Running fine for months, short listing at spamhaus, now google / gmail rejects all mail

Hi,

I searched around a bit and couldn’t find any other gmail topic with this specific error, so starting a new topic.

Background:

  • Set up a few months ago
  • Proper DMARC setup, emails were getting in just fine not marked as spam
  • Short listing at spamhaus under the category of low reputation / should not be sending mail
  • Put in request to remove the listing after proving ownership of domain/IP, request approved, listing removed
  • GMail now completely rejects messages, not even filing it as spam
  • Am listed in the UCEPROTECT3 but this seems to encompass all DigitalOcean IPs, and it wasnt an issue earlier

Wondering if this issue will eventually go away, or is this IP/domain now burned forever and I need to migrate to a new provider/IP?

Copy+Paste of UNDELIVERABLE error message from gmail

myemail@gmail.com>: host gmail-smtp-in.l.google.com[173.194.204.26] said:
550-5.7.1 [64.225.20.15] The IP you’re using to send mail is not authorized
to 550-5.7.1 send email directly to our servers. Please use the SMTP relay
at your 550-5.7.1 service provider instead. Learn more at 550 5.7.1
https://support.google.com/mail/?p=NotAuthorizedError h14si4556148qtu.151 -
gsmtp (in reply to end of DATA command)

Edit:
To add to this, i’ve seen recommendations to use sendgrid as a relay, and I understand that this will be overwritten with every upgrade, but I have not been able to find instructions on how to do this manually, any help would be appreciated.

Without providing the IP address, it is difficult to evaluate your specific situation.

For using a mail relay with MiaB because you are using a blacklisted IP address, you might just go ahead and migrate to a different IP address - verifying the new one is not on a blacklist before migration.

Not that it will necessarily help, but you can at least try DO customer support as in your case it sounds like an entire IP address block.

Note that DO has had IP address reputation issues for at least 9 years now (the first time I ever heard of them was someone complaining about being on a blacklist and not being able to get off).

Old habit to scrub any identifying info, the IP is 64.225.20.15, updating the main post as well.

DigitalOceans current stance is that while they don’t block you running a mail server, they also do not support it. What reading I’ve done on the UCEPROTECT3 blocklist is that its a mixed bag and no on really uses it, some have claimed its an extortion racket (though I personally wouldn’t go so far).

Did you try creating a Postmaster account with Google?

Also, are you blocked by other freemail providers?

I believe you’re talking about verifying your domain with google postmaster, which I’ve done

Verified them a while ago, looks like its been passing verification as well. Don’t really have other freemail accounts to test, though I can start trying, any specific ones you recommend?

My gut tells me this is a list cache issue, or at least I hope so, and the issue will resolve itself once google updates to the latest spamhaus list with my IP removed from it, but there’s no way to be sure so hoping someone has gone through this before.

I actually don’t know what can be done from the Postmaster account, I just know that Google recommends it.

Usually the biggest problem is Microsoft.

Just tested with Outlook, same exact error. Also tested against someone using Google to host their business email, also same error. Looks like this IP block has been burned for the time being, sucks, was running so well for such a long time. Any recommendations on how to set up a relay? Recommendations on relay services?

<myemail@outlook.com>: host outlook-com.olc.protection.outlook.com[104.47.5.33]
said: 550 5.7.1 Unfortunately, messages from [64.225.20.15] weren’t sent.
Please contact your Internet service provider since part of their network
is on our block list (S3140). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
[HE1EUR02FT054.eop-EUR02.prod.protection.outlook.com] (in reply to MAIL
FROM command)

However you may also consider making a snapshot of your server and moving it to a different IP address with DO. It is hard to predict if doing so will be useful or not.

UPDATE: RESOLVED

Hi All,

So I decided to to try to update the IP by saving a snapshot and building a new droplet from the snapshot. I figured I would also assign a floating IP so I can have a dedicated IP to reach my server even if the host IP changes. Most everything is working fine now, except it fails SPF.

Received-SPF: fail (google.com: domain of email@activenova does not designate 167.172.251.99 as permitted sender) client-ip=167.172.251.99;

Floating IP: 143.244.220.180
New MIAB IP: 167.172.251.99

I set up the instance to use the 143 address but since the mail actually originates from 167 its failing SPF. How do I add the 167 as an authorized host for SPF?

EDIT: I use external DNS provided by DigitalOcean, I updated all entries that have v=spf1 according the format specified by Including IP addresses in your SPF record – Validity Help Center.

It is now passing SPF and not going to spam. Thanks to all in this thread who took the time to help me. It is much appreciated.

1 Like