|
I'm helping a local non-profit with their mass e-mails. They have their host, then DNS through another service, setup for Google Workspace, and use SendGrid for the big e-mails. The e-mails go straight to Junk because it fails DKIM/SPF. I included the DKIM records provided by SendGrid, and added SendGrid to the SPF record, but it still fails. I suspect it's because of how things are routing w/ regards to Google. I'm working on getting the DNS Records so I can better show what a mess they are. They have like 10 different "staging" records for Google. Anyone have thoughts on where I should start? The big issue seems like SendGrid is not being recognized as being authorized through the domain, that the SPF and DKIM records aren't actually being pulled from the domain host.
|
# ¿ Dec 4, 2023 15:08 |
|
|
# ¿ May 3, 2024 07:27 |
|
unknown posted:Setup some kind of dmarc analysis - there's lots of ones out there and most have a free-tier (especially for non-profits) and it'll say what's failing for who (in a generic setting at least, not specific email addresses). Authentication-Results: spf=none (sender IP is 167.89.40.80) smtp.mailfrom=em6847.DOMAIN.org; dkim=fail (no key for signature) header.d=DOMAIN.org;dmarc=fail action=none header.from=DOMAIN.org;compauth=fail reason=001 I did throw on a basic DMARC policy for the domain, Allow, with a 100 pct. But no reporting e-mail because I didn't want anyone getting overwhelmed by a bunch of failures at some point.
|
# ¿ Dec 4, 2023 16:04 |
|
Sorry for the delay. I got COVID last week and it kicked my rear end. Thankfully prior to that, I asked for teh DNS records. As I came out of my fugue state, I realized that the DKIM and NAME entries managed to create redundant parts. So they show up like em6847.DOMAIN.org.DOMAIN.org. I assume i just have to edit and remove the second DOMAIN.org parts on those and try again. Does that seem like the best next step, and then re-assess if it continues?
|
# ¿ Dec 11, 2023 16:10 |
|
Rawrbomb posted:Yeah, those entries should be em6847.domain.org without the secondary hostname. The sender auth process should go into a "validated" state, once you get it setup. Yeah, I had not realized the DNS appended the domain on them. Long story short, got them updated and it's all good! Thanks everyone!
|
# ¿ Dec 26, 2023 19:43 |