Hi Chandran, This email landed in my spam folder sorry to say (gmail).
Never set up a DMARC record...any tutorials you recommend (anyone)? Eric On Wed, Aug 28, 2019 at 10:16 PM ChandranManikandan <[email protected]> wrote: > Hi Friends, > > I have updated SPF and DMARC record into my DNS server after that the > email is delivered to inbox instead spam/junk folder. > > Please try to create SPF and DMARC record in your DNS servers > > On Wed, Aug 28, 2019 at 11:39 AM ChandranManikandan <[email protected]> > wrote: > >> Hi Friends, >> >> As per Andrew stats, i have checked all those points in my server. >> I have installed letsencrypt certificate in past two years without any >> issue and spf record validated and configured on the DNS server. >> DKIM also installed on my server well. >> >> When users send an email to gmail, some emails are going to inbox and >> some going to spam with the same my domain. >> >> I have no clue to setup the dmarc record in the dns server. >> >> Could anyone help me for the process of creating dmarc record. >> Do i need to create my server or dns server. >> >> My domain result for the reputation. >> >> MEDIUM REPUTATION >> >> Not suspicious. We have not seen any direct references to this email >> address, but the sender domain is highly reputable, and the email is >> deliverable. We've observed no malicious or suspicious activity from this >> address. >> >> >> >> curl emailrep.io/[email protected] >> >> { >> >> "email": "[email protected]", >> >> "reputation": "medium", >> >> "suspicious": false, >> >> "references": 0, >> >> "details": { >> >> "blacklisted": false, >> >> "malicious_activity": false, >> >> "malicious_activity_recent": false, >> >> "credentials_leaked": false, >> >> "credentials_leaked_recent": false, >> >> "data_breach": false, >> >> "first_seen": "never", >> >> "last_seen": "never", >> >> "domain_exists": true, >> >> "domain_reputation": "high", >> >> "new_domain": false, >> >> "days_since_domain_creation": 5524, >> >> "suspicious_tld": false, >> >> "spam": false, >> >> "free_provider": false, >> >> "disposable": false, >> >> "deliverable": true, >> >> "accept_all": false, >> >> "valid_mx": true, >> >> "spoofable": true, >> >> "spf_strict": true, >> >> "dmarc_enforced": false, >> >> "profiles": [] >> >> } >> >> } >> >> >> Appreciate of all your supporting. >> >> On Wed, Aug 28, 2019 at 8:49 AM Andrew Swartz <[email protected]> >> wrote: >> >>> This seems an issue mostly with server "suspiciousness", of which >>> reputation is a component. >>> >>> Of the factors effecting suspiciousness, only two are local to the smtp >>> server: >>> 1. DKIM signatures >>> 2. TLS certificates >>> >>> To address these, confirm that both are working properly: >>> 1. DKIM: send an email to a "dkim reflector" and then examine the email >>> you get back. This pages discusses: >>> >>> https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html >>> >>> 2. Use a proper TLS certificate. By proper, I mean one that verifies. >>> Therefore you need to either purchase one or use "Let's Encrypt". I've >>> been using Lets Encrypt certs for the last year without any problems. >>> Setting up the client is not difficult, and it subsequently auto-renews >>> every 60 days. >>> >>> The remaining factors are outside your server, but just as important: >>> 1. Reverse-DNS yields same result as the domain MX record. This is >>> known as FCRDNS (forward-confirmed reverse DNS). Additionally, that >>> result must not resemble a dynamic IP address (i.e. have the IP address >>> in the domain name). >>> 2. SPF is properly set up. >>> 3. DMARC set up and working properly. >>> 4. Age of the domain name. If created recently, that looks bad. >>> 5. Presence of IP on blacklists. That is not hard to check. If you >>> acquired an IP recently, it's former owner may have earned it a place on >>> a blacklist. Easiest fix for that seems to be to get a different IP. >>> >>> I'm curious to hear what others might add to this. >>> >>> A good place for ideas is to browse through the spamdyke.conf file and >>> think about all of the things it checks. Gmail is certainly using >>> similar data points, but with neural network analysis rather than simple >>> pass/fail rules. >>> >>> For those who have set up a second server to test things, there is a >>> good chance something above is not set up or does not support the new >>> server. Gone are the days when you can bring a new parallel server >>> online and start sending mails immediately. There are lots of "i's" to >>> dot and "t's" to cross before other servers will confidently accept your >>> mail. >>> >>> Another thought: >>> https://emailrep.io/ will give you a report about an email ADDRESS's >>> reputation. It is interesting. Here is the result for mine (I replaced >>> my email address for posting): >>> >>> curl emailrep.io/[email protected] >>> { >>> "email": "[email protected]", >>> "reputation": "low", >>> "suspicious": true, >>> "references": 1, >>> "details": { >>> "blacklisted": false, >>> "malicious_activity": false, >>> "malicious_activity_recent": false, >>> "credentials_leaked": false, >>> "credentials_leaked_recent": false, >>> "data_breach": false, >>> "first_seen": "never", >>> "last_seen": "never", >>> "domain_exists": true, >>> "domain_reputation": "low", >>> "new_domain": false, >>> "days_since_domain_creation": 5654, >>> "suspicious_tld": false, >>> "spam": false, >>> "free_provider": false, >>> "disposable": false, >>> "deliverable": false, >>> "accept_all": false, >>> "valid_mx": true, >>> "spoofable": false, >>> "spf_strict": true, >>> "dmarc_enforced": true, >>> "profiles": [] >>> } >>> } >>> >>> >>> Though my domain and address are over 10 years old and never been >>> blacklisted, the address gets a "low" reputation. I'm quite sure that >>> is because it has determined that my email address cannot accept emails. >>> But it is incorrect. After testing it a few times, I'm fairly >>> confident that it decides that mostly because it tries to connect to my >>> server from smtp25a.kickboxio.net, whose IP (72.249.58.154) is blocked >>> by Spamdyke due to being on some blacklist. Therefore it concludes that >>> I'm "risky". Also, they feel the risk is increased because my email has >>> never been seen on social media, in credential breaches, etc. But I >>> feel it is a triumph that I've kept my email address off of places where >>> spammers harvest addresses. >>> >>> Gmail is almost certainly considering all these factor and many more in >>> deciding whether an email is rejected, sent to spam folder, or sent to >>> inbox. That said, my wife uses gmail and we send numerous emails back >>> and forth daily without any problem. >>> >>> It used to be that setting up an smtp server was the hard part of >>> running your own server. But times have changed, and now factors >>> external to your network seem far more complicated and consequential >>> than the server itself. >>> >>> Again, I'm curious to hear other people thoughts. >>> >>> >>> -Andy >>> >>> PS: regarding the question of multiple certs, I do not see how that >>> could work on the toaster. And in general, smtp does not work that way. >>> The cert merely needs to be for the domain name pointed to by the MX >>> record of the destination domain. There is no requirement that the >>> destination domain be the name on the server certificate. Thus numerous >>> virtual domains all have MX records which point to the same server; that >>> server's cert merely needs to be for its own domain name, not those of >>> all its virtual domains. For incoming mail, when connecting to a server >>> and upgrading an smtp connection to a STARTTLS session, I don't think >>> that the STARTTLS command has a way to specify the destination address's >>> domain. That would need to happen for a server to know which >>> certificate to use. For outgoing mail, it is theoretically easy to do, >>> but someone would need to write a qmail patch to implement it. >>> >>> DKIM works differently: each virtual domain has it's own dkim signing >>> key. The toaster supports that, but it must be done manually (i.e. it >>> does not occur when creating domains with vqadmin). Adding that >>> functionality into vqadmin might be a good project for someone. >>> >>> I did not intend for this to be so long. It just happened. >>> >>> >>> >>> >>> >>> >>> >>> >>> On 8/26/2019 11:05 PM, Remo Mattei wrote: >>> > Ok guys.. needs some suggestions.. >>> > I found out that the client (apple Mail) does not honor the DKIM since >>> > gmail said failed. I tested with Outlook and web round cube and that >>> > does pass the email DKIM and the message does not go into the spam >>> > folder in fact. >>> > >>> > Any help will be great.. I also wonder if there is a way to setup >>> > multiple certs for the SMTP (per domain). >>> > >>> > Remo >>> > >>> >> On Aug 26, 2019, at 12:03, Tahnan Al Anas <[email protected] >>> >> <mailto:[email protected]>> wrote: >>> >> >>> >> Basically Gmail put mail in spam folder for various reasons, I have >>> >> found after hosing new domain in my qmail server, I need to check >>> spf, >>> >> dkim dmarc settings, even if all are ok, still gmail sent mail to >>> spam >>> >> folder, I need to check reverse forward record and also need to work >>> >> to improve domain reputation, this is not an issue with qmail server, >>> >> rather it is related with gmail's filtering. You have to work to >>> >> improve server and domain's reputation for that. >>> >> >>> >> Sometime I chat with google to get my other domain's mail in inbox by >>> >> sending them to gsuite account. >>> >> >>> >> >>> >> -- >>> >> -- >>> >> >>> >> Best Regards >>> >> Muhammad Tahnan Al Anas >>> >> >>> >> >>> >> On Mon, Aug 26, 2019 at 11:01 PM Eric Broch <[email protected] >>> >> <mailto:[email protected]>> wrote: >>> >> >>> >> Create a google (gmail) account if you don't have one. Send an >>> >> email to that account from the postmaster of the problematic >>> >> domain. Open message, go to three vertical dots to the upper right >>> >> of the interface, find 'show original', there you will see why >>> >> gmail spammed your message. >>> >> >>> >> On Mon, Aug 26, 2019 at 10:51 AM Remo Mattei <[email protected] >>> >> <mailto:[email protected]>> wrote: >>> >> >>> >> I just tested and I built a new qmail box >>> >> >>> >> >>> >> qmail-1.03-3.1.qt.el7.x86_64 >>> >> >>> >> The other two boxes >>> >> With >>> >> qmail-1.03-3.1.qt.el7.x86_64 >>> >> qmail-1.03-3.1.qt.el7.x86_64 >>> >> >>> >> So when sending from the new env which does not have any load >>> >> no production etc.. the gmail gets the message in the inbox >>> >> from the other two I get the msg on the spam folder.. I >>> >> wonder.. how is Google…. Check the messages.. The new box I >>> >> have even a domain called testdomain.com >>> >> <http://testdomain.com/> which it’s bogus!! But still in the >>> >> inbox. >>> >> >>> >> Any tips? >>> >> >>> >> Thanks >>> >> >>> >>> On Aug 25, 2019, at 21:10, ChandranManikandan >>> >>> <[email protected] <mailto:[email protected]>> wrote: >>> >>> >>> >>> Hi Folks, >>> >>> >>> >>> Emails are delivering to the spam or junk folder when users >>> >>> send to the recipients. >>> >>> Mostly it's all public domain like gmail,yahoo etc.. >>> >>> How to fix this issue in our server. >>> >>> Am using Centos 6 32 bit with qmailtoaster. >>> >>> Could anyone help me. >>> >>> >>> >>> -- >>> >>> */Regards, >>> >>> Manikandan.C >>> >>> /* >>> >> >>> > >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> >> >> -- >> >> >> *Regards,Manikandan.C* >> > > > -- > > > *Regards,Manikandan.C* >
