Hi, Please share the Domain name and IP address that is having the issues so that we can better assist. If possible, can you also share the email header of an email that is failing.
As for the error, Gmail is clearly seeing an issue with the domain in the SPF and DKIM records. It is very possible that the SPF while correct, has too much calls and does not complete the check. They have posted in their guide that in April 2024, they will start to BLOCK emails that do not have the following (https://support.google.com/a/answer/14229414?hl=en#bulk-sender-def&expiration&bulk-sender-comply&email-to-ws&ws-senders&timeline&timeline-new&from-header&reqs-not-met&alerts&error-codes&spam-rate&spam-exceeds&one-click-all-msgs&unsub-noshow&promotional&why-one-click&one-click-rfc8058&no-one-click&unsub-msg-body&no-unsub-spam&more-unsubscribe-links&howlong-unsubscribe&prevent-unsubscribe-all&unsub-unavailable&mailto&landing-page&dmarc-align&dmarc-fail&mitigation&mitigation-eligible&:~:text=Sender%20guidelines%20enforcement): The table below describes the enforcement timeline and will be updated as needed: Sender requirement Enforcement SPF and DKIM authentication Gmail From: header impersonation From: header alignment Valid forward and reverse DNS records Messages formatted according RFC 5322 Messages sent using TLS Temporary failures with error codes Starting in April 2024, we'll begin rejecting non-compliant traffic. Rejection will be gradual and will impact non-compliant traffic only. We strongly recommend senders use the temporary failure enforcement period to make any changes required to become compliant. Enforcement for these requirements will begin no earlier than June 2024: * DMARC record with a minimum policy of none (p=none). Learn more about DMARC record values<https://support.google.com/a/answer/2466563#dmarc-record-tags>. * One-click unsubscribe in marketing messages * Mitigations unavailable when user-reported spam rates exceed 0.3% or if the sender has not met the authentication or one-click unsubscribe requirements. Gmail is blocking you based on the information above and your error. Michael Irvine From: mailop <mailop-boun...@mailop.org> On Behalf Of Simon Branch via mailop Sent: Monday, May 20, 2024 01:26 To: mailop@mailop.org Subject: [mailop] Ongoing issue with sending emails to Gmail / Google hosted domains from our MS 365 Tenant CAUTION: This email originated from outside of the organization. Do not click any links or open attachments unless you recognize the sender and know the content is safe. Hello, This is my second time of posting about this issue, which involves messages sent from our MS 365 Tenant being rejected by Google's mail servers. Around the beginning of April, several of our users started to get messages bouncing back, when sending messages to Google-hosted domains. The error received each time was as follows: Error: 550 5.7.350 Remote server returned message detected as spam -> 550 5.7.1 [2a01:111:f403:261b::701 19] Gmail has detected that this message;is likely suspicious due to the very low reputation of the sending;domain. To best protect our users from spam, the message has been;blocked. For more information, go to; https://support.google.com/mail/answer/188131 af79cd13be357-792cf65c157si1015450885a.765 - gsmtp Message rejected by: mx.google.com The same would happen when sending to any Gmail account. The first thing I checked was the SPF, DKIM and DMARC records, but found they were all correct. So, I contacted Microsoft 365 Support for assistance. They looked at the message, immediately blamed Google, and told me to speak to them. Unfortunately, there is no one to speak to at Google, unless your domain is hosted with them. So I filled out several of Google's email case reports, none of which have been acted upon. Microsoft have tripled checked the SPF, DKIM and DMARC records and have confirmed they are all correct and are baffled as to why it is not working. Each time I am told that it is a 'Google Problem' and we need to get out domain whitelisted by them. We are now in the position whereby mails sent to these domains are either rejected outright by Google's servers or end up in users' Spam folders. I registered with Google Postmaster Tools a few weeks ago and finally got some analysis a few days ago, as follows: SPF and DKIM authentication Needs work - Set up both SPF and DKIM authentication. SPF prevents spammers from sending unauthorised messages that appear to be from your domain. Receiving servers use DKIM to verify that the domain owner actually sent the message. From: header alignment Needs work - Ensure that the From: header aligns with either SPF or DKIM For direct mail, the domain in the sender's From: header must be aligned with either the SPF domain or the DKIM domain. This is required to pass DMARC alignment. DMARC authentication Compliant Encryption Compliant User-reported spam rate Compliant DNS records Compliant The above makes no sense to me, as it is suggested there is an issue with the SPF and DKIM records and that the From header, yet all are correct. Everything else on the Google Postmaster Tools passes. Has anyone seen this before, and if so, is there a solution, as neither Microsoft, nor Google will assist? Any advice would be much appreciated. Thanks, Simon
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
