Several family members have domains (mostly at 123-Reg) and use email forwarding for xxx@<their domain> to their personal addresses (eg at Gmail, Virgin, BT, whatever).
Increasingly they're finding that mail sent *from* their domain addresses is ending in recipient junk folders.
How they send varies: my dad used Thunderbird on Ubuntu (so maybe not entirely OT!), my wife sends via Gmail, others I'm not sure but probably thinks like Outlook/Outlook Express (or whatever it is these days). They'll be using the SMTP settings of their ISP or personal mail provider (eg my wife will be sending via Gmail using her own domain set up as an alias).
Since I have several people with issues - and especially since one of them is my wife! - I want to take a fresh look at all of this and get things right. I'm guessing that this is going to involve SPF, DKIM, DMARC stuff that I don't really understand but have succeeded in setting up before.
It feels like something that must be a sufficiently common issue that there would be plenty of help out there but it's one of those issues where I can't see the wood for the trees in any search I try, so I'm hoping someone here might have some pointers?
The more that can be done server-side the better as that reduces the need for me to help lots of people configure lots of different clients. If I need to move domains from 123-Reg that's not out of the question - indeed I have plans to do that to somewhere I can control DNS, mail forwarding, etc via APIs anyway.
On 19/10/2021 09:41, Mark Rogers wrote:
Several family members have domains (mostly at 123-Reg) and use email forwarding for xxx@<their domain> to their personal addresses (eg at Gmail, Virgin, BT, whatever).
Increasingly they're finding that mail sent *from* their domain addresses is ending in recipient junk folders.
Have you got a reverse DNS record for the MX ip address?
On Tue, 19 Oct 2021 at 10:49, Bill Hill mail@wbh.org wrote:
Have you got a reverse DNS record for the MX ip address?
The MX IP's will be those of (in this case) 123-Reg who handle the mail forwarding, and they do have reverse DNS, eg: https://mxtoolbox.com/SuperTool.aspx?action=ptr%3a94.136.40.235&run=tool...
But they don't reference the domains in question, is that an issue?
On Tue, 19 Oct 2021 09:41:58 +0100 Mark Rogers mark@more-solutions.co.uk allegedly wrote:
Several family members have domains (mostly at 123-Reg) and use email forwarding for xxx@<their domain> to their personal addresses (eg at Gmail, Virgin, BT, whatever).
Increasingly they're finding that mail sent *from* their domain addresses is ending in recipient junk folders.
[ some deletia ]
Mark
It is becoming increasingly difficult to /successfully/ send mail from a personal domain, particularly when that domain is not recognised as pne of the big email providers. (I speak as someone who runs his own mail server, and has done for well over a decade, and is becoming increasingly exasperated by the hoops I have to go through to get mail delivered. It is almost as if there were some global conspiracy aimed aat stopping anyone other than a major ISP being allowed to send email. Paranoid? Me?)
The most important record is the SPF txt record in the DNS, followed by a DKIM record, then DMARC. I sucessfully get by with a simple SPF record because I send FROM the MX server for my domains and I have good DKIM records for each domain. I have no DMARC records, but I may have to in future. Things can get complicated if you send mail from a server other than one on your own domain (say google) because you have to tell the world that their server is allowed to send on your behalf. Google has a good explanation of how to set up SPF if you use them to send at https://support.google.com/a/answer/10684623?hl=en and digitalocean also has very similar advice at (https://www.digitalocean.com/community/tutorials/how-to-create-a-spf-record-...
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia ---------------------------------------------------------------------
My bank write to me regularly suggesting I sign up for email notification of when my statement is available to view online. I did sign up years ago and have phoned several times to remind them, and also point out that I do in fact get email notifications. Problem seems to be whatever system they use to check email has gone doesn't recognise my personal address as valid so even though they can and do send to it they don't know they have.
Back in my techie writing days I wrote a few pieces about technical debt and banks seem to be the worst. They were early into computerisation when most people thought an electric calculator was pretty hot but ever since they've been bolting on extra features and adding bells and whistles while the underlying systems are held together with sticky tape.
Phil Thane www.pthane.co.uk Tweet @pthane 01767 449759 07582 750607
On 19/10/2021 19:24, mick wrote:
On Tue, 19 Oct 2021 09:41:58 +0100 Mark Rogers mark@more-solutions.co.uk allegedly wrote:
Several family members have domains (mostly at 123-Reg) and use email forwarding for xxx@<their domain> to their personal addresses (eg at Gmail, Virgin, BT, whatever).
Increasingly they're finding that mail sent *from* their domain addresses is ending in recipient junk folders.
[ some deletia ]
Mark
It is becoming increasingly difficult to /successfully/ send mail from a personal domain, particularly when that domain is not recognised as pne of the big email providers. (I speak as someone who runs his own mail server, and has done for well over a decade, and is becoming increasingly exasperated by the hoops I have to go through to get mail delivered. It is almost as if there were some global conspiracy aimed aat stopping anyone other than a major ISP being allowed to send email. Paranoid? Me?)
The most important record is the SPF txt record in the DNS, followed by a DKIM record, then DMARC. I sucessfully get by with a simple SPF record because I send FROM the MX server for my domains and I have good DKIM records for each domain. I have no DMARC records, but I may have to in future. Things can get complicated if you send mail from a server other than one on your own domain (say google) because you have to tell the world that their server is allowed to send on your behalf. Google has a good explanation of how to set up SPF if you use them to send at https://support.google.com/a/answer/10684623?hl=en and digitalocean also has very similar advice at (https://www.digitalocean.com/community/tutorials/how-to-create-a-spf-record-...
Mick
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia
main@lists.alug.org.uk http://www.alug.org.uk/ https://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
On Tue, 19 Oct 2021 at 19:24, mick mbm@rlogin.net wrote:
It is becoming increasingly difficult to /successfully/ send mail from a personal domain, particularly when that domain is not recognised as pne of the big email providers.
It's not just me then! would have been easier to fix if it was though!
Google has a good explanation of how to set up SPF if you use them to send at https://support.google.com/a/answer/10684623?hl=en and digitalocean also has very similar advice at (https://www.digitalocean.com/community/tutorials/how-to-create-a-spf-record-...
Thanks for these, I'll take a look.
As I understand it, in broad terms this involves telling the Internet which hosts are allowed to send mail for the domain, and what to do with mail that doesn't match that?
Taking one example, I have a couple of family domain names which I manage, where mark@ comes to me, mike@ goes to my Dad, and so on. Each of the people have their own mail configurations; mine pretty much always goes through Google (I got set up on their workplace package back in the days when you get a 50-user account for free and I'm reluctant to give that up!), my Dad uses Virgin, my uncle uses BT Internet, etc. Am I on a hiding to nothing here? (I could set up my own mail server, but then I'd have to reconfigure everyone's phones, laptops, etc and maintain that configuration - and I really don't want to go there!)
On Wed, 20 Oct 2021 09:24:41 +0100 Mark Rogers mark@more-solutions.co.uk allegedly wrote:
As I understand it, in broad terms this involves telling the Internet which hosts are allowed to send mail for the domain, and what to do with mail that doesn't match that?
Yes.
Taking one example, I have a couple of family domain names which I manage, where mark@ comes to me, mike@ goes to my Dad, and so on. Each of the people have their own mail configurations; mine pretty much always goes through Google (I got set up on their workplace package back in the days when you get a 50-user account for free and I'm reluctant to give that up!), my Dad uses Virgin, my uncle uses BT Internet, etc. Am I on a hiding to nothing here?
No, it just complicates the SPF record. You will need an "include:" for all the mail systems which are allowed to send mail from your domain.
(I could set up my own mail server, but then I'd have to reconfigure everyone's phones, laptops, etc and maintain that configuration - and I really don't want to go there!)
And you might then find that no-one will accept mail from your domain at all. As I said, it is becoming increasingly difficult to get email accepted unless it comes from a large recognised source. Practically ALL email systems will reject email if it comes from an IP address recognised as being on a DSL line (so that means that you couldn't host at home). I have also had numerous systems (usually the smaller ones run by idiots) "blacklist" my server's IP address on the gounds that it is hosted on a VM in a large datacentre which may, just may, also host spammers.
It takes time to gain a decent email reputation.
Good luck
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia ---------------------------------------------------------------------
On Wed, 20 Oct 2021 at 14:23, mick mbm@rlogin.net wrote:
No, it just complicates the SPF record. You will need an "include:" for all the mail systems which are allowed to send mail from your domain.
IIRC the SPF record can either tell recipients to reject mail that doesn't come from those mail systems, or simply say nothing about them? (I'm all for putting the effort in to improve things for the systems I know about, but I don't want to break the ones I don't know about in the process.)
(I could set up my own mail server, ...,
And you might then find that no-one will accept mail from your domain at all. As I said, it is becoming increasingly difficult to get email accepted unless it comes from a large recognised source.
Fair point.
I have looked at third parties to provide this, eg forwardemail.net, but I don't know whether that would help or hinder (and I'd still have to take care of SPF records etc)
On Thu, 21 Oct 2021 12:05:26 +0100 Mark Rogers mark@more-solutions.co.uk allegedly wrote:
On Wed, 20 Oct 2021 at 14:23, mick mbm@rlogin.net wrote:
No, it just complicates the SPF record. You will need an "include:" for all the mail systems which are allowed to send mail from your domain.
IIRC the SPF record can either tell recipients to reject mail that doesn't come from those mail systems, or simply say nothing about them? (I'm all for putting the effort in to improve things for the systems I know about, but I don't want to break the ones I don't know about in the process.)
Yes, the SPF record can say "accept mail from this server, and pnly this server, reject all others". You can see examples of the correct syntax at: http://www.open-spf.org/SPF_Record_Syntax/ and you can test syntax at: https://www.kitterman.com/spf/validate.html
For example, my domain SPFs are: "v=spf1 mx -all" which says, "accept mail from any MX host for this domain and reject it if it comes from anywhere else".
(I could set up my own mail server, ...,
And you might then find that no-one will accept mail from your domain at all. As I said, it is becoming increasingly difficult to get email accepted unless it comes from a large recognised source.
Fair point.
I have looked at third parties to provide this, eg forwardemail.net, but I don't know whether that would help or hinder (and I'd still have to take care of SPF records etc)
Yep - if you manage the DNS then you are responsible for ensuring the SPF records are correct.
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia ---------------------------------------------------------------------
-
Bill Hill -
Mark Rogers -
mick -
Phil Thane