RDNS and DKIM Issue

Im having an rDNS mismatch problem, I’ve asked my host what they think by they suggest disabling cloud flare, which I would rather not do considering things are working pretty smoothly other than this issue.

I use hostdime for hosting, GSUITE as my email provider and cloudflare for DNS.

When using mail tester I get two dings.

1. RDNS_NONE Delivered to internal network by a host with no rDNS
   This may indicate you do not have a rDNS configured for your hostname or the rDNS does not match your sending IP

I am able to change my PTR record in my hosting dashboard but it seems to do nothing to the “unknown” part of my email header nor does it get spam assassin to simmer down about the rDNS.

Domain: Shipsterusa(dot)com

Is posting an email header safe?

2. Your message is not signed with DKIM

I have a valid DKIM record from gsuite, it is added into cloudflare records correctly I believe. Gsuite dkim setup tool tells me I am being authenticated, so why are the messages coming through with no DKIM signature?

I have read many many forum posts about these issues for the past couple of weeks before posting, but I keep going round and round. A little help would be very very appreciated.

Usually as I saw Google mail servers (users using GSUITE) do not have rDNS record (PTR). See here a screenshot:

Screenshot_2021-02-15 intoDNS check DNS server and mail server health1006×617 19.4 KB

Are you being authenticated as a user over SSL for GSuite? What is the DKIM header response in the e-mail message when sending mail to yourself or some other account owned by you (for example basic Gmail account)?

Do you also have an SPF (TXT) record and an DMARC added to your domain at your Cloudflare account?

1. DMARC - Add your DMARC record - Google Workspace Admin Help
2. DKIM - Set up DKIM to prevent email spoofing - Google Workspace Admin Help
3. SPF - Ensure mail delivery & prevent spoofing (SPF) - Google Workspace Admin Help

Your SPF (TXT record) should look like:
TXT yourdomain.com v=spf1 include:_spf.google.com ~all

Hi thank you for the fast reply, I have spf including all senders in it, and Dmarc yes.
DKIM is set up as well… All in cloudflare.

As for the DKIM response in a test email, i get NO mention of DKIM at all in the header.

Can you clarify what you mean or how check about being authenticated as a user over SSL?

v=spf1 ip4:107.190.129.162 include:_spf.google.com include:mailchimpapp.net ~all

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCaYwubtwr78lDio83Cr7Xcfunvc1ZCgrDLFr7NjgTe0Q5hp2lXB289/9Ofoq7U2XJdHeL9t6nO9ZrrENYpPa2PHJdleI+dvAaJJLq/uUgi2NEmx9h1DUkTcxRd5R642sbeQzovSdTv4mnuudnEXcDlXR9vLUTEllD0QA7w8RPY9wIDAQAB

v=DMARC1; p=none; rua=mailto:*****[email protected]; pct=90; sp=none

Hm, thanks for feedback information.
At least, if recently added and setup, you should give it 24 hours to work from when you set this up.
The easiest way is to send a message from the email account you set this up for to another email service, preferably a reliable service that checks these records.
With the received email you’ll need to “view source”, “view headers”, or “view raw message”.

This will show you a lot of confusing looking text, but you’re looking for something like this.

Authentication-Results: mx3.messagingengine.com;
 dkim=pass (2048-bit rsa key) header.d=(removed).com [email protected](removed).com header.b=TIw/94Hh;
 dmarc=none (p=none) header.from=(removed);
 spf=pass smtp.mailfrom=(removed) smtp.helo=mail-it0-f67.google.com;
 x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net [email protected] header.b=Kax/fJce
Received-SPF: pass
 ((removed): Sender is authorized to use '(removed)' in 'mfrom' identity (mechanism 'include:_spf.google.com' matched))
 receiver=mx3.messagingengine.com;
 identity=mailfrom;
 envelope-from="(removed)";
 helo=mail-it0-f67.google.com;
 client-ip=209.85.214.67

If you see any failures you’ll need to do some problem solving. The list below contains excellent tools/websites to help diagnose email issues, for example checking if records exist, but at this point you may need to engage the services of a professional who really understands this area:

• https://toolbox.googleapps.com/apps/dig/
• https://ssl-tools.net/
• https://ssl-tools.net/mailservers
• https://ssl-tools.net/mails
• https://www.checktls.com/TestReceiver
• https://www.mail-tester.com/
• https://en.internet.nl/test-mail/
• https://intodns.com/
• https://powerdmarc.com/power-dmarc-toolbox/
• https://www.immuniweb.com/ssl/

The records have all been set for quite sometime now, years, but spf updated last week.

I appreciate your help in looking at the matter, have a nice day.

Do you have an SPF for your mail host?

ip4:107.190.129.162 indicates to me that you are also using your own host/origin IP to send/receive some emails.

In that case, using DKIM/SPF for Google Suite but sending/receiving some mail from your host/origin, maybe you would need to add an A record for mail pointing to your host/origin and SPF and/or DKIM (TXT records) for that too?

As far as I checked, SPF, DKIM and DMARC are correctly added and exist:

Tools - mail-tester.com.

Screenshot_2021-02-15 Tools - mail-tester com1201×913 26.2 KB

https://www.dmarcanalyzer.com/dmarc/dmarc-record-check/

Screenshot_2021-02-15 DMARC record Checker DMARC record Tester - Mimecast DMARC Analyzer1179×679 29.2 KB

Another thing google doesn’t like is unsecured mail so make sure you’re using TLS and if you can use S/MIME also when sending an e-mail out.
This could be due to already stated if you use SSL/TLS when sending an email Google Suite?
https://support.google.com/mail/answer/6330403?visit_id=1-636398499938248425-4159623148&p=tls&hl=en&rd=1

Or it’s just be a Google that needs some time to get the stuff updated on their side.

Thank you for all of your help, I will run through all of this and try to solve it,. Much appreciated.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.