1

when sending email from my Ubuntu 18.04 server to Gmail, I am getting such bounce messages:

... while talking to gmail-smtp-in.l.google.com.:
>>> DATA
<<< 550-5.7.1 This message does not have authentication information or fails to pass
<<< 550-5.7.1 authentication checks. To best protect our users from spam, the
<<< 550-5.7.1 message has been blocked. Please visit
<<< 550-5.7.1  https://support.google.com/mail/answer/81126#authentication for more
<<< 550 5.7.1 information. z8si6596816wro.217 - gsmtp
554 5.0.0 Service unavailable

I have checked the provided link and wonder, what setting is missing:

  • "Send from the same IP address"
    • I do (changed IP once 3 months ago, though).
  • "Keep valid reverse DNS records your IP address that point to your domain".
    • I think I do. There's both a DNS and PTR record referring both ways nabo.jaehnig.org <=> 159.69.180.128
  • "Choose the same address in the 'From:' header for every bulk message"
    • I do (I even don't send bulk messages, only single ones.)

There are "Other recommendations"

  • "Publish a SPF record."
    • I did. It says v=spf1 include:_spf.google.com ~all
  • "Publish a DMARC policy."
    • I did. It says v=DMARC1; p=none; rua=mailto:postmaster@jaehnig.org
  • "Sign messages with DKIM. We don't authenticate messages signed with keys that use fewer than 1024 bits."
    • I'm not doing this yet. Is it really crucial? I know another server also having no DKIM, and Gmail receives its messages.

Also, looking at the checks provided by toolbox.googleapps.com, there are no critical issues (but interestingly, DMARC is not recognized).

What would you try next?

Georg Jähnig
  • 779
  • 1
  • 8
  • 19
  • 1
    If your domain uses gmail for its MX and you send through gmail (as your SPF says you do), gmail should do DKIM signing for you. Also be aware that gmail's spam filtering is a complete train wreck; large portions of simply don't work properly, and there's no way of getting support for it. – Synchro Feb 27 '19 at 15:27
  • Oh, I don't send them by Gmail, just simply by `sendmail` So then my SPF is wrong. Any idea how a correct one should look like? – Georg Jähnig Feb 27 '19 at 20:34
  • 1
    Uh, add the servers you *do* send from - that’s its primary purpose! – Synchro Feb 27 '19 at 21:26
  • OK, according to [here](http://www.openspf.org/SPF_Record_Syntax), this would be correct" `v=spf1 a -all`? ("The current-domain is used.") – Georg Jähnig Feb 27 '19 at 23:08
  • 1
    `a` will add the A record for your domain, so if that's where you're sending from, that's fine. – Synchro Feb 28 '19 at 14:56

1 Answers1

1

As you perhaps know, guidelines published by anti-spammers like Google are necessarily incomplete (to avoid manipulation). In my experience, there are some necessities to which a bundle of probabilities are added. The exact formulas companies employ varies according to perceived need from year to year.

In my experience in 2019, SPR and DKIM (w/big DKIM key) are, yes, necessities. PTR and DMARC affects probabilities. All these probabilities interact with constantly updated semi-accessible databases like dnswl.org with their white&black-listing of emails, lines and servers. (Of course, interacting with these probabilities is content check: text-only emails, with only 'boring' words and at most an 'unsubscribe' link are best.)

Aristo
  • 11
  • 1