Help email Rejection

user6632 · June 5, 2023, 4:11pm

Hi Guys

I need help with DNS entry, all my emails sent to any Google Account are rejected for Google.
I have all the necessary DNS entry to cover rejection.
I have the SPF Record 100%
I have the DKIM Record 100%
I have the MX Record 100%
I have the Google domain verified Record 100%

but I keep getting this error message.
Important Note: I replaced the real google with {any_gmail_account at gmail dot com} so you know that is any google account not just one.

Could not deliver message to the following recipient(s):

Failed Recipient: {any_gmail_account at gmail dot com}
Reason: Remote host said: 550 5.7.26 This mail is unauthenticated, which poses a security risk to the
5.7.26 sender and Gmail users, and has been blocked. The sender must
5.7.26 authenticate with at least one of SPF or DKIM. For this message,
5.7.26 DKIM checks did not pass and SPF check for [vinains dot com] did not
5.7.26 pass with ip: [74.50.90.42]. The sender should visit

Please help.

Thanks
Jose.

Laudian · June 5, 2023, 4:49pm

Can you do the test at https://www.mail-tester.com/ and share the result here?

epic.network · June 5, 2023, 6:32pm

Your SPF record lists 66.45.252.106 ad the only authorized source of your email. The SMTP rejection message from Google that you shared indicates that your email arrived from 74.50.90.42. If the mailserver at 74.50.90.42 is authroized to send email on behalf of your domain, you need to add it into your SPF record.

user6632 · June 5, 2023, 7:56pm

Thank you for your reply, I thought that by having the [MX records] as follow will do the trick.
Both IPs are part of the [MX records], how come this works with Go daddy and other provider.

Any way I’ve just added the second IP to the SPF record.

Thanks Again

epic.network · June 5, 2023, 8:50pm

Your SPF record did not (and does not) include the mx mechanism. You could swap out the IPs for the mx mechanism if you want, but it does require that your inbound MTAs (which are identified by MX) are also your outbound MTAs. You could also just leave the SPF alone, if those are the only two IPs that should send email on behalf of your domain.

Since you mentioned MX records, I looked up yours and notice that you are pointing one of them to a proxied hostname. That is never a good thing as it results in a synthesized hostname that begins with _dc-mx. which can be problematic since server hostnames are not permitted to contain underscores.

You would benefit from creating a separate hostname pointed to the same IP that you can leave set to DNS Only for use in your MX record.

system · June 20, 2023, 8:51pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.