Email from Mail on my iPhone to Gmail address failed

Topic

New Reply

I got a failure reply to an email I sent from Mail on my iPhone to a Gmail address in my contacts.  The same mail sent fine on my computer from Outlook.  My ISP provider is IONOS which hosts my private domain.  It looks like a security issue of some kind from Google.  I’ll post the failure reply below and ask if anyone can decode it to help me resolve the issue:

 

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error.

The following address failed:

s**********@gmail.com:
SMTP error from remote server for TEXT command, host: gmail-smtp-in.l.google.com (142.250.112.26) reason: 550-5.7.26 This mail is unauthenticated, which poses a security risk to the
550-5.7.26 sender and Gmail users, and has been blocked. The sender must
550-5.7.26 authenticate with at least one of SPF or DKIM. For this message ,
550-5.7.26 DKIM checks did not pass and SPF check for [******.com] did not pass
550-5.7.26 with ip: [74.208.4.194]. The sender should visit
550-5.7.26 https://support.google.com/mail/answer/81126#authentication fo r 550 5.7.26 instructions on setting up authentication. 84-20020a25185700000
0b00b61edf21a8fsi29710677yby.127 – gsmtp

— The header of the original message is following. —

Received: from smtpclient.apple ([174.29.38.75]) by mrelay.perfora.net
(mreueus003 [74.208.5.2]) with ESMTPSA (Nemesis) id 0MS4Ue-1ps3Qv0vMo-00TGuw for <s**********@gmail.com>; Mon, 27 Mar 2023 03:59:55 +0200
Content-Type: multipart/alternative; boundary=Apple-Mail-4CA8FB79-EFCA-45D8-8F6C-5C5613F2A8B1
Content-Transfer-Encoding: 7bit
From: Ronnpj <r******@******.com>
Mime-Version: 1.0 (1.0)
Subject: Re: March 25 Lumberjack
Date: Sun, 26 Mar 2023 19:59:44 -0600
Message-Id: <3384AA9E-1D11-4181-A0ED-81161C448180@*******.com>
References: <CAKyN-DSNJvrT2iEfWcYX27LECOpGo3tid6MKEPqjjKVWePVirQ@mail.gmail.com>
In-Reply-To: <CAKyN-DSNJvrT2iEfWcYX27LECOpGo3tid6MKEPqjjKVWePVirQ@mail.gmail.com>
To: S******* <s*********@gmail.com>
X-Mailer: iPhone Mail (20D67)
X-Provags-ID: V03:K1:c6i1k7c88cWe9ykq52pDu/VDcd5wjwEj4g///7OVBMpe8xDjCH0
+oIlhcFzXoXsbTCq3qaUVJK3EwfaSqA913rPM91CZfYHtOt2zTCJnF9KDs1hKCwLqPEAoRO
F2/LZKHyQnWFwDfj0EFJaGbwZ3FKhQb5CZmkbz2wLz0IgvaQkkV8pMgVqomUKz3Ue/SYJyo
1/yQqHJYW7oCtm0XvjN+g==
X-Spam-Flag: NO
UI-OutboundReport: notjunk:1;M01:P0:vQ2O2WlWW6E=;ULzFJnx1OqVtHTOVD9RJBUTg1uZ
UYrMg0CbB/2ygdSUmJi0S8uU2eStYzi69oMxmAc84n18O4cNwiGDOq1fCtFnFBmLHj+7pfCmk
gX87e5AvdXTcmH79HRh7t44sR+6/ZMGajTY+2/7tdL27RboqGhWdAitknTGCMpDW/uA1R6e1g
gRWI0iuTQjBZKKLIk3f+8LeEs6WWejRJKF1am23f9OTMEcH3NWv4p4mRPtaiFMUYifaMP7iMH
fD/cQvPaSPc4JrO8x3k0cMx/w6VVFlKuBk4L0pXnzbhuhNv59I9bjIQz1VZ6G9V9SFZt0ipQd
CQgcvzOgIbXKRB7jt/Y52cEsHg3STjRv+X54+EzvJHL6LIt49DkI+O4UGgLV9unBkDnelOZ0J
hKxHgjBXccvJFb8JwvTwW6btjcMWHjB4rVwkXwVXTG7YXv3NOKfZQWfAnFhts71up57wAv2yC
05kffWxpRG0EEaDLriCBOKS817RtWPitgkgFVPLHhJd7PTVD7IChx3ok4f3kLWYf7A7mQE260
2XSMHhS3PJZdS/UdzSyCrEQYLyieLvpOgSpx2b5uqT3RTR7Vym8NJODMdAZM4rtBoSZK0pfKD
AFrq/ww6t02X79euTS4RhUaih1RoGvH+P5p2/H4e7wmvEdYbAPWlq/TiCxjaF/7+QBFHQXlSx
U4fuMofvTuQlG2ZEKVLqrNhihdQeNW494I2r72zu3A==

 

Moderator Note: Edit to remove personal information. Posting personal information such as email addresses poses a security risk. Please do not post personal information.

Retired Rocket Scientist

Reply | Quote

Replies

550-5.7.26 DKIM checks did not pass and SPF check for [ronnpj.com] did not pass

Have your host check your spf and/or dkim settings on your domain

Never Say Never

Reply | Quote

I get no spf record found at https://mxtoolbox.com/SuperTool.aspx?action=spf%3aronnpj.com&run=toolpage

Never Say Never

Reply | Quote

I’ll send them a message to check on the problem.

Frankly, I’m way out of my depth on the problem but I’ll see if I can get a response from them.

Retired Rocket Scientist

Reply | Quote

OK, here’s the response from my domain host:

“Thanks for contacting IONOS,i have added  an SPF record to your domain, you will have to wait for 24 hours for it to get propagated .”

So that makes sense based on your recommendation.

Just a couple of questions if you don’t mind.

What is an SPF record?

If it’s related to my domain which connects to my own email address why is the problem I’m seeing only connected to a Gmail contact?

Is there something unique that Google requires for their security purposes?

Trying to get a little smarter here…

 

Retired Rocket Scientist

Reply | Quote

This will probably explain better than I can.
https://woodpecker.co/blog/spf-dkim/

We set DKIM and SPF records on all domains we host as it drastically improves deliverability. On sites sending newsletters and stuff we go through the arduous process of DMARC. That’s a MUCH larger pain. In my experience gmail seems the most picky and just plain stupid sometimes.

Tell them while they are at it to setup the DKIM too!
https://mxtoolbox.com/emailhealth/ronnpj.com/

Never Say Never

Reply | Quote

Great reference!  I think I’m getting it…

About DKIM, here’s my host’s response:

Thank you for contacting IONOS.Unfortunately, IONOS doesn’t provide support for the implementation of DKIM records.

Yet you can set a DMARC record,  for this, please click on the following link for information on how to implement this on your domain DNS settings:

https://www.ionos.com/help/index.php?id=145</span></p&gt;

 

I’ll try to confirm I can email to Gmail with just the SPF now set.

Guess I’m not paying enough for my host to set up the DKIM…

Retired Rocket Scientist

Reply | Quote

cyberSAR wrote:

Tell them while they are at it to setup the DKIM too!

I had exact same problem as you @DrRon (different hosting provider though), primarily with google rejecting emails. Solution is as stated by others above (spf + dkim). I fully agree with @cyberSAR that dkim should be used as well as spf.

 

Reply | Quote

Thanks…

Did your host set up the DKIM for your account?

Retired Rocket Scientist

Reply | Quote

DrRon wrote:

Did your host set up the DKIM for your account?

They did originally but I looked into how it worked and how to get log in to the ‘CPanel’ (which I assume stands for Control Panel) and do it myself.

I know you initially said you’re a bit out of your depth but I was as well when I started looking into why my emails to gmail recipients were bouncing. Adding SPF/DKIM sorted it out and I’m now experimenting with DMARC but I’m not sure it will be necessary in the long run.

I had a quick look at IONOS but couldn’t see anything obvious. Maybe you could try loging into https://login.ionos.com/ and see if there is anything there calling itself a CPanel. On my hosting provider I then select Zone Editor > Manage Domain and a list of all the domain records came up. This might help ionos cpanel login | how to access cpanel in IONOS 1&1 step by step guide.

Do a web search for how SPF/DKIM/DMARC work. The descriptions are generally ok but often don’t cover all the fields in each protocol. The definitive references are a bit technical but they are here Sender Policy Framework (SPF) (RFC 7208), DomainKeys Identified Mail (DKIM) (RFC 6376– see Section 3.6 for all fields), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) (RFC 7489 – see Section 6.3 for all fields)

Reply | Quote

If it is cPanel it’s not too hard to do yourself (which would also be a knock against your host)

https://www.siteground.com/kb/site-tools-vs-cpanel-comparison-setup-spf-dkim-records-domain/

Never Say Never

Reply | Quote

I also found these IONOS specifc guides: https://www.ionos.com/digitalguide/e-mail/e-mail-security/dkim-domainkeys/ and Using an SPF Record to Prevent Spam.

My experience with the hosting help desks has been pretty discouraging. When they first set up my SPF they added two SPF records – but you’re only allowed to have one! That’s when I started looking into it and getting my head around it. It didn’t turn out to be that hard and worth it as you are then in control of your domain. Other than the DKIM private key, the rest of the information is published in the DNS sytsem so if you want to post the settings you want to try here someone will be able to tell you if they work or not.

You can see what your current settings are using sites like this https://mxtoolbox.com/SuperTool.aspx, putting in your domain and then selecting the type of lookup you want on the right. For example, if you plug google.com in as the domain and do a SPF lookup you get “v=spf1 include:_spf.google.com ~all” and similarly for DMARC you get “v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com”. DKIM is a bit harder as you need to know the selector (you can do a web search on how to find your selector), for google this is dkim:google.com:20210112 and the results are “v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8JxVBMLHZRj1WvIMSHApRY3DraE/EiFiR6IMAlDq9GAnrVy0tDQyBND1G8+1fy5RwssQ9DgfNe7rImwxabWfWxJ1LSmo/DzEdOHOJNQiP/nw7MdmGu+R9hEvBeGRQAmn1jkO46KIw/p2lGvmPSe3+AVD+XyaXZ4vJGTZKFUCnoctAVUyHjSDT7KnEsaiND2rVsDvyisJUAH+EyRfmHSBwfJVHAdJ9oD8cn9NjIun/EHLSIwhCxXmLJlaJeNAFtcGeD2aRGbHaS7M6aTFP+qk4f2ucRx31cyCxbu50CDVfU+d4JkIDNBFDiV+MIpaDFXIf11bGoS08oBBQiyPXgX0wIDAQAB”.

Reply | Quote

Wow… feel like I’m back in Graduate School!

You guys are really impressive or I’m getting really old – or both!

Changing any DNS setting on my domains scares the heck out of me.

Currently just the SPF change seems to have resolved my Gmail delivery problem.  So maybe I’ll take some time to study your references and browse my host site to see if I can find a way to add the DKIM setting.

Looking at DMARC and the FTP stuff just boggles my mind.

So for now maybe I’ll mark this one resolved and wait to see if I can get my school juices flowing again.

I do appreciate the help.

Retired Rocket Scientist

Reply | Quote