Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Hosting/Webhosting MEGATHREAD
 
  • Post
  • Reply
Boywhiz88
Sep 11, 2005

floating 26" off da ground. BURR!
 I'm helping a local non-profit with their mass e-mails.

They have their host, then DNS through another service, setup for Google Workspace, and use SendGrid for the big e-mails.

The e-mails go straight to Junk because it fails DKIM/SPF.

I included the DKIM records provided by SendGrid, and added SendGrid to the SPF record, but it still fails.

I suspect it's because of how things are routing w/ regards to Google. I'm working on getting the DNS Records so I can better show what a mess they are.

They have like 10 different "staging" records for Google.

Anyone have thoughts on where I should start? The big issue seems like SendGrid is not being recognized as being authorized through the domain, that the SPF and DKIM records aren't actually being pulled from the domain host.

* # ¿ Dec 4, 2023 15:08
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 3, 2024 07:27
  • Quote
Boywhiz88
Sep 11, 2005

floating 26" off da ground. BURR!

unknown posted:

Setup some kind of dmarc analysis - there's lots of ones out there and most have a free-tier (especially for non-profits) and it'll say what's failing for who (in a generic setting at least, not specific email addresses).

But to figure out what's wrong, you'll need the full headers from a failed message.

Authentication-Results: spf=none (sender IP is 167.89.40.80) smtp.mailfrom=em6847.DOMAIN.org; dkim=fail (no key for signature) header.d=DOMAIN.org;dmarc=fail action=none header.from=DOMAIN.org;compauth=fail reason=001

I did throw on a basic DMARC policy for the domain, Allow, with a 100 pct. But no reporting e-mail because I didn't want anyone getting overwhelmed by a bunch of failures at some point.

* # ¿ Dec 4, 2023 16:04
  • Quote
Boywhiz88
Sep 11, 2005

floating 26" off da ground. BURR!
 Sorry for the delay. I got COVID last week and it kicked my rear end.

Thankfully prior to that, I asked for teh DNS records.

As I came out of my fugue state, I realized that the DKIM and NAME entries managed to create redundant parts. So they show up like em6847.DOMAIN.org.DOMAIN.org.

I assume i just have to edit and remove the second DOMAIN.org parts on those and try again. Does that seem like the best next step, and then re-assess if it continues?

* # ¿ Dec 11, 2023 16:10
  • Quote
Boywhiz88
Sep 11, 2005

floating 26" off da ground. BURR!

Rawrbomb posted:

Yeah, those entries should be em6847.domain.org without the secondary hostname. The sender auth process should go into a "validated" state, once you get it setup.

You can use something like mxtoolbox or digwebinterface to query the DNS directly and verify your records match what they gave you as well.

Yeah, I had not realized the DNS appended the domain on them.

Long story short, got them updated and it's all good! Thanks everyone!

* # ¿ Dec 26, 2023 19:43
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Hosting/Webhosting MEGATHREAD