I would like to use both G Suite and mailgun to receive email.
For example:
a#bla.com -> G Suite gmail account
b#bla.com -> Handled by mailgun, since unknown to G Suite
For this I am pointing MX records of bla.com to G Suite and then routing unknown emails to mailgun using MX from another subdomain mail.bla.com
However I get the following error
Google tried to deliver your message, but it was rejected by the server for the recipient domain mail.bla.com by mxb.mailgun.org. [104.130.177.23].
The error that the other server returned was:
550 5.7.1 Relaying denied
Trying to do the same thing, I found that relaying for a domain will only be allowed, if it has (additional) MX records pointing to mailgun servers. Once mailgun had verified the MX records, I deleted them and relaying continued to work. However, it is unclear for how long, as mailgun may periodically attempt to re-verify them. Clearly not something suitable for productive use.
You should definitely never use multiple MX records on one domain.
You will confuse the servers which finally leads to inconsistency in your email traffic.
According to mailgun subdomain + MX records is one possible path to take.
Further read here ...
Related
I'm currently trying to get my head around an issue with our Shop's email setup. So far we were using G Suite for all our emails related to our domain abc.com.
# The History: #
Our WooCommerce Shop was utilising the wp_mail() PHP-Mail functionality to send transactional emails (e.g. Order received, Account created, ..) by our Webhoster. As we were facing more and more emails being send to our customers SPAM folders, we decided to move to a SMTP provider.
# The new Setup: #
We installed the WP SMTP Mail Plugin for Wordpress and chose Sendgrid as SMTP provider. We followed the instructions and were able to connect all three: Our WooCommerce Shop, WP Mail SMTP and Sendgrid.
# The problem: #
Now that we have the new setup running, things seem to be somehow messed up. I read that it is not allowed / not good practice to mix the MX-record setting for abc.com. But this is exactly what I did - what I had to do - to make both, Sendgrid and G Suite function.
Despite the fact that Sendgrid lists outbound emails from shop#abc.com in its activity dashboard, the actual email is signed by Gmail's default DKIM domain key: d=*.gappssmtp.com, which shouldn't be the case, right?
# The objective: #
Use Sendgrid to send outbound emails from shop#abc.com
Use G Suite to receive inbound emails to shop#abc.com
Use G Suite to send outbound emails from sarah#abc.com, ...
# Open Questions: #
Which MX-record shall I set for my top-level domain "abc.com" to make the setup work?
How should the SPF/DKIM/DMARC setup look like for this use case?
Should shop#abc.com still be an active G Suite group / Mailing list or must this be removed?
Bonus: Is it possible to send outbound emails from "shop#abc.com" from both Sendgrid and G Suite?
Bonus: Is it correct to perform a Single Sender Verification with Sendgrid for shop#abc.com?
# Additional information: #
DNS/MX-records required by G Suite:
Which DNS-record shall I set for my top-level domain "abc.com" to make the setup work?
I assume you are talking about MX records here. MX records tell the outside world which server incoming email should be delivered to, so you probably want the G-Suite settings here. Note that if you have more than one server listed (in the screenshot you have 5) delivery will be attempted first to the server with the lowest priority value and will stop whenever a delivery is successful. If 2 records have the same priority, which one gets tried first is up to the sender.
How should the SPF/DKIM/DMARC setup look like for this use case?
DMARC: This is a TXT record at _dmarc.yourdomain.com. It tells the recipient weather all, some, or none of the outgoing emails should be SPF/DKIM authenticated, what should happen to unauthenticated email (p=reject or p=quarantine), and optionally who to tell about authentication failures. In your case I would just use the one from Sendgrid, since both the one from Sendgrid and the one from G-Suite probably specify that all emails should be authenticated, and Sendgrid is the only one that really needs to get notifications for failures.
You can ask for reports to be sent to multiple addresses, but everyone on that list will get reports about all failed deliveries (G-Suite will get notifications about Sendgrid and Sendgrid will get notifications about G-Suite) and the spec says the people you are emailing don't have to send responses to anyone beyond the first 2.
SPF: This is a anti-spam tool that tells email recipients which email servers are the real email servers for your domain. You can only have one SPF record, but you can merge them. Understanding the syntax will make merging SPF records a lot easier, but essentially do this:
Remove v=spf1 from the beginning of both records
Remove -all or ~all from both records
Put both records together (separated by a space)
Remove duplicate entries (for example both records are likely to contain a and mx)
consider +foo and foo to be duplicates
Put v=spf1 on the beginning of your new combined record (there should be a space between it and the rest of the record)
Put ~all on the end of your new combined record (there should be a space between it and the rest of the record) (you can use -all if you want to be more aggressive in not allowing emails through from servers impersonating your domain rather than just sending them to spam)
DKIM: These records are cryptographic keys that can be used to sign emails. You can have more than one of these, and each one has a unique name. When G-suite sends an email it includes a signature using it's key and also specifies that the signature should be checked against the key named google. If your domain is example.com this key should be at google._domainkey.example.com. Sendgrid's key will be named something else. Include both keys as separate records.
Should shop#abc.com still be an active G Suite group / Mailing list or must this be removed?
I would keep it. You will still be able to send mail from it if you want, but more importantly it will catch any replies customers send to your automated emails.
Is it possible to send outbound emails from "shop#abc.com" from both Sendgrid and G Suite?
Yes
Is it correct to perform a Single Sender Verification with Sendgrid for shop#abc.com?
Sorry, I can't help you there. Everything up to this point has been generic advice about using 2 email providers, but that seems to be a Sendgrid specific thing.
I am creating a webservice with Mailgun to send out emails. It will BCC my own domain's email for every email sent out. Assuming my domain is "example.com". For every email sent out to a customer, say, customer1#gmail.com, I will BCC its content to sales#example.com.
Currently, the domain example.com and its email is hosted on a server with CPanel.
In Mailgun, I have added and verified the domain example.com. Using this domain, I've sent a mail to customer1#gmail.com and sales#example.com. The email is sent without issues to Gmail, however when sending to sales#example.com, I keep getting the error Server response: 550 550 Verification failed for <bounce+e0f051.e0179a-sales=example.com#example.com> No Such User Here.
What's baffling here is that if i send the email via Mailgun with another verified domain such as anotherexample.com, and then using this, I send my mail to sales#example.com. The email arrives perfectly fine without errors.
So far, the things I've tried:
Added Mailgun suggested SPF and DKIM
Modified SPF to include my CPanel server's IP (together with Mailgun SPF)
Deleted both the SPF and DKIM (one at a time and both at once)
Verified that the email sales#example.com exists. Using the CPanel webmail's interface, I can send and receive emails just fine.
Tried updating the CPanel MX entries Email routing from Local -> Automatic -> Remote. ("Local" works the best. If its set to "Remote", email sending and receiving doesnt work at all, even if mails are sent through Gmail/Hotmail).
My current MX settings are:
Priority 0: mail.example.com
My current Zone file records on CPanel:
example.com A <some ip>
mail.example.com A <same ip as above>
The code I am using to send mails via Mailgun (Ruby):
mg_client = Mailgun::Client.new 'xxxxxxxxxxx'
message_params = {:from => from_email,
:to => customer.email,
:bcc => bcc_email,
:subject => MessageTemplate.email_subject,
:text => message}
result = mg_client.send_message('example.com', message_params).to_h!
I currently do not have the SPF and DKIM records in the zone files. I've added and removed them and they had no effect on the error (still delivers fine to Gmail too).
I've spend the whole on this, scouring forums and whatnot but can't seem to find a solution.
If at all relevant, I have a 301 redirect of example.com to www.example.com(Which has a CNAME pointing to another server). But I've researched and found out that 301 redirect does not affect emails.
I don't think this is a send-side problem. You're sending to sales#example.com, but you're getting errors relating to bounce+e0f051.e0179a-sales=example.com#example.com, which is a typical VERP address. Now, VERP addresses are fine, so long as you're expecting them. Given that you are not apparently providing that explicit address to MailGun, I assume that they are generating that address automatically. I would check their documentation for how they generate return-path (envelope sender) addresses, and either override the sender address (with just sales#example.com), or configure handling of those VERP addresses on your own inbound mail server.
Here is a mailgun explanation
This error occurs due to what is termed Sender Address Verification (SAV). During SAV, an email server performs an MX lookup upon the domain (example.com) listed within the message envelope's Mail-From field. SAV typically rejects the message if,
the sender's (in this case, Mailgun's) MX records are not configured for that domain AND
the domain of the message envelope's Mail-From field does not match the domain of the message header's From field.
https://help.mailgun.com/hc/en-us/articles/360011804533-Sender-Verification-Error
The problem started suddenly. I have a problem that I can not solve when a random address send email to my domain martizi.com:
Technical details of permanent failure: Google tried to deliver your
message, but it was rejected by the server for the recipient domain
martizi.com by feedback-smtp.us-west-2.amazonses.com.
The error that the other server returned was: 550 Mailbox does not
exist!"
I use SES only to send email, just that. I want to be clear about the problem I'm having:
Use SES only to send email.
I have a corporate email that is provided by another company (here I can not receive the emails)
In my domain I have another MX address that is from the company email. Sometimes when someone tries to send email to some box # martizi.com, it returns with the error shown above.
I've seen a solution to this problem: Adding email from domains
SES panel> Domains> Mail From Domains> ...
After this he gives me an mx record to put in my domain, I put it, however it stays PENDING VERIFY and after 72 hours, it fails. I've done this twice and it does not check. Is this the solution?
TKS!
Either you are receiving email for martizi.com using SES, or you aren't.
You say that you aren't. This means you should not have this entry in DNS.
martizi.com. 3600 IN MX 10 feedback-smtp.us-west-2.amazonses.com.
With that entry, you're telling the world that feedback-smtp.us-west-2.amazonses.com. is one possible server (of several) that will accept incoming email addressed to martizi.com. That isn't the case, so the existence of this is a misconfiguration. Remove this entry.
I am using mailgun to send mail and am receiving this error message:
550 Requested action not taken: mailbox unavailable invalid DNS MX or A/AAAA resource record
when I send mail to certain domains. An example of a problematic domain is web.de
Sending to other domains via mailgun works just fine and in fact I am able to send mail to the problematic domain just fine from my own account (gmail).
In terms of DNS records, Mailgun indicates that my domain has been verified using TXT DNS records.My MX records point to another email provider that I am using to receive e-mail.
In case anyone was following this, it turns out the solution is to add MX records in your DNS to identify the Mailgun server. These are the records you'll want to associate with the subdomain mg.yourdomain.com:
mxa.mailgun.org 10
mxb.mailgun.org 10
The idea is that certain email servers do an MX lookup on the domain of the sender of the email (in this case mg.yourdomain.com). If those MX records do not exist, the server will reject the mail.
Note: in my case I already had separate MX records associated with my base domain (yourdomain.com) which were pointed to a different email client (not mailgun) that I was using to receive mail. So I was initially confused as to how/why I needed to add others, and whether it was valid. It turns out it is indeed valid (and this case, necessary) to have separate MX records for separate subdomains.
I have a question that I guess is not just related to SendGrid.
Say, I own the mydomain.com domain, and I want to be able to send emails from, for example, team#mydomain.com.
Right now, when I go and manage my domain, I can see that I have added some MX record values added there. By doing this, I am able to send email using Gmail.
However, with Sendgrid I find this a little bit more confusing. I have read through the documentation, but I fail to see what should I do. I am using NameCheap, and all it comes to my mind is the following:
If I want to use Sendgrid to send emails from my application (Ruby on Rails), will I still be able to access my Gmail account and send emails using the same address (team#mydomain.com)? Is it compatible to have both (Gmail and Sendgrid) configuration in my domain?
Why don't I need to add any MX records for SendGrid?
First and foremost, the MX records for your domain are used only to specify the hostnames of the servers to handle INCOMING mail for your domain - i.e. the MX records have nothing to do with the servers that are used to send outgoing mail. You can use both Gmail's outgoing mail servers and Sendgrid's outgoing mail servers (and any other outgoing SMTP servers for that matter) to send outgoing mail for you domain. The only caveat to this is if you have an SPF record setup for your domain, but you didn't mention one so I won't elaborate.
MX records, as stated previously, are for specifying a server that handles INCOMING emails. You can use Sendgrid to send outgoing emails together with an email account service like Gmail. With Gmail, you would both send and receive emails. With Sendgrid, you would only send emails.
the MX records for the domain would be specified as those for Gmail/Google. The trick is in correctly configuring the SPF records, which is a TXT type record in the domain name. In the SPF record, you would include both Gmail/Google info as well as Sendgrid info on the same line.
So, say you only used Gmail for sending and receiving email, your SPF record would look something like this:
v=spf1 include:_spf.google.com ~all
However, if you add another server from another service, say Sendgrid, in order to also send verified emails for that domain, the SPF would be altered to something like this:
v=spf1 include:_spf.google.com include:u826348.wl.sendgrid.net -all
In both of these examples, only the GMail/Google MX records would be added to the DNS records.