 review our Bulk Email Senders Guidelines.
1 Like

Same problem here. Cloudflare responded in this thread Mail forwarded to gmail is rejected - #6 saying the issue is temporary and the emails will be automatically retried, but in my experience that isn’t true and I’m never receiving the rejected messages.

Have you made any progress on fixing this? I’m experiencing the exact same problem

In my case, one of those retries luckily was forwarded, so I was able to click the confirmation link sent from Google, but all the rest of those emails were rejected.

If it’s only Google related problem (emails triggered by Google account actions), I think you can try to temporarily forward emails else where (other email provider).

yup, getting the same problem. any solution!?! my domain name is https://michigancontactlens.com/

Same again here

Same here… and waiting…

same here

Same here as well, with emails coming from
[email protected]!
No solution nor help from Cloudflare team?
Thanks!

1 Like

it’s really disappointing that it has not been addressed for this long, maybe at least they can let us know if there is nothing they can do or if this can only be resolved by Google so we would know how we can proceed.

Same Issue. All Google-related security alerts have been ignored.

Hi,

Did you create TXT records for SPF and DKIM?

You are the actual owner of the domain “michigancontactlens.com,” so, you can create an SPF and a DKIM record -which is only possible with a domain name- inside your Cloudflare dashboard.

Google support indicates what a typical TXT record should be for google.com (watch it! Using Gmail doesn’t mean using a @gmail.com email address.)
TXT SPF record for my domain, about Gmail for Google Workspace.
v=spf1 include:_spf.google.com ~all
The full record:
v=spf1 include:_spf.google.com include:emsd1.com ~all
because I’m using ActiveCampaign, hence the emsd1.com

For DKIM, I went to Free DKIM Record Generator - DMARCLY to create the record and then copy it into Cloudflare.

SPF: Sender Policy Framework. It allows you to list authenticated mail servers for an email domain to fight spam, phishing, email forgery, and other malicious emails.

DKIM: DomainKeys Identified Mail is used for the authentication of an email that’s being sent.

I manage dozens of Gmail clients, they all have their own domain names, and I haven’t heard about emails being dumped or discarded.

For those of you who do not use a domain you own, it would cost you a bit less than $10 per year. Would that be a turnaround you could use?

I don’t think this is causing the issues.
I saw it on all my forwarded domains and my SPF/DKIM was set up correctly.