Just to validate Simon's issue, we are working with a sender having the exact same issue. What's more, the domain clearly is *not* "likely suspicious due to the very low reputation of the sending domain", as the exact same sending domain has zero issue sending to Gmail from Mailchimp and Netsuite. It is *only* an issue when sending from Microsoft to Gmail. This sender is doing everything right, and their PMT generally looks great, but the outright rejection of email from Microsoft persists.
Our theory is that as they are being delivered from Mailchimp and Netsuite, which are bulk sends, the sender has been classified as "bulk sender" somewhere in the Gmail system, and so they are looking for unsub headers in the Microsoft-sent email (all of which are transactional, such as receipts, correspondence, etc.). It's the only thing that makes sense (for some value of 'sense'); either that or Gmail is complaining about the *Microsoft* domain from which these are being sent. (Again, all authentication is correct.) There is no dedicated IP address here because these are transactional emails, and Microsoft requires sending volumes of above 1million at least 3x a week. (So yeah, it could be the Microsoft domain about which Gmail is complaining but that somehow seems even less likely than the other theory.) Anne --- Anne P. Mitchell, Esq. Internet Law & Policy Attorney CEO Get to the Inbox by SuretyMail Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law) Creator of the term 'deliverability' and co-founder of the deliverability industry Author: The Email Deliverability Handbook Board of Directors, Denver Internet Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof. Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop Counsel Emeritus, eMail Abuse Prevention System (MAPS) > On May 20, 2024, at 8:55 AM, Michael Irvine via mailop <mailop@mailop.org> > wrote: > > Hi, > > Please share the Domain name and IP address that is having the issues so that > we can better assist. If possible, can you also share the email header of an > email that is failing. > > As for the error, Gmail is clearly seeing an issue with the domain in the > SPF and DKIM records. It is very possible that the SPF while correct, has too > much calls and does not complete the check. > > They have posted in their guide that in April 2024, they will start to BLOCK > emails that do not have the following > (https://support.google.com/a/answer/14229414?hl=en#bulk-sender-def&expiration&bulk-sender-comply&email-to-ws&ws-senders&timeline&timeline-new&from-header&reqs-not-met&alerts&error-codes&spam-rate&spam-exceeds&one-click-all-msgs&unsub-noshow&promotional&why-one-click&one-click-rfc8058&no-one-click&unsub-msg-body&no-unsub-spam&more-unsubscribe-links&howlong-unsubscribe&prevent-unsubscribe-all&unsub-unavailable&mailto&landing-page&dmarc-align&dmarc-fail&mitigation&mitigation-eligible&:~:text=Sender%20guidelines%20enforcement): > > The table below describes the enforcement timeline and will be updated as > needed: > Sender requirement > Enforcement > SPF and DKIM authentication > Gmail From: header impersonation > From: header alignment > Valid forward and reverse DNS records > Messages formatted according RFC 5322 > Messages sent using TLS > Temporary failures with error codes > > > Starting in April 2024, we’ll begin rejecting non-compliant traffic. > Rejection will be gradual and will impact non-compliant traffic only. We > strongly recommend senders use the temporary failure enforcement period to > make any changes required to become compliant. > Enforcement for these requirements will begin no earlier than June 2024: > • DMARC record with a minimum policy of none (p=none). Learn more about > DMARC record values. > • One-click unsubscribe in marketing messages > • Mitigations unavailable when user-reported spam rates exceed 0.3% or > if the sender has not met the authentication or one-click unsubscribe > requirements. > > Gmail is blocking you based on the information above and your error. > > > Michael Irvine > > From: mailop <mailop-boun...@mailop.org> On Behalf Of Simon Branch via mailop > Sent: Monday, May 20, 2024 01:26 > To: mailop@mailop.org > Subject: [mailop] Ongoing issue with sending emails to Gmail / Google hosted > domains from our MS 365 Tenant > > CAUTION: This email originated from outside of the organization. Do not click > any links or open attachments unless you recognize the sender and know the > content is safe. > > > Hello, > > This is my second time of posting about this issue, which involves messages > sent from our MS 365 Tenant being rejected by Google’s mail servers. > > Around the beginning of April, several of our users started to get messages > bouncing back, when sending messages to Google-hosted domains. > > The error received each time was as follows: > > Error: > 550 5.7.350 Remote server returned message detected as spam -> 550 5.7.1 > [2a01:111:f403:261b::701 19] Gmail has detected that this message;is likely > suspicious due to the very low reputation of the sending;domain. To best > protect our users from spam, the message has been;blocked. For more > information, go to; > https://support.google.com/mail/answer/188131af79cd13be357-792cf65c157si1015450885a.765 > - gsmtp > Message rejected by: > mx.google.com > > The same would happen when sending to any Gmail account. > > The first thing I checked was the SPF, DKIM and DMARC records, but found they > were all correct. > > So, I contacted Microsoft 365 Support for assistance. They looked at the > message, immediately blamed Google, and told me to speak to them. > > Unfortunately, there is no one to speak to at Google, unless your domain is > hosted with them. So I filled out several of Google’s email case reports, > none of which have been acted upon. > > Microsoft have tripled checked the SPF, DKIM and DMARC records and have > confirmed they are all correct and are baffled as to why it is not working. > > Each time I am told that it is a ‘Google Problem’ and we need to get out > domain whitelisted by them. > > We are now in the position whereby mails sent to these domains are either > rejected outright by Google’s servers or end up in users’ Spam folders. > > I registered with Google Postmaster Tools a few weeks ago and finally got > some analysis a few days ago, as follows: > > SPF and DKIM authentication > Needs work — Set up both SPF and DKIM authentication. > SPF prevents spammers from sending unauthorised messages that appear to be > from your domain. Receiving servers use DKIM to verify that the domain owner > actually sent the message. > From: header alignment > Needs work — Ensure that the From: header aligns with either SPF or DKIM > For direct mail, the domain in the sender's From: header must be aligned with > either the SPF domain or the DKIM domain. This is required to pass DMARC > alignment. > DMARC authentication > Compliant > Encryption > Compliant > User-reported spam rate > Compliant > DNS records > Compliant > > The above makes no sense to me, as it is suggested there is an issue with the > SPF and DKIM records and that the From header, yet all are correct. > > Everything else on the Google Postmaster Tools passes. > > Has anyone seen this before, and if so, is there a solution, as neither > Microsoft, nor Google will assist? > > Any advice would be much appreciated. > > Thanks, > > Simon > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
