Post Friends My journal
schnee

Sending emails to GMail accounts

Apr 23, 2024 22:57



I noticed just now that GMail is apparently making it more difficult for people to send email to GMail accounts. Specifically, using SPF or DKIM is now mandatory.

If you don't know what this means exactly, but you're using your own domain for emails, managed by your web hoster, then chances are they've got this set up for you. If not, email sent to GMail accounts might get bounced with messages like the following:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

example@example.com
host gmail-smtp-in.l.google.com [173.194.76.27]
SMTP error from remote mail server after end of data:
550-5.7.26 This mail has been blocked because the sender is unauthenticated.
550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM.
550-5.7.26
550-5.7.26 Authentication results:
550-5.7.26 DKIM = did not pass
550-5.7.26 SPF [example.com] with ip: [192.168.1.1] = did not pass
550-5.7.26
550-5.7.26 For instructions on setting up authentication, go to
550 5.7.26 https://support.google.com/mail/answer/81126#authentication

If this happens, your hoster will (probably) have information on how to set up an SPF record for your domain, and/or a frontend to set it up. If not, you can create it yourself. Here's what you need.

  1. Let's assume that your domain is example.com.
  2. Let's also assume that your hoster's SMTP relays used for outgoing mail are under the hoster.example domain.
  3. Finally, let's assume that you do not want to send mail through additional servers. (This is going to be sensible thing to do if you use your hoster's SMTP infrastructure exclusively and don't run your own SMTP servers.)
  4. Now: create two TXT records, one for example.com and *.example.com.
  5. Both should contain the following: v=spf1 mx include:hoster.example -all


As soon as this information percolates through the DNS system to Google, sending emails to GMail should work again. You won't get informed if sending an email works, BTW, but the lack of a bounce will indicate it does.

You can also use dig to check. dig is part of bind, so check your package manager for a package called bind-utils or so. Once installed, you can ask 8.8.8.8 (one of Google's nameservers) about your domain:

$ dig @8.8.8.8 "*.example.com" any

; <<>> DiG 9.19.23 <<>> @8.8.8.8 *.example.com any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7596
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;*.example.com. IN ANY

;; ANSWER SECTION:
*.example.com. 3600 IN MX 100 mx.hoster.example
*.example.com. 3600 IN TXT "v=spf1 mx include:hoster.example -all"
*.example.com. 3600 IN A 192.168.1.1
*.example.com. 3600 IN AAAA fc00:6a11:d10:d1c0::

;; Query time: 39 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Apr 23 22:45:46 CEST 2024
;; MSG SIZE rcvd: 167

Be sure to check both *.example.com and example.com. If your TXT records are there, things should work. If they don't, ask someone who knows more about these things than I do.

useful stuff, gmail

Leave a comment

Read comments 3
Previous post Next post
Up
Homepage Read journal... Full version Help Русская версия
© 1999-2025 LiveJournal, Inc.