On Thu, 19 Nov 2020 at 13:58, Paul Waring <p...@xk7.net> wrote: > No, they say: > > SPF: PASS with IP 2a00:1098:82:b3:0:0:0:1 > DKIM: 'PASS' with domain xk7.net > DMARC: 'PASS' > > There is no warning about no authentication (and there shouldn't be). > > > My SPFs tend to be slightly more verbose, remembering the ten lookup max > > guide... > > I usually start from structure of "v=spf1 a mx a:any.additional.domain > > ip4:10.10.0.1 ip6:anot:her::ipv6:addr:ess ~all" (I have a couple of edge > cases > > for some of my email sending) > > I only send xk7.net mail via this server so mx should be fine. Any mail > from xk7.net coming from any other server should be rejected (and > ideally notified, but I'm not sure that Google does anything with DMARC > records in that regard). > > > Is your DKIM at least 1024 bits? > > Yes, it is 2048 bits: > > openssl rsa -text -noout -in dkim.key > RSA Private-Key: (2048 bit, 2 primes) >
Nothing untoward there. Hmm. Again sorry, managed to mash send prematurely. Your PTR and MTA hostname are all good. "-all" might give you some FPs sending through some mailing lists, that's mostly it. Personally I'd move it off MB's domain to one of your own. I don't pretend to know the inner workings of GMail's sender scoring, habitually I prefer to have a server on its own domain to avoid even the slightest possibility of sharing any parent domain's reputation in addition to all the normal SPF verification. I'm sure Mr. Long will comment to confirm whether this is or isn't a factor :-) I have a few MB servers on various IP ranges, they've been fine to GMail as soon as the appropriate DNS & MTA config for dual stack was done. Only ever had sporadic issues delivering to O365 for one customer, which I suspect is more likely due to a potentially 'sensitive' word in their domain (and company name!). FWIW when I cutover email for a client recently on their domains I opted for new-everything including DKIM keys, no ill effects observed. Do you know if GMail is considering your emails spam (grey banner) or phishing? (There'll be a "Report not phishing" menu option for the message in the web interface.) Incidentally Barracuda thinks your domain category is "motor-vehicles" ;-) Unfortunately you might have been algorithmed for no obvious reason. You've already done everything I would suggest and check. Any different if you send not from paul@? Any different if you send from a different domain on same server?
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
