Several open-source free email providers, such as GMail, Yahoo, Hotmail, etc., have changed their policies for email services. In order to combat spamming, they have tightened security. You need to authenticate your domain from which you send email to these networks with SPF, DKIM and PTR/rDNS records.
Problem 1:
For Example: If your domain does not have PTR records and you send an email to GMail network, you should receive a bounced back message like this:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
[email protected]
host gmail-smtp-in.l.google.com [X.X.X.X]
SMTP error from remote mail server after end of data:
550-5.7.25 [X.X.X.X] The IP address sending this message does not have a
550-5.7.25 PTR record setup, or the corresponding forward DNS entry does not
550-5.7.25 points to the sending IP. As a policy, Gmail does not accept messages
550-5.7.25 from IPs with missing PTR records. Please visit
550-5.7.25 https://support.google.com/mail/answer/81126#ip-practices for more
550 5.7.25 information. bn40-20020a05620a2ae800b0076ca3a2ee0esi4407129qkb.232 - gsmtp
Solution 1:
For PTR related problems, you can refer the following article to resolve PTR / rDNS problem:
How Do I Setup RDNS/PTR Record At Accuwebhosting?
How Do I Add RDNS Record For My VPS?
Problem 2:
As an example, if your domain does not have SPF or DKIM records and you send an email to GMail network, you will receive the following bounced back message:
host gmail-smtp-in.l.google.com [X.X.X.X]
SMTP error from remote mail server after end of data:
550-5.7.26 This mail is unauthenticated, which poses a security risk to the
550-5.7.26 sender and Gmail users, and has been blocked. The sender must
550-5.7.26 authenticate with at least one of SPF or DKIM. For this message,
550-5.7.26 DKIM checks did not pass and SPF check for [example.com] did not
550-5.7.26 pass with ip: [X.X.X.X]. The sender should visit
550-5.7.26 https://support.google.com/mail/answer/81126#authentication for
550 5.7.26 instructions on setting up authentication. v18-20020a0cdd92000000b0063f7d0679a1si3788958qvk.139 - gsmtp
Solution:
If you have cPanel hosting service then you can add SPF and DKIM records from your hosting panel itself. You can refer following knowledge base for it:
How To Get SPF, DKIM And PTR Record For Email Deliverability From CPanel?
If you have Windows VPS hosting service then you can refer following knowledgebase for it:
How To Create An SPF Record For A Domain?
How To Enable DKIM For A Domain In SmarterMail 16.X?
How To Create DKIM Record For Domain In MailEnable?
Once you create required DNS records, you will have to add these records in your domain DNS zone. Once you add these records, it will take 12-24 hours for DNS propagation around the globe.
If you have opted for a Windows shared hosting service then you can contact our support team from your client area at https://manage.accuwebhosting.com.
Problem 3:
Recently, GMail has set email rate limits for particular domains and IP addresses. If your domain or IP address reaches these limits, you should receive a bounce back message like the following:
SMTP error from remote mail server after end of data: 421-4.7.28 [X.X.X.X] Our system has detected an unusual rate of\n421-4.7.28 unsolicited mail originating from your IP address. To protect our\n421-4.7.28 users from spam, mail sent from your IP address has been temporarily\n421-4.7.28 rate limited. Please visit\n421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to\n421 4.7.28 review our Bulk Email Senders Guidelines. q9-20020a1709064c8900b0099b46fc04f6si2343345eju.1006 - gsmtp
Solution:
For those who have chosen either Windows or Linux shared hosting, you can reach out to our support team via your client area in order to identify the root cause of the issue and implement a solution.
If you've opted for VPS or Dedicated server services, it's important to consider the following steps:
- Ensure the security of your website's contact form by implementing rCaptcha.
- Verify that you have a double opt-in verified mailing list.
- Update all third-party applications, themes, and plugins to their latest versions.
- Reset passwords for all email accounts and establish strong passwords for each.
- If the comment box is enabled on your blog/CMS, enhance its security by adding both login protection and rCaptcha.
- Validate your script with the developer to ensure its security and authentication through email.
Problem 4:
It is important to note that GMail only accepts mail with proper authentication. If we try to send mail without authentication, we will receive the following bounceback message:
This message does not have authentication information or fails to pass authentication checks
Following is a common bounce email:
Diagnostic-Code: smtp; 550-5.7.1 This message does not have authentication information or fails to pass
550-5.7.1 authentication checks. To best protect our users from spam, the
550-5.7.1 message has been blocked. Please visit
550-5.7.1 https://support.google.com/mail/answer/81126#authentication for more
Solution:
This is related to authentication headers for incoming emails. Many ISPs like Gmail, reject this email if there are no authentication headers available. This is verified all the time and it will be rejected if the authentication header is not passed using the DKIM public key.
To resolve this, we just need to setup the DKIM key from the mail server and we need to add a DNS record if the client is using our DNS service. Once the record is created, we can test whether DKIM is passed or not using the port25 tool.
That's all.
