On 24/08/2025 15:18, Viktor Dukhovni via mailop wrote:
On Sun, Aug 24, 2025 at 02:20:45PM +0100, Simplelists - Andy Beverley via
mailop wrote:
If failure to resolve SPF, DKIM, or DMARC related DNS records leads the
receiving MTA to issue a 5XX hard error, rather than a 4XX tempfail, the
receiving MTA (or its content inspection stack) is badly busted. As a
community with domain expertise, we need to make a fuss until any such
MTAs are fixed.
This is an example of the Gmail bounce we (very intermittently) see:
relay=gmail-smtp-in.l.google.com[142.251.16.27]:25, delay=2.9,
delays=0.1/0.21/0.63/2, dsn=5.7.25, status=bounced (host
gmail-smtp-in.l.google.com[142.251.16.27] said:
550-5.7.25 [91.234.234.172] The IP address sending this message does not have
a
550-5.7.25 PTR record setup, or the corresponding forward DNS entry does not
550-5.7.25 match the sending IP. As a policy, Gmail does not accept messages
550-5.7.25 from IPs with missing PTR records. For more information, go to
550-5.7.25 https://support.google.com/a?p=sender-guidelines-ip
550-5.7.25 To learn more about Gmail requirements for bulk senders, visit
550 5.7.25 https://support.google.com/a?p=sender-guidelines. - gsmtp
(in reply to end of DATA command))
This appears to suggest that Gmail's MTA encountered either NXDOMAIN for
the PTR query, which is not the case currently:
172.234.234.91.in-addr.arpa. IN PTR delivery102.simplelists.com.
or else the returned name unequivocally (different result or NXDOMAIN,
not SERVFAIL, ...) did not forward map to the same name, which is also
not the case currently:
delivery102.simplelists.com. IN A 91.234.234.172
I've just checked now and interestingly the deliveries to the same Gmail
server immediately before and immediately after succeeded. If it had
been an actual DNS error I would have expected more than one failure
because of caching (although who knows what's the other side of that
single IP address):
2025-08-19T15:00:26.602590+00:00 ...
relay=gmail-smtp-in.l.google.com[142.251.16.27]:25, delay=3.5,
delays=0.1/0.42/0.6/2.4, dsn=2.0.0, status=sent (250 2.0.0 OK ... - gsmtp)
2025-08-19T15:00:26.668032+00:00 ...
relay=gmail-smtp-in.l.google.com[142.251.16.27]:25, delay=2.8,
delays=0.11/1.2/0.62/0.82, dsn=5.7.25, status=bounced (host
gmail-smtp-in.l.google.com[142.251.16.27] said: 550-5.7.25
[91.234.234.172] The IP address sending this message does not have a
550-5.7.25 PTR record
2025-08-19T15:00:26.973530+00:00 ...
relay=gmail-smtp-in.l.google.com[142.251.16.27]:25, delay=3.2,
delays=0.1/1.1/0.67/1.3, dsn=2.0.0, status=sent (250 2.0.0 OK ... - gsmtp)
Had the relevant DNS queries resulted in timeouts or other transient
lookup problems, and the remote MTA were Postfix, the reject code would
have been a 4XX. I don't know that Gmail gets this right, but I'd be
surprised if they got it wrong, that'd be a serious bug, worth
contacting their engineering team about.
Anyone have a contact...?
Many thanks,
Andy
--
Andy Beverley
/CEO/
Simplelists Ltd
https://www.simplelists.com/ <https://www.simplelists.com/>
T: +44(0) 3333 409301
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
