Hello,
This is something very very new to me. I had no idea that in addition to NORMAL DNS setup for your domain you also need to have other DNS records especially for successful email delivery.
So, here is my problem. I am not sure what happened but for about a month or two everyone at the company has been experiencing this issue. Anytime anyone sends any email from our ClearOS webserver to anyone, it lands in the recipient's SPAM or JUNK folder. So, I have been looking into this for about two days now and doing research and making changes along the way. In my search for answers, I came across a posting within ClearOS forum about this listing all the steps necessary clearly at the following links. https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_howtos_using_dkim_to_sign_and_validate_mail#periodic_maintenance and https://www.clearos.com/clearfoundation/social/community/dmark-on-clearos As suggested by Nick Howitt.
I created DMARC, SPF and Domain name Key TXT record for our domain as follows:
Through SSH I was able to successfully install DKIM on ClearOS webserver.
So, at this point I thought I am good and once the DNS is propagated, we shouldn't have this problem of our recipients getting our email in their junk or spam folder. I was wrong. We are still having this issue.
So, once again back to the drawing board I went and looked into this. And now I am reading about Reverse DNS Record and PTR Record. Online community is saying I have to have these records or our email will be seen as SPAM. As a result, I wanted to know if our webserver IP address already have Reverse Record and PTR Record and I found a website at this link http://www.dnsgoodies.com/ and MXtoolbox that let me find out if we did and we do have Reverse DNS and PTR record as follows.
I am also getting SMTP mismatch BANNER warning
After all this work, our emails are still received as SPAM or JUNK and accordingly it is placed in their JUNK or SPAM folder in the recipients email program.
So, what am I missing? or Is there still something else to do?
Any help will be greatly appreciated. Thank you,
Mark,
This is something very very new to me. I had no idea that in addition to NORMAL DNS setup for your domain you also need to have other DNS records especially for successful email delivery.
So, here is my problem. I am not sure what happened but for about a month or two everyone at the company has been experiencing this issue. Anytime anyone sends any email from our ClearOS webserver to anyone, it lands in the recipient's SPAM or JUNK folder. So, I have been looking into this for about two days now and doing research and making changes along the way. In my search for answers, I came across a posting within ClearOS forum about this listing all the steps necessary clearly at the following links. https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_howtos_using_dkim_to_sign_and_validate_mail#periodic_maintenance and https://www.clearos.com/clearfoundation/social/community/dmark-on-clearos As suggested by Nick Howitt.
I created DMARC, SPF and Domain name Key TXT record for our domain as follows:
Through SSH I was able to successfully install DKIM on ClearOS webserver.
So, at this point I thought I am good and once the DNS is propagated, we shouldn't have this problem of our recipients getting our email in their junk or spam folder. I was wrong. We are still having this issue.
So, once again back to the drawing board I went and looked into this. And now I am reading about Reverse DNS Record and PTR Record. Online community is saying I have to have these records or our email will be seen as SPAM. As a result, I wanted to know if our webserver IP address already have Reverse Record and PTR Record and I found a website at this link http://www.dnsgoodies.com/ and MXtoolbox that let me find out if we did and we do have Reverse DNS and PTR record as follows.
I am also getting SMTP mismatch BANNER warning
After all this work, our emails are still received as SPAM or JUNK and accordingly it is placed in their JUNK or SPAM folder in the recipients email program.
So, what am I missing? or Is there still something else to do?
Any help will be greatly appreciated. Thank you,
Mark,
In Mail
Share this post:
Responses (5)
-
Accepted Answer
-
Accepted Answer
I can assist with keeping mail out of junk - I do not know what all is in place at this time so I may hash over items you are aware of and may have complimented.
1. Internet Connection static ip preferred
2. Static IP needs reverse dns setup or ptr record - refer https://mxtoolbox.com/ReverseLookup.aspx
3. SPF DNS record needs to be published - refer https://mxtoolbox.com/spf.aspx
4. Forward lookup DNS record to publish to static ip mentioned above that matches hostname (smtp banner name and preferably ptr record)
5. Where possible try and implement dkim mail signing - to prevent against domain spoofed emails. *Google specifically will send allot to junk if you do not conform to all the above.
Good news is if you can keep your mails out of junk at google your pretty much pro at getting to inbox
Google sender guidelines -> https://support.google.com/mail/answer/81126?hl=en
Google Postmaster Tools -> https://support.google.com/mail/answer/6227174?hl=en
Please be aware there are allot of junk emails doing rounds with links to hacked websites that mail from your account - should this ever occur and your ip is blacklisted you will have a hard time getting it cleared up. Always but always have your outgoing mail scanned for spam and viruses. Recommend Sophos UTM to be installed between your public ip and network. It also way easier to setup dkim smtp banner dkim etc etc than most linux distributions. Giving you a little peace of mind. Sorry if the info above was a little overboard - only being thorough for your frustration to easy as quickly as possible. -
Accepted Answer
Please have a read of the Mail Settings howto? AFAIK, if your Mail Domain is mail.rel-tek.com then your e-mail addresses should be someone@mail.rel-tek.com.
As far as I can see you have an MX record for rel-tek.com pointing to mail.rel-tek.com and you don't appear to have an MX record for mail.rel-tek.com. This suggest to me that your mail domain is rel-tek.com, but the server mail.rel-tek.com handles all your smtp traffic.
GMX just reject generic PTR records. The third party have a non-generic record, in other words, instead of something like mine (static-90-255-224-113.vodafonexdsl.co.uk) they have an explicit one like mail-rel-tel.com, but you have to get your ISP to fix that for you. Mine won't as I don't have a business account. -
Accepted Answer
Our mail domain is mail.rel-tek.com
Our domain name or the mail.rel-tek.com is not BLACKLISTED according to MXToolBox and other websites. (smtp = mail.rel-tek.com pop3 = mail.rel-tek.com).
Now, I am bit confused. Why would GMX reject emails using ISP generic PTR as suppose to third-party SMTP provider? Is this suppose to mean that they don't trust ISPs PTR even though that's whom you go through for your INTERNET connection to the world? Just wondering...
There is no point in munging you domainkey.
Well, I wasn't thinking totally looks like... lol...
UPDATE:
Actually, I was testing our email just now and it WORKS... Even though MXtoolBox is throwing bunch of error messages, our email is not seen as spam and it lands into receipent's inbox folder.
I sincerely want to thank you Nick Howitt for all of your post. If I hadn't found your post about SPF, DKIM, DKIM policy and DMARC1, I don't think I would have gotten this far to completing this task. Thank you again. -
Accepted Answer
I don't think the banner mismatch is important. Isn't that saying your MX record and PTR records don't cross-check?
One minor issue I see is your PTR record. Technically I don't think anything is wrong with it, but it is an ISP generic PTR record. I know GMX reject these e-mails. Because of this I had to relay through a third-party SMTP provider.
What are your Mail Domain and Mail Hostname set to in your e-mail settings?
Also can you get hold of a spammed message? Get it forwarded back to you as an attachment so you can inspect the headers. These often contain clues.
Lastly, have you been blacklisted. MXToolbox can do a blacklist check for you.
There is no point in munging you domainkey. It a public record which any one can lookup and all mail servers will look up if validating your DKIM signature.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »