We have bought the google apps account for the domain www.amarramesh.com hosted by bluehost.com
As per the google apps suggestion, we altered the CNAME records in bluehost for the domain www.amarramesh.com to sync with google apps.
There is an issue when I send the mail through a PHP file stored in my Bluehost server. I tested the email quality through mail-tester.com and it says the DKIM signature is not valid because in the DKIM signature selector = "default" and suggests I should change to "google.domainkey". Due to this, many of the emails sent from the server are going into people's spam boxes. How do I make this change? This problem doesn't happen when email is sent from Gmail.
I have tried Php-mailer and it worked for some time but Bluehost has now blocked it.
Why do you want to send mail from another host if you're using GoogleApps?
DKIM's purpose is to allow remote hosts to authenticate that your mail was really sent by the server(s) you permit to send them. This prevents a spammer from forging your domain name on spam he is sending out. If it wasn't bounced off of servers you authorized in your DKIM DNS record, remote mail servers won't deliver it -- or maybe send it to the spam folder (provided they look at the DKIM header and DNS record).
It does this by putting a private key encrypted header on the mail, and the public key to decrypt it on the DNS record. If it can be decrypted successfully, then it is assumed to be legit (because the sender knew the private key).
This might help if you want to enable mail being sent from both hosts.
https://blogs.msdn.microsoft.com/tzink/2013/04/26/how-to-set-up-your-dkim-records-if-you-are-outsourcing-some-or-all-of-your-email/
Related
If I have a domain example.com that is using gsuite (DNS settings at registrar has gmail cnames, spf & txt records etc) and I have another service sending on behalf of the domain (Klaviyo). Do the gmail DKIM and DMARC settings help to strengthen the deliverability of those emails sent by the other service (Klaviyo)?
To answer your question: A DMARC reject or quarantine policy helps improve deliverability for all parties that send on behalf of your domain AND properly authenticate by SPF or DKIM, in alignment with your domain.
DKIM consists of a cryptographic key pair. You publish the public key on the Internet and you use the private key to sign headers of your outbound emails. This signing is done on the sending server. So unless Klaviyo is using Google servers to relay your messages, those messages are not being DKIM signed by Google.
You should follow the instructions provided by Klaviyo here, so that the emails you send from their platform, using your email domain, will authenticate properly and will NOT fail DMARC.
Update:
Say you own the domain myexample.com, then you should publish a TXT record at the root of that domain that looks like "v=spf1 include:_spf.google.com ~all". Additionally you can add any other services or servers to this record as you see fit. You don't need to add Klaviyo to your SPF record as they will try to authenticate from the send.myexample.com domain used in the bounce address. That is what you created the first CNAME for. It redirects to an SPF (and MX) record hosted at Sendgrid. Additionally, Klaviyo will authenticate those emails using DKIM.
In order to make DMARC work, you need to publish another TXT record at _dmarc.myexample.com, if you haven't already, looking like: "v=DMARC1;p=none;rua=mailto:DMARC#myexample.com;". Then you'll start receiving aggregate reports at the mailbox you supplied. Once you're confident you've included all required parties in your authentication scheme, you can move to a p=reject policy in order to protect your domain.
Yes, DKIM and DMARC settings do help deliverability.
I assume that Klaviyo does what my company Autoklose is doing as well, and that's using Gmail API to send the email in your name. That means that they only indirectly affect the sending process and the email itself is sent from Google servers and not Klaviyo's servers.
Also, you have to be aware that DKIM & DMARC are only two of the factors in successfully delivering your email. For example, having DKIM & DMARC correctly set gets you positive points but if your domain is blacklisted, it still might not get delivered.
I am sending emails through my domain and it receives to spam folder of clients. Even I heard that email sent to gmail account are also received to spam folder.
I check with my hosting provider for all necessary configuration related to email sending are configured correctly. I am using dedicated IP, separate cpanel account, PTR and DMARC are set properly and enabled valid DKIM and SPF records for my domain.
I also tested the spaminess of the domain using a third-party online tool and the results were 10/10 which means they are fully authenticated.
Another thing I double check the content of the messages with spam tables. The content of the email should not look like SPAM.
Please help me with this issue.
Best regards,
Vijay
since a few days our internal email info#ourdomain.com seems to go bananas and sends out emails to all sort of email addresses. Some of those emails bounce and we receive Mail Delivery Failed emails every minute.
Here is our setup:
Domain hosted at Germany's 1und1 provider
Nameserver configured on Amazon Route 53
MX server mx01.kundenserver.de and mx00.kundenserver.de
Rails application hosted on heroku
I called the support at 1und1 and they told me to set a SPF record which I did:
"v=spf1 a mx ~all"
after researching the topic via http://www.spf-record.de/
Unfortunately this did not resolve the problem.
Honestly I am cluesless now what to do to prevent this random email sending.
Our account could have been hacked but the password was already changed.
Any of your email account or script/code compromise can cause outgoing spam emails. If outgoing emails are originating from particular email account and you find large outgoing email account from particular email account, you should consider to reset the password of that email account immediately. Also, compromised email sending script/code can can cause outgoing spam.
If "from" email address on spam email is none of your existing account then "From" email address is getting authenticated from any of your existing email account for which you should inspect SMTP logs of mail server(you should have administrative access of mail server)
Mail server IP address should not be blacklisted,please check IP here :- http://mxtoolbox.com/blacklists.aspx
If IP address is blacklisted, you can request IP whitelist after you identify and fix the outgoing spam source as RBL keeps IP address blacklisted until they find the spamming activity relaxed.
SPF and PTR record should be correct so that email recipient server can trust the sender mail server.
Bounce back email and spam email header can help to identify the issue more preciously.
This happened to me before, I had a "refer a friend" feature on my website and someone use an automated script to send emails to a ton of people. My server wasn't comprised, it was just bad coding in the feature that I installed that allowed my mail server to send mail to different people on my behalf.
Since the email is coming from you, your SPF/DKIM will check out just fine.
So thing about all the points on your website that can send email and see if any of them can be compromised.
Also you'll want to do a blacklist scan, I use this service it does more then 200+ blacklist: https://www.unlocktheinbox.com/blacklist/bl/
Make sure you scan both your domain name and IP address. But before you take any action to remove yourself, you should wait 24 hours until after you fix the exploit on your system. Requesting removal and popping up again can get you permanently listed.
I am working on a web application, and am having trouble with the most basic of functions, sending an email. My email code does work, I can send to gmail, yahoo, and my work email address all day long. The problem is that when ever the web application attempts to send to an Apple iCloud email address, the email never makes it. I've checked the email server logs, and it does send, which would lead me to believe that Apple is somehow blocking my emails before they ever reach the user.
System Setup
Domain name purchased through GoDaddy. I set up a DNS A record to forward all traffic that hits that domain name to our virtual server, which is hosted at 1and1
The virtual server is a windows 2008 server. I set it up as an email server that actually sends the email itself, as opposed to relaying through GoDaddy.
Note: on the above, all i did was add a *. entry in the iis email configuration
Below is my PHP test code, that sends to every where with no problems, except iCloud.
mail("person#me.com", "test", "this is a plain test", 'From: Site <no- reply#domainname.com>');
Any help would be greatly appreciated!
Had a reverse DNS entry added for our server's IP address, and got the server's IP address taken off of Apple's blacklist.
We have custom cms that currently sits on a vendor's subdomain, such as cms.vendor.com. It sends email out as coming from user#vendor.com and it seems to be working fine (using Email Queuing + SwiftMailer)
Our vendor asked us to put in the functionality for his users to be able to select from a dropdown, 3-4 other emails address associated with them from other domains he owns. Basically we need to be able to send out emails from our server labeled as being sent from #hisdomains.com, multiple domains.
I am a web programmer and have no clue when it comes to relaying messages. How would I go about being able to send out emails from his other domains? Does he need to setup permissions on his mail servers, or do I need to get into his SMTP servers to send out?
What are some things I should look out for when it comes to SPAM and gmail trusting us?
EDIT:
Not sure if my original question was clear enough. Vendor owns three domains: mysite.com, myothersite.com, mythirdsite.com. He wants a user from our crm to be able to send emails he has on those domains. So my dedicated server will be trying to send an email out as user#mysite.com, user#myothersite.com, and user#mythirdsite.com in the FROM: header.
As long as your server is allowed to send on behalf of a domain your vendor owns, you should not have a problem; just change the From: header to something else when you send out the e-mail.
Stuff like SPF, Sender ID and DKIM have to be properly configured to allow your server to send on behalf of any domain.
See also: http://en.wikipedia.org/wiki/E-mail_authentication
Any domain where the mx record resolves to the same server will work. so user#any.domain will email the same user on the mx contingent server.
To answer your question - just make sure that the mx records in the DNS zone file for each domain name points to the same server as the domain you want to share emails on.
also dependent on server configuration (like shared or whatever) I'm assuming it's dedicated with a simple email server installed. I'm not sure on cPanel/shared servers. but possibly the same.