I'm attempting to help a client get their Google+ profile logo to display as the sender image in Gmail's grid view. I've gone over Google's documentation and I'm obviously missing something… The promotional image does come through so the schema code should be good.
I have verifed the following…
The Google+ Page shows as verified
The sending domain is a delegated subdomain of the verified domain
More than 1,000 emails a week are sent from this domain
Which just leaves the DKIM portion and it's here that I know nothing about what I should be checking. I know I can go into the source of a gmail email and see the following
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of xxxxxxxx.xxxxx#xxxxxx.xxxxx.com designates ###.#.###.### as permitted sender) smtp.mail=xxxxxxxx.xxxxx#xxxxxx.xxxxx.com;
dkim=pass header.i=#x.xxxxxxxx.com;
dmarc=pass (p=NONE dis=NONE) header.from=x.xxxxxxxx.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=xxxxxxxx; d=x.xxxxxxxx.com;
The problem here is I don't really know how to verify that this is correctly setup against the sending domain/company domain or really whatever else I should be checking.
Can someone please guide me through what I should be looking for here?
Just to be sure, do you know for certain that the page is verified? I thought ours was verified because it showed a little icon next to our web address, but it needs to be the little shield icon next to your logo image on the Google+ page.
As far as the email signing goes, it can either be DKIM or SPF, and it looks like both headers are found. They even use a DMARC header, good stuff! :)
Related
For example, I have:
example.com (in this domain I create account)
need.com (additional domain)
I want to give the users the ability to send emails as #need.com using alias in accounts settings.
The problem is that all messages go to spam with DMARC policies.
Authentication-Results: mx.google.com;
dkim=pass header.i=#need-com.20150623.gappssmtp.com header.s=20150623 header.b="y0qDXN/D";
spf=pass (google.com: domain of mailtest#example.com designates 209.85.220.41 as permitted sender)
smtp.mailfrom=mailtest#example.com;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=QUARANTINE) header.from=need.com
It is necessary to configure so that everything would work correctly with the quarantine DMARC policy. Is it possible? Maybe someone has a practical solution to this problem?
Presumably the problem is in the difference of headers but could not figure out how to solve it.
It seems Google Apps customers cannot test (self-to-self) Actions through Apps Script as outlined in this example: https://developers.google.com/gmail/markup/apps-script-tutorial#creating_the_project despite having a valid SPF.
According to https://developers.google.com/gmail/markup/registering-with-google you can send them self to self, and it should work without pre-registering, provided the email goes through SPF or DKIM authentication.
We have not set up DKIM, but we do have a valid SPF for our domain. The first part of our SPF record is:
v=spf1 include:_spf.google.com
When I follow the tutorial linked above and I receive the email, the header shows:
Received: from mail-it0-x245.google.com (mail-it0-x245.google.com. [2607:f8b0:4001:c0b::245])
by mx.google.com with ESMTPS id i196si1416642itc.102.2016.06.25.10.03.10
for <my email address>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Sat, 25 Jun 2016 10:03:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of 3trluvwgicd0sahffhmrzjqe.bnlsahffhmrzjqe.bnl#maestro.bounces.google.com designates 2607:f8b0:4001:c0b::245 as permitted sender) client-ip=2607:f8b0:4001:c0b::245;
Authentication-Results: mx.google.com;
dkim=pass header.i=#akrf-com.20150623.gappssmtp.com;
spf=pass (google.com: domain of 3trluvwgicd0sahffhmrzjqe.bnlsahffhmrzjqe.bnl#maestro.bounces.google.com designates 2607:f8b0:4001:c0b::245 as permitted sender) smtp.mailfrom=3TrluVwgICD0sahffhmrZjqe.bnlsahffhmrZjqe.bnl#maestro.bounces.google.com
Received: by mail-it0-x245.google.com with SMTP id 13so102904690itl.0
for <my email address>; Sat, 25 Jun 2016 10:03:10 -0700 (PDT)
According to the answer on this post (Actions Tutorial does not work despite SPF validation):
"The SPF domain must match the email sender domain.
If you are sending emails from myaccount#mydomain.com, the SPF domain must be mydomain.com.
Your headers show <host>#maestro.bounces.google.com
as the domain, update your domain configuration to sign emails properly and
you should be all set."
We have no control over how Apps Script generates email headers, so it seems Apps Script emails will always show #maestro.bounces.google.com.
Which finally brings my question: How can we test Actions via Apps Script if we cannot control the header? Apps Script triggered emails will always go through maestro.bounces.google.com, not [our domain].
Ultimately our goal is to use Actions entirely within our domain, and most likely through Apps Script each time. It would be great if Google Apps customers could allow Actions to pass (locked down for emails sent within the domain) through GA Control Panel, versus having to follow the very necessary restrictions imposed for domain-to-domain.
If there is another way for me to test this or something I've overlooked, please advise. Thanks!
Please try testing your schemas to see if your markup is working correctly end-to-end using the Email Markup Tester tool.
Once the markup is tested end-to-end with this technique and you are ready to launch your integration to production, check Registering with Google for the next steps.
Please note that you can only ignore the registration requirements if all emails where the sender and the recipient are the same account. Otherwise, you have to check Registering with Google.
Action tests that are not pre-registered are only testable self-to-self if you send them from personal (gmail.com) accounts. In order to make them work from a Google Apps for Work account, you currently need to register as if you were sending to someone else.
I've asked Google to open up this functionality so folks using work accounts can follow the tutorials, but if you are just learning this area, for now it is best to use a personal Gmail account.
Thanks Franco - your comment was the right answer but I could not see a way to mark it as such.
I have a VPS (Droplet) at DigitalOcean.
I am sending mail from a website, but I have configured PHP to use my SMTP server instead of just the usual PHP Mail().
I have DKIM, DMARC, SPF configured correctly.
Here are some of the relevant headers in my message:
Received-SPF: pass (google.com: domain of stockapi#lfto.me designates 104.236.231.177 as permitted sender) client-ip=104.236.231.177;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of stockapi#lfto.me designates 104.236.231.177 as permitted sender) smtp.mailfrom=stockapi#lfto.me;
dkim=pass header.i=#lfto.me;
dkim=pass header.i=#lfto.me;
dmarc=pass (p=QUARANTINE dis=NONE) header.from=lfto.me
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lfto.me; s=mail;
t=1452989846; bh=czrEg02FSPEvWjTq3enrcAZrxmaNPmFuwA/aUIJ/fNY=;
h=From:To:Date:Subject:From;
b=hQ/09WMZxJO692Lg7g/1TmOLbwWp2rMoHhl/P5Eb6auvhIjDG6tEYxgksg5qYBYEq
4NmPO9yddeW/JqLHCL4GWFafYGXorfA6oR/uqwwI0Jt6aflEJunFEVxxon8jvxiVp5
BsuxdU0vu7GPDH289L3Lf3/oG1nKrn22L2PcKreo=
According to these, it seems my message is passing all checks, but still is getting into the "spam" folder. What could be the problem?
Chiefly, to avoid a spam engine classifying your messages as spam you should:
Make sure they aren't spam (i.e. ensure that only users who have really opted in get mailed - make sure you keep an opt-in audit log)Make sure they don't look too much like spam - $$$ MAKE MONEY FAST is not a good subject lineEnsure that the sender address is not spoofed and does not appear to be spoofed. Use a domain that you are authorised to send from (add valid SPF records if you like)Not do anything that looks malware-ish (e.g. HTML emails containing scripts, forms, flash etc)
But by and large the main one is:
Do not send them from an IP address which is known for sending spam.
The last point means that YOU CANNOT USE SHARED HOSTING. Almost all shared hosting providers allow the sending of mails which don't conform to any of the above. Shared hosting providers' relays are almost always on lots of blacklists.
It only takes one vulnerable web app on your shared hosting for it to turn into a spam gateway - something which you can't afford.
It seems like most of the email from unlisted (the list is held by Google) IP addresses will go to junk folder in Gmail, even the sent email are valid according to SMTP.
In Gmail when you have an email from a newslist, you get a 'unsubscribe' link next to the email address, like this:
Google+ <noreply-67e4f7ae#plus.google.com> Unsubscribe
There is header named List-Unsubscribe: which identifies the url or email.
In gmail I can see original of email to see headers:
Received-SPF: pass (google.com: domain of root#domain.net designates 123.123.123.123 as permitted sender) client-ip=123.123.123.123;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of root#domain.net designates 123.123.123.123 as permitted sender) smtp.mail=root#domain.net;
dkim=pass header.i=#domain.com
List-Unsubscribe: <http://domain.com/uns.html?test=wdqwqw>
I have List-Unsubscribe header set, spf and dkim verification pass.
What can be wrong? Why gmail does not show unsubscribe link?
The unsubscribe option is only shown for senders with a high reputation:
This only works for some senders right now. We're actively encouraging
senders to support auto-unsubscribe — we think 100% should. We won't
provide the unsubscribe option on messages from spammers: we can't
trust that they'll actually unsubscribe you, and they might even send
you more spam. So you'll only see the unsubscribe option for senders
that we're pretty sure are not spammers and will actually honor your
unsubscribe request. We're being pretty conservative about which
senders to trust in the beginning; over time, we hope to offer the
ability to unsubscribe from more email.
Also note that the preferred list-unsubscribe method is mailto, not http. Outlook.com for example only honors mailto.
Another item to consider, it seems that if you've already clicked the unsubscribe link, it won't show you the link again. So if you're testing and don't see it after the first time, this could be why.
We are currently using a webapp that generates outbound emails, but are experiencing a few issues.
When the system sends an email directly to a Gmail user (eg. john.smith#domain.com) it is received fine. If the email is sent to a Google apps group (eg. finance#domain.com) it is never received by any of the group members.
The "finance#domain.com" propogates to approximately 6 users. I have reviewed the Spam folder for a few of them and the email still isn't there either.
If the Google engine does indeed classify the inbound email as spam for a Google group, what does it do with it?
Here's a snippet of the header showing that SPF passes:
Received-SPF: pass (google.com: domain of XXXX designates XXX.XXX.XXX.XXX as permitted sender) client-ip=XXXXX;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of XXXX designates XXX.XXX.XXX.XXX as permitted sender) smtp.mail=XXXXXXX
This could be an issue of the mail being marked as spam by the Group, not the users. Essentially, when you leave spam on for a group, it'll get checked there and also at the user level. More informaiton about this can be found here.
If that doesn't seem to be the root cause, I would check at the Email log search within the Admin console to see what's going on with a bit more detail.
Hope this helps!