Issue with gmail mail forwading

I have a domain from cloudflare ,

I am using mail forwarding from Cloudflare , it recives from gmail and send from gmail but when sending from the same domain for example
from [email protected] to [email protected] it gives this error :slight_smile:

Unknown error: transient error (421): 4.7.0 [104.30.8.141 19] Gmail has detected that this message is4.7.0 suspicious due to the very low reputation of the sending domain. To4.7.0 best protect our users from spam, the message has been blocked. For4.7.0 more information, go to4.7.0 https://support.google.com/mail/answer/188131 c18-20020a05600c0a5200b0041413941ac8si496630wmq.147 - gsmtp

also when receiving emails from other domains .

1 Like

Welcome to the Cloudflare Community. :logodrop:

As indicated by the NDR message that you shared, your domain lacks sufficient reputation for Google to accept your message for delivery. How recently was your domain registered?

Email from other domains likely gives a different reason.

Have you tried checking your domain’s reputation using tools like Google Postmaster Tools?

1 Like

I’m also getting this exact same error (a ton of them). And contrary to the OP, the “sending domain” (the RHS of the sender email) isn’t my own but someone else’s (eg, my bank, also the user forums for some of the opensource software I use) so I can’t check their reputation on GMail Postmaster tools or wherever – but anyway I think their rep is pretty good because when they send email to me directly instead of going through Cloudflare’s server, GMail has no issue accepting them.

What I think is happening is that GMail is refusing these emails not based on the RHS of the sending domain, but on the IP address of the SMTP sender (ie, Cloudlare’s server) instead.

Can someone from Cloudflare please have a look at this?

2 Likes

Just clarfiying this a little: by "the IP address of the SMTP sender (ie, Cloudflare’s server), I mean the 104.30.8.141 part of the message the OP quoted (which is the IP of a Cloudflare server, and also shows up in my logs with the same GMail error as the OP).

It is certainly plausible that the IP is what Gmail has assigned the poor reputation. This is one of the reasons why email forwarding has been impractical for years. The larger the usage of the forwarding service and the recipient destination, the more likely reputation issues become. The best solution is to not use forwarding for anything important.

1 Like

I’m aware of the problems with email forwarding. But IME (including administering a forwarding MX for many years for a dozen or so clients) they can be greatly mitigated (to the point they’re no longer a problem) as long as whoever’s administering the MX tracks reputation issues, runs them down and solves them.

Are you saying that Cloudflare does not do any/enough reputation mitigation for its servers for forwarding through them to be reliable?

2 Likes

Google seems to hold that opinion.

That’s where it gets dicey. Too many elements are beyond your control. You can find yourself suddenly not receiving mail because someone else was forwarded enough unfiltered spam to get the relay IP, or possibly even an entire netblock, listed for deferment.

After reading Google’s recommendations on forwarding around a decade ago, my takeaway was that forwarding to free Gmail accounts was not going to be a long-term sustainable practice. I switched all remaining Gmail forwards to mailboxes that were periodically emptied via POP polling and never looked back.

2 Likes

Yeah, I started having this issue pop up over the weekend and given the issues, I’ve now switched to gmailify from Cloudflare Email Routing for my important domains.

Gmailify both forwards and uses POP3 so you get the best of both worlds - fast forwarding most of the time, but if there’s an issue with SMTP forwarding, POP3 will also pull down the messages so you don’t lose email.

Gmail ignores any duplicate emails pulled won via POP3, so it all seems to work pretty seamlessly.

Would love to have something similar built in to Cloudflare.

But honestly, even better would be for Google to provide custom domains without having to bounce email through extra hops without paying $72/user/yr which is just too much for home users.

3 Likes

Thank you both @epic.network and @drees for your thoughtful, detailed responses.

A few more questions:

How did you implement that? Brought up your own MX server with local mailboxes and POP3 access to them, and then use an email client like Thunderbird to read them to your desktop? Or did you use GMailify to POP it out of your MX server and into GMail like @drees is (I think, see below) doing?

By GMailify, you mean this? Gmailify: The best of Gmail, without an @gmail address
If so, I understand you use some other SMTP server as your MX (which one? Any of the other providers like yahoo or whatever, or a custom one like I think @epic.network is doing?), then set it up with forwarding to your GMail account plus local mailboxes accessed through POP3, and finally configure GMail to pull your email from there through POP3; is that correct?

Sorry if my questions are too stupid – it seems you folks have found the holy grail I’m looking for, and I want to be 100% sure I understand it correctly.

1 Like

In my case the forwarding was configured on my own mailserver and I converted the forwarding-only address into a mailbox. The goal was still to get the messages into the recipient’s Gmail account, so Gmail, not Thunderbird (or similar), is where the POP access was configured. Outbound mail can be similarly configured to send from Gmail using the authenticated SMTP account on the external mailserver.

You don’t have to be running your own mailserver to use that method. You can set it up with any mailbox that will accept and send email for your domain. The mailboxes that are often bundled with cheap shared hosting will work fine. Storage capacity is largely irrelevant if you don’t leave the messages on the server when you POP them. Just be sure to configure all the appropriate DMARC, DKIM, and SPF records in your Cloudflare DNS. You can even monitor your DMARC statistics with Cloudflare DMARC Management.

1 Like

If I understand you correctly, then you took Cloudflare Mail Routing totally out of the equation, right? The DNS MX points to your (or the cheap provider) MailServer, then this mailserver both stores the email on a local mailbox and forwards it to a GMail account, and this GMail account is configured to also pull any emails over POP3.

Did I get it right?

1 Like

I think he means this one:

https://www.gmailify.com/

2 Likes

By GMailify, you mean this? Gmailify: The best of Gmail, without an @gmail address
If so, I understand you use some other SMTP server as your MX (which one? Any of the other providers like yahoo or whatever, or a custom one like I think @epic.network is doing?), then set it up with forwarding to your GMail account plus local mailboxes accessed through POP3, and finally configure GMail to pull your email from there through POP3; is that correct?

Yes, @alsherifk had it right, gmailify.com, not Google’s Gmailify product (confusing!)

Gmailify both forwards email to Google/Gmail and you also have to set up POP3, too, before it starts working.

So far, it appears to be working OK, but it hasn’t been long. In theory, it should work around email forwarding issues.

2 Likes

and this just for 7$ per year for the whole domain and unlimited users. and you also are able to send mails through there own smtp with mail signing and so on. you can also have “domain aliases” for free (in case you have a few more domains you want to link). but for these domains no smtp is possible.

to be honest, that is quite interesting!

Thank ypu both for setting me straight! Just checked and gmailify.com costs just $7/domain/year – and it’s just a single one of my domains that needs to be protected against mail loss. About half a dollar per month certainly beats the effort and aggravation of bringing up my own mail server…

:+1:

Perfect. Can’t ask more than that. I will start using it right away.

Just finished creating my account at gmailify,com and configuring everything both there, on Cloudflare (for the DNS) and GMail (for the necessary “integration”). Reeeeeeally easy, can’t imagine anything more hand-holding than what they did) and doing some initial tests, whole process took me considerably less than 15 minutes.

Only gotcha was that emails not added to the Email Routing screen (which starts empty except for the mandatory postmaster, etc addresses) are initially rejected as “no such user here”… had to change the catchall to the same destination (ie, the main mailbox) as the ones that it automatically created above (for postmaster, etc). IMHO the default should have been to forward and not to reject, caused me ~4 minutes of lost emails before I fixed it.

Other quirks are kinda irritating but not showstoppers: “Traffic Logs” screen takes its own sweet time to update (way more than the 2 minutes the docs indicate – more like 5-10 minutes), admin pages have a kind of 1990 aesthetics to them (minor complaint – at least should be light on their servers and on my browser).

Now will spend a few days testing (how long is their trial?) and if all goes according to plan, adding a billing method and start paying my $7/yr dues.

Thanks again to everyone else who helped and commented. Much appreciated!

3 days is free then you need to pay. and you can also smtp for more domains but need to authenticate via your primary domain.

1 Like

Watching it like a hawk, and (after chasing down a few false alarms) the only issue I can see so far is apparently on GMail’s side:
image

So it seems GMail is taking its own sweet time to check GMailify’s mailbox, taking between 22 and 30 minutes for the small sample above.

Question for you folks that have more experience in that than me: is this really how it goes? I mean, half an hour is a really long time, and for some emails it could become really critical. Is there a way to accelerate that in GMail? Perhaps using its API? I looked for some kind of setting but could not find any.

TIA!

So it seems GMail is taking its own sweet time to check GMailify’s mailbox, taking between 22 and 30 minutes for the small sample above.

Question for you folks that have more experience in that than me: is this really how it goes? I mean, half an hour is a really long time, and for some emails it could become really critical. Is there a way to accelerate that in GMail? Perhaps using its API? I looked for some kind of setting but could not find any.

I’m seeing about 15-20 minutes per POP3 check myself.

But that doesn’t really matter 99% of the time.

Because Gmailify is also forwarding email to Google, the vast majority of those emails should be getting through by getting forwarded. If for some reason Google starts rate limiting or rejecting them, then the POP3 check will pick them up.

If you suspect an email isn’t getting through and you can’t wait for POP3 to check again, you can manually tell Google to check POP3.

1 Like