Re: Email accounts which I have used for years are now bouncing mail
Hi Jason, Thanks for that link to the testing tool, with help here on LUV I managed to get some email improvement. I still have issues with 2 email accounts. I decided to run the tool, and to my horror my setup is only 37% OK. IPV6 is required for a start and although MelbourneIT are hosting the domain my email is managed elsewhere. Thanks for your suggestion, I can now measure each step to success. Andrew On 29/5/23 09:04, Jason White wrote: On 28/5/23 03:01, Rohan McLeod via luv-main wrote: Andrew my impression of the bad email situation is that somehow the technical fixes are themselves the problems; I have found the testing tool at internet.nl to e useful in making sure that SPF, DKIM, DMARC, DNSSec and DANE are all configured properly. My mail server receives a 100% score - or, at least, it did when I last ran the test. ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
Re: Email accounts which I have used for years are now bouncing mail
Hi Tony Reading the conversation with Andrew McGlashan, I logged in again and made the change. Buoyed by earlier success I ran the dig command but the change has not yet been performed. The TXT entry is accurate, however. On 28/5/23 19:34, Tony White via luv-main wrote: Hi Andrew, Correct, the spf record should have a hard fail not the soft fail. So change the ~all to -all. I missed it, my bad. The short TTL is, just that, short to ensure we can catch errors. They do happen. When they are all set correctly update the TTL to another value. Thank you for noticing the soft fail. regards Anthony White On 28/5/23 18:58, Andrew McGlashan via luv-main wrote: Hi, On 28/5/23 5:29 pm, Tony White via luv-main wrote: > Hi Andrew, Login to your Registrar site ie Melbourne IT and look for Manage your Domain. Open this and look for CPanel > Console. Once there find Zone Manager, Zone Records or Zone Editor. > Add a new record to your Zone. Look for TXT record. Leave the domain empty select TXT from the drop down list. In the > filed to its right insert the value > -- snip --- v=spf1 ip4:203.170.84.161 ~all -- end snip -- NOO! Please be sure about what the rule should be a dn do a hard fail if it isn't met correctly with "-all" at the end of the TXT record. It sure seems that SPF, DKIM and DMARC have become necessary because of all the bad actors around these days. Running mail servers today means dealing with a significant amount of rubbish and mostly because the "world" isn't using SPF definitions properly and respecting the rules set. My servers strike hard on email that fails SPF, now, at long last, Google is finally doing that. It is very sad that we need these "extras", but they are there for good reason; work with them and you'll have much better ability for delivery of emails -- fail to work with them and more will fail to deliver. One thing I hate about DKIM though, is that it only applies to emails leaving a server, destined for a different server; that is, same server to same server emails don't get signed :( - I wonder if that is the case with Google mail server to Google mail server too; I don't know. > change the TTL value to 3600 then save. Why so short for TTL? If you are confident that you have the settings correct after testing, then the TTL should be at least 86400 (a day). > The DNS will be updated in an hour or so. Seems to be quick these days, but delays can still occur. > To check it is done use the following command in the cli. > dig TXT algphoto.com.au (press enter) > you should see something like this... > algphoto.com.au 3400 IN TXT "v=spf1 ip4:203.170.84.161 ~all" > If little of this makes sense I apologise. I can help you remotely if you would like. When you think you have the settings right, send an email to the following address to get a report: check-a...@verifier.port25.com Have a short TTL (600 perhaps, 10 minutes), until you are sure you have everything setup correctly. btw SPF is most often broken with the mass mailers and those responsible for the domain name can't get the simple things right. Stop using big tech, or, at the very least, use it properly. Avoiding SPAM and other rubbish from Google, Outlook and AmazonSES is neigh on impossible as the bad guys often do a better job of setting up SPF, DKIM and DMARC than the vast majority of domain administrators! I could go on about service providers, so many allow so much rubbish to traverse their networks, it is a real problem. > regards Anthony White Cheers AndrewM > ___ > luv-main mailing list -- luv-main@luv.asn.au > To unsubscribe send an email to luv-main-le...@luv.asn.au ___ luv-main mailing list --luv-main@luv.asn.au To unsubscribe send an email toluv-main-le...@luv.asn.au___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
Re: Email accounts which I have used for years are now bouncing mail
On 28/5/23 03:01, Rohan McLeod via luv-main wrote: Andrew my impression of the bad email situation is that somehow the technical fixes are themselves the problems; I have found the testing tool at internet.nl to e useful in making sure that SPF, DKIM, DMARC, DNSSec and DANE are all configured properly. My mail server receives a 100% score - or, at least, it did when I last ran the test. ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
Re: Email accounts which I have used for years are now bouncing mail
On Sun, May 28, 2023 at 05:29:13PM +1000, Tony White wrote: > Add a new record to your Zone. Look for TXT record. Leave the > domain empty select TXT from the drop down list. In the filed > to its right insert the value > > -- snip --- > v=spf1 ip4:203.170.84.161 ~all > -- end snip -- That should be "-all", not "~all" (a minus sign, not a tilde). Also, while that IP address is correct for mail.algphoto.com.au (which is the MX for the domain, so is the designated address for the server **receiving** mail for that domain), it's not necessarily the IP address of the client host sending the email. The SPF TXT record should list **ALL** addresses that can legitimately claim to be sending mail from the algphoto.com.au domain. If mail from algphoto.com.au is only ever sent from 203.170.84.161 then that SPF TXT record is fine. If not, either configure client machines to relay through that server (with appropriate authentication as required) or add other required addresses to the SPF record. > change the TTL value to 3600 then save. > > The DNS will be updated in an hour or so. No, it won't. The zone will be updated as soon as it has been edited. Other DNS resolvers may have your some of your records cached due to prior queries, and it will take time (whatever's left of the TTL since the last query was made) for those cached entries to expire. Changing the TTL will only affect lookup requests by DNS resolvers that haven't already cached any of your DNS records. Setting the TTL to anything less than a day (86400 seconds) or half a day is not recommended for normal operation. This will just make other servers query your domain more often, defeating the purpose of a cache. A fairly common procedure when making significant changes to a domain is to set the TTL to a low value, say 5 minutes, *before* changing it, then waiting for the old TTL to expire (e.g. if it was set to 86400, you'll need to change the TTL at least a day before your changing your domain), and then make the changes. Later, set it back to 86400 or longer. This is really only needed when moving your NS or MX hosts, or when moving to another ISP (if you don't own your own IP addresses). Or just go ahead and edit your domain and don't worry about the TTL (for changing an SPF record, I wouldn't worry about it). The only real use for lowering the TTL is to make it easier for you to quickly fix any mistakes you might make, as they won't be cached for long. Worth noting: the cache TTL for NXDOMAIN negative responses (i.e. when requesting a record that does not exist) is usually much shorter than the TTL for a positive response, typically anywhere from 30 seconds to 15 minutes, rather than a day. So if the domain didn't previously have a TXT record, it won't be cached for long anyway. Also note that many DNS resolvers completely ignore domain TTLs and just cache the records (positive or negative or both) for however long they want, sometimes days or even weeks. This is broken but unfortunately common. It's also arguable that whoever owns those DNS servers have every right to configure the caching on their servers however they like. There's nothing you can do about it, anyway, because the caching happens on servers you have no access to or control over. craig -- craig sanders ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
Re: Email accounts which I have used for years are now bouncing mail
Dear Tony, I Logged in and changed my password (altered from a pass phrase as they do not allow spaces) and fished around, came across the manage field and installed the text. 5 minutes later I issued the dig command and was rewarded with a result. Thanks very much Andrew On 28/5/23 17:31, Tony White via luv-main wrote: Andrew, This explanation may be better for you. https://support.melbourneit.au/s/article/How-do-I-create-TXT-SPF-Records My offer of help still stands though. regards Anthony White On 28/5/23 17:10, Andrew Greig via luv-main wrote: Thanks Tony, I have been on this mailing list since 2003, but only as a user, not a sys admin, how do I create an SPF record and what do I do with it? Please. Kind regards On Sun, 28 May 2023, 17:05 Tony White via luv-main, wrote: Hi, Nic is correct add an SPF txt record and gmail will be happy again. dig txt algphoto.com.au ; <<>> DiG 9.11.3-1ubuntu1.18-Ubuntu <<>> txt algphoto.com.au ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45699 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;algphoto.com.au.INTXT ;; AUTHORITY SECTION: algphoto.com.au.3600INSOAns1.melbourneit.net. admin.melbourneit.net. 2018121411 86400 7200 360 172800 ;; Query time: 49 msec ;; SERVER: 10.2.1.253#53(10.2.1.253) ;; WHEN: Sun May 28 17:00:37 AEST 2023 ;; MSG SIZE rcvd: 105 regards Anthony White On 28/5/23 16:56, Nic Baxter via luv-main wrote: Andrew Quick glance. You are sending from algphoto.com.au and Gmail won't authenticate the emails without SPF or DKIM configured and working. This may be a new requirement. Cheers Nic On 28 May 2023 4:24:20 pm AEST, Andrew Greig via luv-main wrote: Hi all I have using several email addresses for several years now but over the past few months my mails are being bounced. My email address is noted as authenticated but my message is described as unsafe. For goodness sake, I am just arranging the details of an appointment. Google Meeting request never gets through any more. and that from a gmail address to a gmail address. Strangely, the email works from this server. The error message at the end of the link feels like it is intended to be decyphered by a sys adminand not a common user (like me) Sending of the message failed. An error occurred while sending mail. The mail server responded: Authentication Required. Learn more athttps://support.google.com/mail/?p=WantAuthError d7-20020a170902cec700b001a52974700dsm5743554plg.174 - gsmtp. Please verify that your email address is correct in your account settings and try again. And another version: This message was created automatically by mail delivery software. Sorry, the message you're trying to send cannot be delivered to one or more recipients. The address may be invalid or mistyped. Please view the error below: : 550 This mail is unauthenticated, which poses a security risk to the Reporting-MTA: dns; mail-1k-r77.ipv4.per01.ds.network Received-from-MTA: dns; cp-wc92.per01.ds.network (185.184.155.89) Arrival-Date: Sun, 28 May 2023 13:36:32 +0800 X-Original-ID: 9a76e031-fd19-11ed-9f34-d094665788dc Final-Recipient:rfc822;argilderdal...@gmail.com Action: failed Status: 5.7.26 Remote-MTA: dns; gmail-smtp-in.l.google.com (142.251.12.27) Diagnostic-Code: smtp; 550 5.7.26 This mail is unauthenticated, which poses a security risk to the sender and Gmail users, and has been blocked. The sender must authenticate with at least one of SPF or DKIM. For this message, DKIM checks did not pass and SPF check for [algphoto.com.au] did not pass with ip: [27.111.89.56]. The sender should visithttps://support.google.com/mail/answer/81126#authentication for instructions on setting up authentication. z13-20020aa79f8d00b0063f1582c50bsi7743488pfr.338 - gsmtp (in reply to EOD command) There is more but it may reveal too much for the intended receiver. Let me know how much you need ___ luv-main mailing list --luv-main@luv.asn.au To unsubscribe send an email toluv-main-le...@luv.asn.au ___ luv-main mailing list --luv-main@luv.asn.au To unsubscribe send an email toluv-main-le...@luv.asn.au ___ luv-main mailing list --luv-main@luv.asn.au To unsubscribe send an email toluv-main-le...@luv.asn.au ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
Re: Email accounts which I have used for years are now bouncing mail
Hi Andrew, Correct, the spf record should have a hard fail not the soft fail. So change the ~all to -all. I missed it, my bad. The short TTL is, just that, short to ensure we can catch errors. They do happen. When they are all set correctly update the TTL to another value. Thank you for noticing the soft fail. regards Anthony White On 28/5/23 18:58, Andrew McGlashan via luv-main wrote: Hi, On 28/5/23 5:29 pm, Tony White via luv-main wrote: > Hi Andrew, Login to your Registrar site ie Melbourne IT and look for Manage your Domain. Open this and look for CPanel > Console. Once there find Zone Manager, Zone Records or Zone Editor. > Add a new record to your Zone. Look for TXT record. Leave the domain empty select TXT from the drop down list. In the > filed to its right insert the value > -- snip --- v=spf1 ip4:203.170.84.161 ~all -- end snip -- NOO! Please be sure about what the rule should be a dn do a hard fail if it isn't met correctly with "-all" at the end of the TXT record. It sure seems that SPF, DKIM and DMARC have become necessary because of all the bad actors around these days. Running mail servers today means dealing with a significant amount of rubbish and mostly because the "world" isn't using SPF definitions properly and respecting the rules set. My servers strike hard on email that fails SPF, now, at long last, Google is finally doing that. It is very sad that we need these "extras", but they are there for good reason; work with them and you'll have much better ability for delivery of emails -- fail to work with them and more will fail to deliver. One thing I hate about DKIM though, is that it only applies to emails leaving a server, destined for a different server; that is, same server to same server emails don't get signed :( - I wonder if that is the case with Google mail server to Google mail server too; I don't know. > change the TTL value to 3600 then save. Why so short for TTL? If you are confident that you have the settings correct after testing, then the TTL should be at least 86400 (a day). > The DNS will be updated in an hour or so. Seems to be quick these days, but delays can still occur. > To check it is done use the following command in the cli. > dig TXT algphoto.com.au (press enter) > you should see something like this... > algphoto.com.au 3400 IN TXT "v=spf1 ip4:203.170.84.161 ~all" > If little of this makes sense I apologise. I can help you remotely if you would like. When you think you have the settings right, send an email to the following address to get a report: check-a...@verifier.port25.com Have a short TTL (600 perhaps, 10 minutes), until you are sure you have everything setup correctly. btw SPF is most often broken with the mass mailers and those responsible for the domain name can't get the simple things right. Stop using big tech, or, at the very least, use it properly. Avoiding SPAM and other rubbish from Google, Outlook and AmazonSES is neigh on impossible as the bad guys often do a better job of setting up SPF, DKIM and DMARC than the vast majority of domain administrators! I could go on about service providers, so many allow so much rubbish to traverse their networks, it is a real problem. > regards Anthony White Cheers AndrewM ___ > luv-main mailing list -- luv-main@luv.asn.au > To unsubscribe send an email to luv-main-le...@luv.asn.au ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
Re: Email accounts which I have used for years are now bouncing mail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 28/5/23 5:29 pm, Tony White via luv-main wrote: > Hi Andrew, Login to your Registrar site ie Melbourne IT and look for Manage > your Domain. Open this and look for CPanel > Console. Once there find Zone Manager, Zone Records or Zone Editor. > > Add a new record to your Zone. Look for TXT record. Leave the domain empty > select TXT from the drop down list. In the > filed to its right insert the value > > -- snip --- v=spf1 ip4:203.170.84.161 ~all -- end snip -- NOO! Please be sure about what the rule should be a dn do a hard fail if it isn't met correctly with "-all" at the end of the TXT record. It sure seems that SPF, DKIM and DMARC have become necessary because of all the bad actors around these days. Running mail servers today means dealing with a significant amount of rubbish and mostly because the "world" isn't using SPF definitions properly and respecting the rules set. My servers strike hard on email that fails SPF, now, at long last, Google is finally doing that. It is very sad that we need these "extras", but they are there for good reason; work with them and you'll have much better ability for delivery of emails -- fail to work with them and more will fail to deliver. One thing I hate about DKIM though, is that it only applies to emails leaving a server, destined for a different server; that is, same server to same server emails don't get signed :( - I wonder if that is the case with Google mail server to Google mail server too; I don't know. > change the TTL value to 3600 then save. Why so short for TTL? If you are confident that you have the settings correct after testing, then the TTL should be at least 86400 (a day). > The DNS will be updated in an hour or so. Seems to be quick these days, but delays can still occur. > To check it is done use the following command in the cli. > > dig TXT algphoto.com.au (press enter) > > you should see something like this... > > algphoto.com.au 3400 IN TXT "v=spf1 ip4:203.170.84.161 ~all" > > If little of this makes sense I apologise. I can help you remotely if you > would like. When you think you have the settings right, send an email to the following address to get a report: check-a...@verifier.port25.com Have a short TTL (600 perhaps, 10 minutes), until you are sure you have everything setup correctly. btw SPF is most often broken with the mass mailers and those responsible for the domain name can't get the simple things right. Stop using big tech, or, at the very least, use it properly. Avoiding SPAM and other rubbish from Google, Outlook and AmazonSES is neigh on impossible as the bad guys often do a better job of setting up SPF, DKIM and DMARC than the vast majority of domain administrators! I could go on about service providers, so many allow so much rubbish to traverse their networks, it is a real problem. > regards Anthony White Cheers AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCZHMXmAAKCRCoFmvLt+/i +8JSAQCESm6roGxuVeTFFYokjPDS9kGDdBnvCmk/SW9n8HIDIgD/ZmY2f/tGPKoc jn+Do9vZZ2VNsEg2hZIkLzmrpVq5IXQ= =IzaR -END PGP SIGNATURE- ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
Re: Email accounts which I have used for years are now bouncing mail
Andrew, This explanation may be better for you. https://support.melbourneit.au/s/article/How-do-I-create-TXT-SPF-Records My offer of help still stands though. regards Anthony White On 28/5/23 17:10, Andrew Greig via luv-main wrote: Thanks Tony, I have been on this mailing list since 2003, but only as a user, not a sys admin, how do I create an SPF record and what do I do with it? Please. Kind regards On Sun, 28 May 2023, 17:05 Tony White via luv-main, wrote: Hi, Nic is correct add an SPF txt record and gmail will be happy again. dig txt algphoto.com.au ; <<>> DiG 9.11.3-1ubuntu1.18-Ubuntu <<>> txt algphoto.com.au ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45699 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;algphoto.com.au.INTXT ;; AUTHORITY SECTION: algphoto.com.au.3600INSOAns1.melbourneit.net. admin.melbourneit.net. 2018121411 86400 7200 360 172800 ;; Query time: 49 msec ;; SERVER: 10.2.1.253#53(10.2.1.253) ;; WHEN: Sun May 28 17:00:37 AEST 2023 ;; MSG SIZE rcvd: 105 regards Anthony White On 28/5/23 16:56, Nic Baxter via luv-main wrote: Andrew Quick glance. You are sending from algphoto.com.au and Gmail won't authenticate the emails without SPF or DKIM configured and working. This may be a new requirement. Cheers Nic On 28 May 2023 4:24:20 pm AEST, Andrew Greig via luv-main wrote: Hi all I have using several email addresses for several years now but over the past few months my mails are being bounced. My email address is noted as authenticated but my message is described as unsafe. For goodness sake, I am just arranging the details of an appointment. Google Meeting request never gets through any more. and that from a gmail address to a gmail address. Strangely, the email works from this server. The error message at the end of the link feels like it is intended to be decyphered by a sys adminand not a common user (like me) Sending of the message failed. An error occurred while sending mail. The mail server responded: Authentication Required. Learn more athttps://support.google.com/mail/?p=WantAuthError d7-20020a170902cec700b001a52974700dsm5743554plg.174 - gsmtp. Please verify that your email address is correct in your account settings and try again. And another version: This message was created automatically by mail delivery software. Sorry, the message you're trying to send cannot be delivered to one or more recipients. The address may be invalid or mistyped. Please view the error below: : 550 This mail is unauthenticated, which poses a security risk to the Reporting-MTA: dns; mail-1k-r77.ipv4.per01.ds.network Received-from-MTA: dns; cp-wc92.per01.ds.network (185.184.155.89) Arrival-Date: Sun, 28 May 2023 13:36:32 +0800 X-Original-ID: 9a76e031-fd19-11ed-9f34-d094665788dc Final-Recipient:rfc822;argilderdal...@gmail.com Action: failed Status: 5.7.26 Remote-MTA: dns; gmail-smtp-in.l.google.com (142.251.12.27) Diagnostic-Code: smtp; 550 5.7.26 This mail is unauthenticated, which poses a security risk to the sender and Gmail users, and has been blocked. The sender must authenticate with at least one of SPF or DKIM. For this message, DKIM checks did not pass and SPF check for [algphoto.com.au] did not pass with ip: [27.111.89.56]. The sender should visithttps://support.google.com/mail/answer/81126#authentication for instructions on setting up authentication. z13-20020aa79f8d00b0063f1582c50bsi7743488pfr.338 - gsmtp (in reply to EOD command) There is more but it may reveal too much for the intended receiver. Let me know how much you need ___ luv-main mailing list --luv-main@luv.asn.au To unsubscribe send an email toluv-main-le...@luv.asn.au ___ luv-main mailing list --luv-main@luv.asn.au To unsubscribe send an email toluv-main-le...@luv.asn.au ___ luv-main mailing list --luv-main@luv.asn.au To unsubscribe send an email toluv-main-le...@luv.asn.au ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
Re: Email accounts which I have used for years are now bouncing mail
Hi Andrew, Login to your Registrar site ie Melbourne IT and look for Manage your Domain. Open this and look for CPanel Console. Once there find Zone Manager, Zone Records or Zone Editor. Add a new record to your Zone. Look for TXT record. Leave the domain empty select TXT from the drop down list. In the filed to its right insert the value -- snip --- v=spf1 ip4:203.170.84.161 ~all -- end snip -- change the TTL value to 3600 then save. The DNS will be updated in an hour or so. To check it is done use the following command in the cli. dig TXT algphoto.com.au (press enter) you should see something like this... algphoto.com.au 3400 IN TXT "v=spf1 ip4:203.170.84.161 ~all" If little of this makes sense I apologise. I can help you remotely if you would like. regards Anthony White Greig via luv-main wrote: Thanks Tony, I have been on this mailing list since 2003, but only as a user, not a sys admin, how do I create an SPF record and what do I do with it? Please. Kind regards On Sun, 28 May 2023, 17:05 Tony White via luv-main, wrote: Hi, Nic is correct add an SPF txt record and gmail will be happy again. dig txt algphoto.com.au ; <<>> DiG 9.11.3-1ubuntu1.18-Ubuntu <<>> txt algphoto.com.au ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45699 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;algphoto.com.au.INTXT ;; AUTHORITY SECTION: algphoto.com.au.3600INSOAns1.melbourneit.net. admin.melbourneit.net. 2018121411 86400 7200 360 172800 ;; Query time: 49 msec ;; SERVER: 10.2.1.253#53(10.2.1.253) ;; WHEN: Sun May 28 17:00:37 AEST 2023 ;; MSG SIZE rcvd: 105 regards Anthony White On 28/5/23 16:56, Nic Baxter via luv-main wrote: Andrew Quick glance. You are sending from algphoto.com.au and Gmail won't authenticate the emails without SPF or DKIM configured and working. This may be a new requirement. Cheers Nic On 28 May 2023 4:24:20 pm AEST, Andrew Greig via luv-main wrote: Hi all I have using several email addresses for several years now but over the past few months my mails are being bounced. My email address is noted as authenticated but my message is described as unsafe. For goodness sake, I am just arranging the details of an appointment. Google Meeting request never gets through any more. and that from a gmail address to a gmail address. Strangely, the email works from this server. The error message at the end of the link feels like it is intended to be decyphered by a sys adminand not a common user (like me) Sending of the message failed. An error occurred while sending mail. The mail server responded: Authentication Required. Learn more athttps://support.google.com/mail/?p=WantAuthError d7-20020a170902cec700b001a52974700dsm5743554plg.174 - gsmtp. Please verify that your email address is correct in your account settings and try again. And another version: This message was created automatically by mail delivery software. Sorry, the message you're trying to send cannot be delivered to one or more recipients. The address may be invalid or mistyped. Please view the error below: : 550 This mail is unauthenticated, which poses a security risk to the Reporting-MTA: dns; mail-1k-r77.ipv4.per01.ds.network Received-from-MTA: dns; cp-wc92.per01.ds.network (185.184.155.89) Arrival-Date: Sun, 28 May 2023 13:36:32 +0800 X-Original-ID: 9a76e031-fd19-11ed-9f34-d094665788dc Final-Recipient:rfc822;argilderdal...@gmail.com Action: failed Status: 5.7.26 Remote-MTA: dns; gmail-smtp-in.l.google.com (142.251.12.27) Diagnostic-Code: smtp; 550 5.7.26 This mail is unauthenticated, which poses a security risk to the sender and Gmail users, and has been blocked. The sender must authenticate with at least one of SPF or DKIM. For this message, DKIM checks did not pass and SPF check for [algphoto.com.au] did not pass with ip: [27.111.89.56]. The sender should visithttps://support.google.com/mail/answer/81126#authentication for instructions on setting up authentication. z13-20020aa79f8d00b0063f1582c50bsi7743488pfr.338 - gsmtp (in reply to EOD command) There is more but it may reveal too much for the intended receiver. Let me know how much you need ___ luv-main mailing list --luv-main@luv.asn.au To unsubscribe send an email toluv-main-le...@luv.asn.au ___ luv-main mailing list --luv-main@luv.asn.au To unsubscribe send an email toluv-main-le...@luv.asn.au ___ luv-main mailing list --luv-main@luv.asn.au To unsubscribe send an email toluv-main-le...@luv.asn.au ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
Re: Email accounts which I have used for years are now bouncing mail
Thanks Tony, I have been on this mailing list since 2003, but only as a user, not a sys admin, how do I create an SPF record and what do I do with it? Please. Kind regards On Sun, 28 May 2023, 17:05 Tony White via luv-main, wrote: > Hi, > Nic is correct add an SPF txt record and gmail will > be happy again. > > dig txt algphoto.com.au > > ; <<>> DiG 9.11.3-1ubuntu1.18-Ubuntu <<>> txt algphoto.com.au > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45699 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 512 > ;; QUESTION SECTION: > ;algphoto.com.au.INTXT > > ;; AUTHORITY SECTION: > algphoto.com.au.3600INSOAns1.melbourneit.net. > admin.melbourneit.net. 2018121411 86400 7200 360 172800 > > ;; Query time: 49 msec > ;; SERVER: 10.2.1.253#53(10.2.1.253) > ;; WHEN: Sun May 28 17:00:37 AEST 2023 > ;; MSG SIZE rcvd: 105 > > > regards > Anthony White > On 28/5/23 16:56, Nic Baxter via luv-main wrote: > > Andrew > Quick glance. You are sending from algphoto.com.au and Gmail won't > authenticate the emails without SPF or DKIM configured and working. This may > be a new requirement. > Cheers > Nic > > On 28 May 2023 4:24:20 pm AEST, Andrew Greig via luv-main > wrote: > > Hi all > > I have using several email addresses for several years now but over the past > few months my mails are being bounced. My email address is noted as > authenticated but my message is described as unsafe. > > For goodness sake, I am just arranging the details of an appointment. Google > Meeting request never gets through any more. and that from a gmail address to > a gmail address. > Strangely, the email works from this server. The error message at the end of > the link feels like it is intended to be decyphered by a sys adminand not a > common user (like me) > > > Sending of the message failed. > An error occurred while sending mail. The mail server responded: > Authentication Required. Learn more > athttps://support.google.com/mail/?p=WantAuthError > d7-20020a170902cec700b001a52974700dsm5743554plg.174 - gsmtp. Please verify > that your email address is correct in your account settings and try again. > > And another version: > > This message was created automatically by mail delivery software. > > Sorry, the message you're trying to send cannot be delivered to one or more > recipients. > The address may be invalid or mistyped. Please view the error below: > : 550 This mail is > unauthenticated, which poses a security risk to the > > > Reporting-MTA: dns; mail-1k-r77.ipv4.per01.ds.network > Received-from-MTA: dns; cp-wc92.per01.ds.network (185.184.155.89) > Arrival-Date: Sun, 28 May 2023 13:36:32 +0800 > X-Original-ID: 9a76e031-fd19-11ed-9f34-d094665788dc > > Final-Recipient: rfc822;argilderdal...@gmail.com > Action: failed > Status: 5.7.26 > Remote-MTA: dns; gmail-smtp-in.l.google.com (142.251.12.27) > Diagnostic-Code: smtp; 550 5.7.26 This mail is unauthenticated, which poses a > security risk to the sender and Gmail users, and has been blocked. The sender > must authenticate with at least one of SPF or DKIM. For this message, DKIM > checks did not pass and SPF check for [algphoto.com.au] did not pass with ip: > [27.111.89.56]. The sender should > visithttps://support.google.com/mail/answer/81126#authentication for > instructions > on setting up authentication. > z13-20020aa79f8d00b0063f1582c50bsi7743488pfr.338 - gsmtp (in reply to EOD > command) > > > There is more but it may reveal too much for the intended receiver. > Let me know how much you need > > > > ___ > luv-main mailing list -- luv-main@luv.asn.au > To unsubscribe send an email to luv-main-le...@luv.asn.au > > > ___ > luv-main mailing list -- luv-main@luv.asn.au > To unsubscribe send an email to luv-main-le...@luv.asn.au > ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
Re: Email accounts which I have used for years are now bouncing mail
Hi Andrew, Add the value from below to your TXT record in your dns zone. *Type:*TXT *Host/Name:*algphoto.com.au * Value:*v=spf1 ip4:203.170.84.161 ~all regards Anthony White On 28/5/23 17:04, Andrew Greig via luv-main wrote: Thanks Nic, My problem was I can't figure out the DKIM stuff, or do I need to approach the people who handle my domain? Kind regards On Sun, 28 May 2023, 16:56 Nic Baxter, wrote: Andrew Quick glance. You are sending from algphoto.com.au and Gmail won't authenticate the emails without SPF or DKIM configured and working. This may be a new requirement. Cheers Nic On 28 May 2023 4:24:20 pm AEST, Andrew Greig via luv-main < luv-main@luv.asn.au> wrote: Hi all I have using several email addresses for several years now but over the past few months my mails are being bounced. My email address is noted as authenticated but my message is described as unsafe. For goodness sake, I am just arranging the details of an appointment. Google Meeting request never gets through any more. and that from a gmail address to a gmail address. Strangely, the email works from this server. The error message at the end of the link feels like it is intended to be decyphered by a sys adminand not a common user (like me) Sending of the message failed. An error occurred while sending mail. The mail server responded: Authentication Required. Learn more at https://support.google.com/mail/?p=WantAuthError d7-20020a170902cec700b001a52974700dsm5743554plg.174 - gsmtp. Please verify that your email address is correct in your account settings and try again. And another version: This message was created automatically by mail delivery software. Sorry, the message you're trying to send cannot be delivered to one or more recipients. The address may be invalid or mistyped. Please view the error below: : 550 This mail is unauthenticated, which poses a security risk to the Reporting-MTA: dns; mail-1k-r77.ipv4.per01.ds.network Received-from-MTA: dns; cp-wc92.per01.ds.network (185.184.155.89) Arrival-Date: Sun, 28 May 2023 13:36:32 +0800 X-Original-ID: 9a76e031-fd19-11ed-9f34-d094665788dc Final-Recipient: rfc822;argilderdal...@gmail.com Action: failed Status: 5.7.26 Remote-MTA: dns; gmail-smtp-in.l.google.com (142.251.12.27) Diagnostic-Code: smtp; 550 5.7.26 This mail is unauthenticated, which poses a security risk to the sender and Gmail users, and has been blocked. The sender must authenticate with at least one of SPF or DKIM. For this message, DKIM checks did not pass and SPF check for [algphoto.com.au] did not pass with ip: [27.111.89.56]. The sender should visit https://support.google.com/mail/answer/81126#authentication for instructions on setting up authentication. z13-20020aa79f8d00b0063f1582c50bsi7743488pfr.338 - gsmtp (in reply to EOD command) There is more but it may reveal too much for the intended receiver. Let me know how much you need ___ luv-main mailing list --luv-main@luv.asn.au To unsubscribe send an email toluv-main-le...@luv.asn.au ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
Re: Email accounts which I have used for years are now bouncing mail
Hi, Nic is correct add an SPF txt record and gmail will be happy again. dig txt algphoto.com.au ; <<>> DiG 9.11.3-1ubuntu1.18-Ubuntu <<>> txt algphoto.com.au ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45699 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;algphoto.com.au. IN TXT ;; AUTHORITY SECTION: algphoto.com.au. 3600 IN SOA ns1.melbourneit.net. admin.melbourneit.net. 2018121411 86400 7200 360 172800 ;; Query time: 49 msec ;; SERVER: 10.2.1.253#53(10.2.1.253) ;; WHEN: Sun May 28 17:00:37 AEST 2023 ;; MSG SIZE rcvd: 105 regards Anthony White On 28/5/23 16:56, Nic Baxter via luv-main wrote: Andrew Quick glance. You are sending from algphoto.com.au and Gmail won't authenticate the emails without SPF or DKIM configured and working. This may be a new requirement. Cheers Nic On 28 May 2023 4:24:20 pm AEST, Andrew Greig via luv-main wrote: Hi all I have using several email addresses for several years now but over the past few months my mails are being bounced. My email address is noted as authenticated but my message is described as unsafe. For goodness sake, I am just arranging the details of an appointment. Google Meeting request never gets through any more. and that from a gmail address to a gmail address. Strangely, the email works from this server. The error message at the end of the link feels like it is intended to be decyphered by a sys adminand not a common user (like me) Sending of the message failed. An error occurred while sending mail. The mail server responded: Authentication Required. Learn more at https://support.google.com/mail/?p=WantAuthError d7-20020a170902cec700b001a52974700dsm5743554plg.174 - gsmtp. Please verify that your email address is correct in your account settings and try again. And another version: This message was created automatically by mail delivery software. Sorry, the message you're trying to send cannot be delivered to one or more recipients. The address may be invalid or mistyped. Please view the error below: : 550 This mail is unauthenticated, which poses a security risk to the Reporting-MTA: dns; mail-1k-r77.ipv4.per01.ds.network Received-from-MTA: dns; cp-wc92.per01.ds.network (185.184.155.89) Arrival-Date: Sun, 28 May 2023 13:36:32 +0800 X-Original-ID: 9a76e031-fd19-11ed-9f34-d094665788dc Final-Recipient:rfc822;argilderdal...@gmail.com Action: failed Status: 5.7.26 Remote-MTA: dns; gmail-smtp-in.l.google.com (142.251.12.27) Diagnostic-Code: smtp; 550 5.7.26 This mail is unauthenticated, which poses a security risk to the sender and Gmail users, and has been blocked. The sender must authenticate with at least one of SPF or DKIM. For this message, DKIM checks did not pass and SPF check for [algphoto.com.au] did not pass with ip: [27.111.89.56]. The sender should visit https://support.google.com/mail/answer/81126#authentication for instructions on setting up authentication. z13-20020aa79f8d00b0063f1582c50bsi7743488pfr.338 - gsmtp (in reply to EOD command) There is more but it may reveal too much for the intended receiver. Let me know how much you need ___ luv-main mailing list --luv-main@luv.asn.au To unsubscribe send an email toluv-main-le...@luv.asn.au ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
Re: Email accounts which I have used for years are now bouncing mail
Thanks Nic, My problem was I can't figure out the DKIM stuff, or do I need to approach the people who handle my domain? Kind regards On Sun, 28 May 2023, 16:56 Nic Baxter, wrote: > Andrew > Quick glance. You are sending from algphoto.com.au and Gmail won't > authenticate the emails without SPF or DKIM configured and working. This > may be a new requirement. > Cheers > Nic > > On 28 May 2023 4:24:20 pm AEST, Andrew Greig via luv-main < > luv-main@luv.asn.au> wrote: >> >> Hi all >> >> I have using several email addresses for several years now but over the >> past few months my mails are being bounced. My email address is noted as >> authenticated but my message is described as unsafe. >> >> For goodness sake, I am just arranging the details of an appointment. >> Google Meeting request never gets through any more. and that from a gmail >> address to a gmail address. >> Strangely, the email works from this server. The error message at the end >> of the link feels like it is intended to be decyphered by a sys adminand >> not a common user (like me) >> >> >> Sending of the message failed. >> An error occurred while sending mail. The mail server responded: >> Authentication Required. Learn more at >> https://support.google.com/mail/?p=WantAuthError >> d7-20020a170902cec700b001a52974700dsm5743554plg.174 - gsmtp. Please verify >> that your email address is correct in your account settings and try again. >> >> And another version: >> >> This message was created automatically by mail delivery software. >> >> Sorry, the message you're trying to send cannot be delivered to one or more >> recipients. >> The address may be invalid or mistyped. Please view the error below: >> : 550 This mail is >> unauthenticated, which poses a security risk to the >> >> >> Reporting-MTA: dns; mail-1k-r77.ipv4.per01.ds.network >> Received-from-MTA: dns; cp-wc92.per01.ds.network (185.184.155.89) >> Arrival-Date: Sun, 28 May 2023 13:36:32 +0800 >> X-Original-ID: 9a76e031-fd19-11ed-9f34-d094665788dc >> >> Final-Recipient: rfc822; argilderdal...@gmail.com >> Action: failed >> Status: 5.7.26 >> Remote-MTA: dns; gmail-smtp-in.l.google.com (142.251.12.27) >> Diagnostic-Code: smtp; 550 5.7.26 This mail is unauthenticated, which poses a >> security risk to the sender and Gmail users, and has been blocked. The >> sender >> must authenticate with at least one of SPF or DKIM. For this message, DKIM >> checks did not pass and SPF check for [algphoto.com.au] did not pass with >> ip: >> [27.111.89.56]. The sender should visit >> https://support.google.com/mail/answer/81126#authentication for instructions >> on setting up authentication. >> z13-20020aa79f8d00b0063f1582c50bsi7743488pfr.338 - gsmtp (in reply to >> EOD >> command) >> >> >> There is more but it may reveal too much for the intended receiver. >> Let me know how much you need >> >> >> ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
Re: Email accounts which I have used for years are now bouncing mail
Andrew my impression of the bad email situation is that somehow the technical fixes are themselves the problems; email is an an ancient internet functionality that was never designed with all the sculduggery in mind. Are we just accumulating fixes for a system which needs to be fundamentally redesigned ? regards Rohan McLeod Andrew Greig via luv-main wrote: Hi all I have using several email addresses for several years now but over the past few months my mails are being bounced. My email address is noted as authenticated but my message is described as unsafe. For goodness sake, I am just arranging the details of an appointment. Google Meeting request never gets through any more. and that from a gmail address to a gmail address. Strangely, the email works from this server. The error message at the end of the link feels like it is intended to be decyphered by a sys adminand not a common user (like me) Sending of the message failed. An error occurred while sending mail. The mail server responded: Authentication Required. Learn more at https://support.google.com/mail/?p=WantAuthError d7-20020a170902cec700b001a52974700dsm5743554plg.174 - gsmtp. Please verify that your email address is correct in your account settings and try again. And another version: This message was created automatically by mail delivery software. Sorry, the message you're trying to send cannot be delivered to one or more recipients. The address may be invalid or mistyped. Please view the error below: : 550 This mail is unauthenticated, which poses a security risk to the Reporting-MTA: dns; mail-1k-r77.ipv4.per01.ds.network Received-from-MTA: dns; cp-wc92.per01.ds.network (185.184.155.89) Arrival-Date: Sun, 28 May 2023 13:36:32 +0800 X-Original-ID: 9a76e031-fd19-11ed-9f34-d094665788dc Final-Recipient: rfc822;argilderdal...@gmail.com Action: failed Status: 5.7.26 Remote-MTA: dns; gmail-smtp-in.l.google.com (142.251.12.27) Diagnostic-Code: smtp; 550 5.7.26 This mail is unauthenticated, which poses a security risk to the sender and Gmail users, and has been blocked. The sender must authenticate with at least one of SPF or DKIM. For this message, DKIM checks did not pass and SPF check for [algphoto.com.au] did not pass with ip: [27.111.89.56]. The sender should visit https://support.google.com/mail/answer/81126#authentication for instructions on setting up authentication. z13-20020aa79f8d00b0063f1582c50bsi7743488pfr.338 - gsmtp (in reply to EOD command) There is more but it may reveal too much for the intended receiver. Let me know how much you need ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
Re: Email accounts which I have used for years are now bouncing mail
Andrew Quick glance. You are sending from algphoto.com.au and Gmail won't authenticate the emails without SPF or DKIM configured and working. This may be a new requirement. Cheers Nic On 28 May 2023 4:24:20 pm AEST, Andrew Greig via luv-main wrote: >Hi all > >I have using several email addresses for several years now but over the past >few months my mails are being bounced. My email address is noted as >authenticated but my message is described as unsafe. > >For goodness sake, I am just arranging the details of an appointment. Google >Meeting request never gets through any more. and that from a gmail address to >a gmail address. >Strangely, the email works from this server. The error message at the end of >the link feels like it is intended to be decyphered by a sys adminand not a >common user (like me) > > >Sending of the message failed. >An error occurred while sending mail. The mail server responded: >Authentication Required. Learn more at >https://support.google.com/mail/?p=WantAuthError >d7-20020a170902cec700b001a52974700dsm5743554plg.174 - gsmtp. Please verify >that your email address is correct in your account settings and try again. > >And another version: > >This message was created automatically by mail delivery software. > >Sorry, the message you're trying to send cannot be delivered to one or more >recipients. >The address may be invalid or mistyped. Please view the error below: > >: 550 This mail is unauthenticated, which poses a >security risk to the > > >Reporting-MTA: dns; mail-1k-r77.ipv4.per01.ds.network >Received-from-MTA: dns; cp-wc92.per01.ds.network (185.184.155.89) >Arrival-Date: Sun, 28 May 2023 13:36:32 +0800 >X-Original-ID: 9a76e031-fd19-11ed-9f34-d094665788dc > >Final-Recipient: rfc822;argilderdal...@gmail.com >Action: failed >Status: 5.7.26 >Remote-MTA: dns; gmail-smtp-in.l.google.com (142.251.12.27) >Diagnostic-Code: smtp; 550 5.7.26 This mail is unauthenticated, which poses a > security risk to the sender and Gmail users, and has been blocked. The sender > must authenticate with at least one of SPF or DKIM. For this message, DKIM > checks did not pass and SPF check for [algphoto.com.au] did not pass with ip: > [27.111.89.56]. The sender should visit > https://support.google.com/mail/answer/81126#authentication for instructions > on setting up authentication. > z13-20020aa79f8d00b0063f1582c50bsi7743488pfr.338 - gsmtp (in reply to EOD > command) > > > There is more but it may reveal too much for the intended receiver. >Let me know how much you need > ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
Email accounts which I have used for years are now bouncing mail
Hi all I have using several email addresses for several years now but over the past few months my mails are being bounced. My email address is noted as authenticated but my message is described as unsafe. For goodness sake, I am just arranging the details of an appointment. Google Meeting request never gets through any more. and that from a gmail address to a gmail address. Strangely, the email works from this server. The error message at the end of the link feels like it is intended to be decyphered by a sys adminand not a common user (like me) Sending of the message failed. An error occurred while sending mail. The mail server responded: Authentication Required. Learn more at https://support.google.com/mail/?p=WantAuthError d7-20020a170902cec700b001a52974700dsm5743554plg.174 - gsmtp. Please verify that your email address is correct in your account settings and try again. And another version: This message was created automatically by mail delivery software. Sorry, the message you're trying to send cannot be delivered to one or more recipients. The address may be invalid or mistyped. Please view the error below: : 550 This mail is unauthenticated, which poses a security risk to the Reporting-MTA: dns; mail-1k-r77.ipv4.per01.ds.network Received-from-MTA: dns; cp-wc92.per01.ds.network (185.184.155.89) Arrival-Date: Sun, 28 May 2023 13:36:32 +0800 X-Original-ID: 9a76e031-fd19-11ed-9f34-d094665788dc Final-Recipient: rfc822;argilderdal...@gmail.com Action: failed Status: 5.7.26 Remote-MTA: dns; gmail-smtp-in.l.google.com (142.251.12.27) Diagnostic-Code: smtp; 550 5.7.26 This mail is unauthenticated, which poses a security risk to the sender and Gmail users, and has been blocked. The sender must authenticate with at least one of SPF or DKIM. For this message, DKIM checks did not pass and SPF check for [algphoto.com.au] did not pass with ip: [27.111.89.56]. The sender should visit https://support.google.com/mail/answer/81126#authentication for instructions on setting up authentication. z13-20020aa79f8d00b0063f1582c50bsi7743488pfr.338 - gsmtp (in reply to EOD command) There is more but it may reveal too much for the intended receiver. Let me know how much you need ___ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au
