Thanks all. I'll answer comments here in one email. I use a single mail host (mail.simonandkate.net) as MX for a range of family domains on a fixed/business IP address through a high quality ISP (not a variable IP, not in a dial-up block). I've had the same IP address for about 7 years. It has a good reputation, sends < 1k emails per week, and I monitor blocklists. Neither the domain nor the IP are on spamhaus or other BLs. My parents' domain is howiesue.net, we've owned it for about 10 years. Its inbound MX and outbound SMTP host is mail.simonandkate.net, which has a valid PTR associated with the IP address noted above (again, which has been in place for many years).
howiesue.net has a valid hard-fail/reject SPF policy for the IP mail host we use, we DKIM sign all outbound messages with a 1024-bit key, and valid DMARC is setup. I have the domain in Google Postmaster Tools, but is too low volume to generate any data. I'll have a look at DNSWL.org - thank you Randolf for that suggestion. The error message from Google is specifically: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail originating from your SPF domain [howiesue.net 35]. To protect our users from spam, mail sent from your domain has been temporarily rate limited. For more information, go to https://support.google.com/mail/?p=UnsolicitedRateLimitError to review our Bulk Email Senders Guidelines Google search tells me this is NOT the message they use when the IP address is the issue, but that they are having some unknown issue with the domain. I've checked my logs, and the domain is not compromised; he's sent a total of 10 emails in the last week lol... This one that Gmail have decided to block is the first to Gmail this week, but he regularly sends to the people on that list. The email contains 15 Gmail recipients, and is still deferred 12 hours later. I've tested and they accept email from me to individuals on his list from the same mail host from my personal domain - reinforcing that we don't have an IP rep issue. Randolf - I've reviewed the Google support doc on deferred email, and there is nothing in there that I need to change - we use TLS (with valid certs), have valid PTRs and other DNS records, have SPF (with hard fail / reject requested for non-authorised IPs) and DKIM, DMARC, and are not sending spam, it's personal email not bulk. There is no reason on that page which I can see which gives them reason to defer us. When I follow their troubleshooter, it drops me to the contact form Randolf mentions, but I cannot achieve any progress because you *have* to include "To help us investigate a message that was rejected or blocked, please provide the full headers from a recent message (less than 12 days old)". That header has to be from the RECEIVED end, i.e. Gmail - which I cannot do because to do that I'd have to actually be able to get an email through from the domain. I tried sending log details of the deferral with info on our compliant setup, and the "ticket" is auto-closed because it doesn't include the headers they "need". I think I'm just going to need to tell him to set up a different way to contact his friends instead of this list... If I've missed something, I'd love to hear it. Simon On Saturday, December 30, 2023 20:28 AEST, Eduardo Díaz Comellas via mailop <mailop@mailop.org> wrote: I've seen problems like this because of ISP listing large net locks as "dialup" and not supposed to send email directly. Check spamhaus' PBL: https://www.spamhaus.org/pbl/ Best regards El 30 de diciembre de 2023 7:40:59 CET, Simon Wilson via mailop <mailop@mailop.org> escribió:I know, I'm not alone in this... :( I like to think that it's still feasible to run one's own email. I have for many years, and currently manage about a dozen email domains for family and friends. Most of the time all good. Then today my dad says to me "Why am I getting these bounce messages?" I check, and Gmail are deferring an email he sends every week to a group of friends, 20 all up, 15 of them on Gmail, saying his SPF domain is a source of unsolicited email (421-4.7.28). Outlook and Hotmail accept OK. This domain is old, not compromised, has SPF, DKIM (1024bit), DMARC, all valid. We send using TLS. We have correct PTR. His emails go out fully signed and pass checks. We don't send commercial emails, and that domain name is low volume and all emails individually written and sent through a webmail client, none of it is automated. Are we wasting time even trying any more? You can't even submit a request to them for help, because they ignore it unless you attach valid and current mis-classified headers from within gmail. Umm.. how can I do that when they're not accepting the email? Simon WilsonM: 0400 121 116 -- Simon Wilson M: 0400 121 116
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
