Email setup assistance needed

Certainly glad that I’m not the only one having this issue. Recently signed up for Cloudflare – everything is working fine except responding to emails. I’m forced to do a backdoor sending responses through Mailchimp, which sucks.

Haven’t had any recent reporting on Gmail Postmaster Tools, but this was the last report.

Having no issues receiving emails, just can’t submit responses without receiving a return to sender error from Gmail – which makes zero sense since none of my email is through Gmail or Google Workspaces.

Archive of service ticket with webhost Colohouse (FKA TurnKey Internet) about the email issue: https://drive.google.com/file/d/1WVB6Y9jYSET2B2dwsgVZsGdnxW_WlodL/view?usp=drive_link

Example of error I’ve been experiencing:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
host aspmx.l.google.com [142.251.167.27]
SMTP error from remote mail server after end of data:
550-5.7.1 [199.16.53.198 12] Gmail has detected that this message is likely
550-5.7.1 unsolicited mail. To reduce the amount of spam sent to Gmail, this
550-5.7.1 message has been blocked. For more information, go to
550 5.7.1 Why has Gmail blocked my messages? - Gmail Help m8-20020a05620a220800b0078ee525a5bdsi3376419qkh.447 - gsmtp

Cloudflare doesn’t offer an outbound email solution, @jake.leonard. Who is your outbound email service provider, and if you do not have any paid Google Workspace, why do you have a Google include mechanism in your SPF record?

All of my email addresses for my domain are set up inside WHM/cPanel. The Google include mechanism was suggested by my webhost last night, so I’m wondering if my issue will be resolved if I removed it.

But if you mean which email service, it appears the only one set up for my email addresses on cPanel is Roundcube Webmail 1.6.0.

I don’t expect removing it to fix anything, but it’s presence cannot add any value, either. For it to do anything useful, you would need to be using paid Google Workspace.

Roundcube webmail in cPanel suggests that you are using a shared webserver as your mailserver. That is rarely a good idea.

Your MX records suggest that you are using paid Google Workspace. If you are certain that you aren’t, you may want to bring in someone who understands how your email is supposed to be set up in order to clean things up for you. Your DNS doesn’t communicate the same details that you are sharing.

I see nothing that indicates that your issue has any relationship to the Cloudflare Email Routing delivery to Google email servers. I’m going to move your issue to its own topic to alleviate any confusion.

Much appreciated on merging the issue elsewhere @epic.network .

Additional information which may or may not be helpful in resolving my issue. My current configuration as of 3 a.m. Central today.

You have a pretty huge mess going on here. Thanks for being brave enough to share the details. Please try not to take any of the feedback personally. It is intended purely objectively to help you clean up your zone data.

The domain name that you shared is not the domain that I gleaned included from your earlier post. If column.us is not your domain, anything related to my prior statements about DNS does not apply to you. Please disregard anything I said about Google in your SPF or MX, as it was applicable to the column.us domain which I mistook as being yours. That’s on me for looking at that part of your post too quickly. You should edit that email address out of your earlier post, as someone else’s email address is not something that you should be exposing on the internet.

Now that we have the real domain, we still have a lot of questionable content in the SPF record, but the most likely reason for your email to be getting sent to junk or refused by Google is the fact that you are using a shared webserver as your email host. We can revisit that in a future reply if needed. The odds of having a good email reputation on such a server are always going to be almost nil. Surprisingly, the reputation at Cisco Talos is currently neutral. Your broken SPF record may be an alternate reason, so let’s look a it:

"v=spf1 +a +mx +ip4:199.16.53.198 include:199-16-53-198.cprapid.com include:spf.mx.cloudflare.net ~all"
  1. +a serves no point, as you will never be sending mail from Cloudflare Proxy IPs and as long as your site is :orange: proxied, the A record will always be a Cloudflare Proxy IP. Lose this mechanism.
  2. +mx +ip4:199.16.53.198 is redundant. Pick one. The latter saves you a DNS lookup, but will require you to remember (or better yet document) why it is in there. Lose one of these.
  3. include:199-16-53-198.cprapid.com include:spf.mx.cloudflare.net There are no TXT records at either of these location, so all they serve to do is waste DNS lookups and then completely break your SPF record. Lose them both.

After you fix your SPF record, you may want to submit an email to Mail Tester and share the link here for a communal review. (Some parts of the results will matter more than others, and it often helps to review them with others.)

Unrelated to email

NS records

TL;DR: Unless you can articulate a valid reason not to, delete all of the NS records in your zone.

You have two NS records in the file you shared that cover your apex name. Your apex name needs to use the assigned Cloudflare nameservers, so your self-referential pair are just wasting space in your zone file. I have no idea what you are attempting to accomplish with the broken delegations you have for 199.16.53.198.server.heartlandnewsfeed.com. or why you have the same delegation for server.heartlandnewsfeed.com. You have defined the same cPanel webserver IP for both your ns1 and ns2 hostnames. You also have both of them :orange: proxied, which means that they cannot function as nameservers. The Cloudflare proxy does not pass any non-HTTP traffic by default.

www CNAME

Your www CNAME points to your apex name which has no DNS record. This makes you site unreachable with or without www.

1 Like

OK - I’ve made some of the changes as you recommended.

Mail Tester results

Nothing taken personally. I actually appreciate the assistance you’ve been able to provide so far.

1 Like

You seem to have removed a bit too much from your SPF and left in a generally useless element that is of dubious value even when used with Cloudflare Email Routing, which is something that you should not be using. Note that your Mail Tester report specifically mentions that your server is not permitted to send email on behalf of your domain. This is due to the removal of both mechanisms in my previously described item number 2. You will need to restore the ip4:199.16.53.198 to authorize your server to send domain email.

Why is Cloudflare Email Routing enabled on your domain now? If your objective is to be able to send email, no good will come of it. You were far better off without it. Is there specific reason that you are trying to use Cloudflare Email Routing when you already have access to infinitely better options?

You already have a mailserver that is able to handle your domain email, and while a mailserver on a shared webserver has its own issues, they are easier to navigate around than the baggage included with Cloudflare Email Routing.

I would disable Cloudflare email routing and remove mention of it from your SPF as well.

So should I reinstate it as

v=spf1 include:_spf.mx.cloudflare.net +ip4:199.16.53.198 ~all

Or reinstate it minus the Cloudflare?

1 Like

Actually, strike that. I think I may have resolved that.

I would use the SPF record

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.