Hope to find a solution here.
I use lemlist to send automated e-mail, and it requires me to set up a DKIM, DMARC and SPF. My e-mail provider is 1and1.com (Ionos).
I did set up a DMARC and SPF record, but still can't make a DKIM, although I followed every guideline I could find on internet.
To sum it up : I created a public key and added a TXT record with the public key in it. DMARCLY can easily find the key and everything, but every time I refresh the DNS on lemlist, lemlist doesn't detect the DKIM, or should I say, there is no DKIM signature in my mails.
On some resources, I see a CNAME records, and it's not said to do so on the lemlist guideline.
Can anyone help me with that please ?
I tried possibly everything: TXT records, CNAME records, but none seems to work.
Related
Recently, emails being sent by my webapp are being marked as spam by Gmail. Possibly other providers as well. My webapp uses Sendgrid to send some system-related automated or user-triggered emails. When I first encountered this issue, I set up an SPF record within Amazon Route 53 that solved the problem.
About a week ago, these system emails started going into spam again. When I go to dmarcian.com and use their SPF Surveyor tool, the tool says that I do not have an SPF record for the domain.
I double-checked my dashboard in Sendgrid and the SPF records are verified on that end. I also set up link branding, added the requisite DNS records in Route 53, and verified them through Sendgrid. That did not fix the issue.
Here is the SPF record I have in Route 53:
v=spf1 mx a include:sendgrid.net -all
I have tweaked this from what is was previously in attempts to get this to work. It previously did not include the "mx a" tags but still provided the desired results.
I'm expecting these emails to show up in my regular inbox without a huge warning banner telling me they could be spam. Currently the emails arrive with that banner, or they just go straight to my spam folder and I have to mark them in both instances as not spam.
I'm a complete novice at this stuff, so if there's something I didn't include someone needs to see, please just let me know and I'll post whatever is needed.
I got this new security warning:
The domain lacks a DNS SPF policy record. SPF policies must to be
applied on every domain (including subdomains) having either an A,
AAAA or MX record. What can happen? An attacker will be able to spoof
emails originating from the domain, allowing for phishing attacks or
other scams.
I dont know about it and i tried nothing to fix it..
..Can anybody help me out to fix this issue?
Thank you :)
Patrick, just use this SPF Wizard to generate the DNS Records you need to bring your domain in compliance with that warning
I'm scoring 9/10 on mail-tester.com. My -1 comes from this,
"You do not have a DMARC record"
In my DNS (cPanel>"Advanced DNS Zone Editor") I have this DMARC record
_dmarc.mycooldomain.com. 14400 IN TXT "v=DMARC1; p=none; sp=none; ruf=mailto:myaddy#gmail.com; rf=afrf; pct=100; ri=86400"
my domain is really the correct domain in the actual DMARC record, and
myaddy#gmail.com is really the email for the cPanel/WHM account(a gmail addy), not the sender domain in the SPF record (e.g. info#mycooldomain.com). Does that matter?
otalliance.org/resources/spf-dmarc-tools-record-validator
Returns green, which I presume is good.
So is the issue with mail-tester.com, or my DMARC record?
Obviously, mycooldomain is not really your domain, so it's hard to verify what you posted, but based on what you posted, your RUF field will cause it to fail DMARC. If you send an email to mailtest#unlocktheinbox.com they have a really good DMARC tester, but unfortunately the DMARC results are not free. But I'm 100% sure that you're not following the standard on page 28 of the Dmarc Specification
Which reads
For example, if a DMARC policy query for "blue.example.com" contained
"rua=mailto:reports#red.example.net", the host extracted from the
latter ("red.example.net") does not match "blue.example.com", so this
procedure is enacted. A TXT query for
"blue.example.com._report._dmarc.red.example.net" is issued. If a
single reply comes back containing a tag of "v=DMARC1", then the
relationship between the two is confirmed. Moreover,
"red.example.net" has the opportunity to override the report
destination requested by "blue.example.com" if needed.
Since you're using a gmail account - there is no way your going to convince them to add a record on your behalf. So you need to choose a different RUF email address. Most likely one like dmarc#Mycooldomain then set up a forwarder to your gmail account if that's where you want the reports to go.
DNS changes are not available instantly. It can take hours until a new record will be visible to other servers. The DMARC entry you have posted seems to be valid except the "ruf=" email address. Here you must provide an email address assigned to your own domain.
Fix, wait and try again.
We are involved in the project which is designed to gather UK hotels details that our client needs to create a paper guide with most popular and top rated places in the country.
At the begining of each year we automatically send emails out to hotel owners in order to ask them to update their hotel details.
Unfortunately Client reported that some of hotels never received any of the emails nor that email ended up in spam, especially on hotmail mailbox.
Is there any known approach which could help us to overcome that situation?
One of the solutions we tried was to resign from local SMTP server and purchase external SMTP server on turboSMTP, but without effect.
How would you advise us to you deal with that problem or what have you advised to other companies in the past? Surely there must be a way to resolve that problem completely and we would appreciate your prompt help with that.
Sending an email to multiple recipients within the same company may sometimes have that effect. That company’s email firewall often assumes it’s a spam attack.
There's a lot of factors that come into this. Thankfully, by going for an external SMTP relay, you can offload most of the issues to them.
What you can do, is make sure your domain and emails are configured to increase their validity. Two really key things for this:
SPF records
DKIM signing
SPF
SPF is basically a whitelist of IPs that can send email for your domain. SPF records are added to your DNS server. There are plenty of SPF generators online that can help (like this one). Your SMTP provider will also need to be included in your SPF record.
DKIM
DKIM digitally signs your email to verify that it's been sent by an authorised sender. Your SMTP provider will have info on how to set that up (turboSMTP docs).
If you want to explore more, I recommend Jeff Atwood's (co-founder of SO) article on how horrible email is: http://blog.codinghorror.com/so-youd-like-to-send-some-email-through-code/
I am planing to use both Mandrill and MailChimp for my website, and I`m trying to set up the crazy SPF DKIM for both of them. At same time still keep my own email flowing In and Out :)
My current plan is :
SPF TXT Record
yourdomain.com
v=spf1 include:spf.mandrillapp.com include:servers.mcsv.net ?all
1 hour
And a DKIM Record (for only Mandrill)
mandrill._domainkey.yourdomain.com
k=rsa; p=*****
1 hour
Can anyone see any missing characters? And is MailChimp Domain still Valid?
Thanks for any help :)
you should be able to omit the Mandrill info from your SPF record, because it's already included by virtue of including the MailChimp one (that MailChimp record includes Mandrill, too). So you just need the include:servers.mcsv.net part.
Your SPF record might need some other info, too, though, depending on how you manage your regular mail, to specifically authorize your own servers to send the mail. For example, if you use Google Apps for your domain, you probably want to include the Google SPF information, too. That's going to be pretty dependent on your regular mail, so best to contact your email hosting provider for more details on how to handle it specific to them.