SPF, DKIM, and DMARC

ecnal · December 19, 2023, 2:30am

I have looked and looked and I can’t find anything that gives me a step by step guide to setting up SPF, DKIM, and DMARC. I run mailinabox and my emails worked just fine until last weekend. All of the sudden every gmail address started getting rejected. I will include the bounce back message below. I am technical to a degree, but after two days of looking around the web and fumbling with my DNS at GoDaddy, I don’t think I am any closer to getting this configured correctly. If there is any documentation anyone can point me to I would REALLY appreciate it. I apparently need to get all three set up in order to assure delivery of my emails.

xxxxxxxxxxxx@gmail.com: host gmail-smtp-in.l.google.com[74.125.126.26] said:
550-5.7.26 This mail has been blocked because the sender is
unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with
either SPF or DKIM. 550-5.7.26 550-5.7.26 Authentication results:
550-5.7.26 DKIM = did not pass 550-5.7.26 SPF [xxxxx.xx] with ip:
[x.x.x.x] = did not pass 550-5.7.26 550-5.7.26 For instructions on
setting up authentication, go to 550 5.7.26
Email sender guidelines - Gmail Help
y18-20020a92d212000000b0035cb17df494si3428252ily.96 - gsmtp (in reply to
end of DATA command)

andrew · December 19, 2023, 10:01am

All the required records are known to MIAB. See Admin / External DNS for the full list.

If you’re using GoDaddy to host your DNS records, then all of those should be present at GoDaddy.

You can use something like https://dkimvalidator.com/ to check the records that really exist, but if you’ve got all the records shown under External DNS I wouldn’t expect any problems.

ecnal · December 20, 2023, 1:31am

Ha! I had no idea that even existed. Can I just copy it straight from that list into my domain DNS settings at my registrar? Is it really that easy?

andrew · December 20, 2023, 2:58am

I’ve not done it, but it looks that easy

ecnal · December 22, 2023, 12:03am

Thank you so much for pointing me in the right direction. The Google loves me again! Also, screw the Google, as they are the whole reason I run my own email server.

Thanks again for really realz, though. Merry Christmas or Happy Holidays or whatever.

davelmanning · December 22, 2023, 4:22pm

I have had the same issue with gmail. I went through the required domain validation and was verified but still gmail refuses all emails sent to gmail recipients. It also looks like gmail is requiring a 2048 character DKIM which is a problem since mail-in-a-box only provides for 256 characters. Anyone know a work-around for that?

vele · December 24, 2023, 11:08am

There is a workaround to verify your domain via mailjet or sendgrid with a 2048 key. Than paste the cname in your custom DNS. However, servers will complain that you have multiple DKIM entries. Gmail does support 1024 bit keys. Email sender guidelines - Gmail Help. Your issue with gmail might be something else. What error message are you reciving from the gmail servers?

davelmanning · December 24, 2023, 4:03pm

This is the email I receive when I send a test message to my gmail account from my private domain (which I’ve had for almost 30 years) and have my mail server on a cloud asset with a static IP address and have been sending emails to other friends for over 7 years with no issues. All my DNS, DKIM, DNSSEC are all set up, verified and working great. This just happened out of the blue this past week.

This is the mail system at host (my domain asset)

I’m sorry to have to inform you that your message could not
be delivered to one or more recipients. It’s attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

               The mail system

my gmail address host gmail-smtp-in.l.google.com[142.251.16.26] said:
550-5.7.1 [167.172.153.209] The IP you’re using to send mail is not
authorized 550-5.7.1 to send email directly to our servers. Please use the
SMTP relay at 550-5.7.1 your service provider instead. For more
information, go to 550 5.7.1
'The IP you're using to send email is not authorized...' - Gmail Help
g4-20020ac87f44000000b0042378c526a8si7520950qtk.569 - gsmtp (in reply to
end of DATA command)

I used the google tools to validate my domain and it was successfully verified. However I’m still getting bounced.

vele · December 24, 2023, 10:15pm

Your IP is a Digital Ocean IP address listed under UCEPROTECT- Level 3. There is nothing you can do about it until the entire block is delisted. The entire block is blacklisted by gmail. Check the reputation of your Digital Ocean IP here. UCEPROTECT®-Network - Spam Database Query
Under Level 3.
As workaround, until the IP reputation improves, read the last 2 posts how to setup a relay with sendgrid, mailgun or use Amazon maildelivery Oracle Cloud free tier smtp servers, etc. Digitalocean with Sendgrid SMTP Relay

system · February 2, 2024, 10:15pm

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.