Email flagged as spam
-
I'm playing IT Support for a family member.
Since last week Google has started rejecting mails sent by my father. The message is:
The mail system
for more 550
***redacted***@gmail.com: host
gmail-smtp-in.l.google.com[142.250.102.27]
said: 550-5.7.26 This message does not have authentication information
or
fails to 550-5.7.26 pass authentication checks. To best protect our
users
from spam, the 550-5.7.26 message has been blocked. Please visit
550-5.7.26
5.7.26 information.
cw7-20020a170906478700b006f3ca3b9d5asi10806923ejc.830 -
gsmtp (in reply to end of DATA command)Now, I don't know much about emails. So I follow the link:
550, "5.7.26", " Unauthenticated email from domain-name is not accepted due to domain's DMARC policy. Please contact the administrator of domain-name domain. If this was a legitimate mail please visit Control unauthenticated mail from your domain to learn about the DMARC initiative. If the messages are valid and aren't spam, contact the administrator of the receiving mail server to determine why your outgoing messages don't pass authentication checks.
Sounds like a problem with the domain itself, which is provided by the ISP. I use the same ISP, so I also have an e-mail account with them. I ask my father to send an email to my Gmail account, whilst I do the same. My email goes through, his is rejected. He also contacted the ISP directly, and they say that they can't see any issues on their sides; all their testing is successful. So it looks like Google is blocking his address specifically. This is strange, as there are no automated mails or other types of mail sent from that address which I can think of that would flag it as a spam address.
I also followed the last link out of interest, but from what I can gather all the solutions have to do with the domain itself, so I don't think it will help much, though I don't know what half the stuff means (DMARC, SPF, DKIM).
Any ideas, short of contacting Google directly?
-
@Vault_Dweller said in Email flagged as spam:
provided by the ISP. I use the same ISP, so I also have an e-mail account with them
Do you use the same
domain name
? That seems to be the (? / a?) point.
-
@BernieTheBernie said in Email flagged as spam:
@Vault_Dweller said in Email flagged as spam:
provided by the ISP. I use the same ISP, so I also have an e-mail account with them
Do you use the same
domain name
? That seems to be the (? / a?) point.Yes, exactly the same domain.
-
@Vault_Dweller Is he using the ISP's SMTP server? Or does he have a different SMTP server still lounging about in configuration somewhere?
-
@PleegWat Unfortunately there are geographical issues in finding that out. Is the suspicion that it might be affecting the headers? If so, would I see anything in the headers?
-
@Vault_Dweller I'm not exactly sure of the mechanics. But generally, 'modern' smtp servers will add a header noting the origin of the message (in addition to the traditional Received: header). The final destination mailserver compares the stated origin (From: address) with the actual origin (Received: headers and other data) and will reject the message if there is no match.
You may be able to find more of interest on wikipedia, but I urge you to stay away from the RFCs. Email RFCs are horrible.
-
@PleegWat Well, in case it might help, here are the headers of a rejected mail:
Received: from User1PC (unknown [102.252.66.60])
by rrba-ip-smtp-6-4.saix.net (Postfix) with ESMTP id D41CD5EC
for ***redacted***@gmail.com; Mon, 30 May 2022 08:36:41 +0200 (SAST)
From: My Father ***redacted***@afrihost.co.za
To: "redacted@gmail.com" ***redacted***@gmail.com
Subject: QUMADE: Invoice June 2022
Thread-Topic: QUMADE: Invoice June 2022
Thread-Index: Adhz6eLO9gq5s6nhSia7YLVwkGogSA==
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Mon, 30 May 2022 06:36:36 +0000
Message-ID: 001901d873ef$9ceb1660$d6c14320$@afrihost.co.za
Reply-To: "redacted_alias@afrihost.co.za" ***redacted_alias***@afrihost.co.za
Content-Language: en-ZA
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0Only thing I'm noticing is that the Reply-To: header uses the alias of my father's email address, while the From: uses the actual address.
-
@PleegWat said in Email flagged as spam:
@Vault_Dweller I'm not exactly sure of the mechanics. But generally, 'modern' smtp servers will add a header noting the origin of the message (in addition to the traditional Received: header). The final destination mailserver compares the stated origin (From: address) with the actual origin (Received: headers and other data) and will reject the message if there is no match.
You may be able to find more of interest on wikipedia, but I urge you to stay away from the RFCs. Email RFCs are horrible.
Also the SPF record on the domain will list the servers allowed to send email from that domain. If the SMTP server he's using isn't included in the SPF then it'll get rejected.
-
@Vault_Dweller
Based on the single Received header, he's not using his ISP's SMTP server at all, instead using a local email server sending directly to the target domain. From other headers, I suspect it to be an exchange server.
-
@Vault_Dweller and you may want to redact that alias some more.
-
@robo2 Thanks, done
-
@Vault_Dweller from the SPF record on afrihost.co.za - it looks like that SMTP server (rrba-ip-smtp-6-4.saix.net) isn't permitted to send emails for that domain.
Check he's using the right SMTP server for that ISP.
-
@loopback0 Thanks, that seems to be it. I logged on directly from the ISP's browser client, and it worked from there.