Gmail Bouncing Back Emails: DNS for Dummies

Website, Application, Performance DNS & Network
1

Whenever we try to send emails to anyone with a Gmail account it get kicked back to us with this message:

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

SMTP error from remote mail server after end of data:
550-5.7.26 This mail is unauthenticated, which poses a security risk to the
550-5.7.26 sender and Gmail users, and has been blocked. The sender must
550-5.7.26 authenticate with at least one of SPF or DKIM. For this message,
550-5.7.26 DKIM checks did not pass and SPF check for [***.co
550-5.7.26 m] did not pass with ip: [66.96.184.2].

I have looked at the couple of similar questions/answers that I have found on the community forum but, I’ll be completely honest, I am a COMPLETE novice this issue is way beyond my understanding and completely over my head.

4

Please test your email settings with https://www.mail-tester.com and share the results and your domain.

1 Like
5

4.5/10 harvestoutreachchurch . com

I don’t understand this. We are a small church who barely sends out any emails? Could it be related to our email server? We are in the process of moving away from them because they are junk. (Homestead .com)

6

A link to the whole result would be helpful. I’ll send you a message so you can reply to me.

I can see that you have some zero-width spaces in your SPF TXT record, probably a copy/paste problem.

dig +short harvestoutreachchurch.com txt
"\226\128\139v=spf1 ip4:66.96.128.0/18 -all\226\128\139"

Best replace the content of that record with v=spf1 ip4:66.96.128.0/18 -all or remove \226\128\139 from the beginning and end.

2 Likes
7

Note also that the SPF record (when corrected), includes a whole /18 range.
That’s 2**14 (16384) distinct IPs, where the actual MX (assuming that the MX is also the one sending e-mails out) resolves to 3 different IPs.

You should also investigate why the DKIM checks did not pass, as it may imply that your server is seriously misconfigured.

1 Like
8

(received mail-tester results via pm)

I can see that you haven’t fixed the SPF record yet.

From the test I can also see that your mail is DKIM signed. You have a CNAME record for the DKIM selector, but the target of the CNAME does not publish any txt records, so the verification fails.

You should ask your mail provider for the correct DKIM value to fix this.

9

Thank you for taking the time to look at this. I have repeatedly been in contact with our mail provider about these issues and they went from saying they were working on it… to completely ignoring anyone who is having this problem. It is a widespread issue with our mail provider (their community forum is about 75% complaints just about this issue) and it’s been going on for almost a year. We are in the process switching our web host/mail provider, etc but in the meantime I was hoping we could at least resolve this one issue.

I have not fixed the SPF record because, as I stated above, I do not understand this AT ALL and have no idea how to do it. I see there is a SPF wizard link on my dashboard but I do not even know what to put in the fields that it asks for. I apologize for my lack of knowledge but it is what it is… lol

10

Thank you so much for replying… but none of what you said makes any sense to me. Please note my original post where I said “I am a COMPLETE novice [and] this issue is … completely over my head.”

11

If you go to https://dash.cloudflare.com/?to=/:account/:zone/dns/records (select your domain), you should find a TXT that contains this value:

Delete the content and replace it with

The DKIM problem would need to be fixed by your host (or at least with their help), but you should be able to send emails if you fix this SPF record.

1 Like
12

When I go to my dashboard it doesn’t show this:
“\226\128\139v=spf1 ip4:66.96.128.0/18 -all\226\128\139”

But does already show the correction you recommended that I make:
v=spf1 ip4:66.96.128.0/18 -all

so I’m curious as to why/where it is displaying the incorrect info for you?

13

Also, I contacted my mail server again this morning with the info regarding the DKIM and am hoping they respond with a solution. Thank you!

14

It appears in the response to a DNS query. It may be caused by non-printable characters.

You can type your domain name into this online tool and see it for yourself under the the TXT result.
Dig (DNS lookup)

If you delete and recreate that record by hand, that is typing as opposed to copy and paste, it should fix it.

1 Like
15

Ok… I typed it in manually and deleted the previous entry.

1 Like
16

That fixed it. :smile:

% dig txt harvestoutreachchurch.com +short
"v=spf1 ip4:66.96.128.0/18 -all"
1 Like
17

Yes! And I re-ran the spam evaluator and I’m up to a 6.5/10… progress! Hopefully, our email host responds to me about the DKIM issue. Thank you for all your help so far…

2 Likes
18

While fixing the DKIM problem is obviously better, you should be able to send emails to gmail users now.

1 Like
19

I just did a test email and was able to successfully send my first email to a gmail account in 2 months! Seriously, I cannot thank you enough.

2 Likes
20

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.