On 26/04/2021 10:16, Jeff Abrahamson wrote:
I'm seeing a disturbing (but minority) number of hosts that class our
mail is spam. After some digging, I've found an interesting test
case. What I'm uncertain of is if this represents a config error on
our side or a (grossly) misbehaving mail host elsewhere.
The interesting test case is a correspondent with a private domain
([email protected]) and a gmail address ([email protected]), both of
which deliver to his gmail address. That is, MX for example.com
points to mx01.1and1.fr but the mail is still delivered to
[email protected].
When I mail to [email protected], he receives the mail fine, and gmail
reports that SPF, DKIM, and DMARC all pass.
When I mail to [email protected], he receives the mail classed as
spam, gmail reports that SPF is neutral, DMARC fails (and DKIM passes).
Now what's odd is that gmail reports that SPF passes with the IP of my
MX, but in the other case that it fails with the address of
mout.kundenserver.de. We've confirmed that mout.kundernserver.de
handles mail to him via 1and1.fr, but not what could be causing an issue.
Mangling headers so badly to cause SPF/DMARC failures seems so
egregious that I'm inclined to think it's somehow our fault.
(Note: this is about mail for mobilitains.fr and not p27.eu.)
When the third party relays your mail from their own mailserver into
gmail it breaks SPF because gmail sees the email coming from the third
party mailserver IP, not from your IP. This is outside your control
unless you want to add all the 3rd party's outgoing email IPs as valid
for your SPF record, which is not advisable. But it should not be a
problem - gmail does not block emails purely on SPF failure. Nor should
anyone else IMO.
If you use DMARC then ensure that you DKIM-sign all your emails and they
will pass DMARC testing when they reach gmail via the 3rd party relay
(despite SPF failure), this may also improve the reputation of your
email domain within gmail.
