I installed on a Google Compute Engine postfix as a MTA.
The Mails are sent via sendgrid.
Now any Mails (tests, errorlogs, cron...) to GMail are marked as Spam.
Sending the same mails from an normal server without sendgrid is no problem.
(I have many root-server and are just trying sendgrid)
Why does google think that every mail from sendgrid is spam?
try with this:
https://serverfault.com/questions/115161/fixing-my-mtas-poor-reputation
and Maybe your IP its reported in blacklist.
Try using other reserverved ip address in your instance.
https://developers.google.com/compute/docs/instances-and-network
For maximum deliverability, SPF and DKIM records need to be setup and properly configured in the DNS records for the domain you want to send mail from. Assuming you signed up for the [free tier of SendGrid][1], available to Google Compute Engine customers:
SPF: make sure the string include:sendgrid.net is present. The most basic setup would then be v=spf1 a mx include:sendgrid.net ~all, if all email for the domain is sent via Sendgrid this is enough. If you have more complex needs, use an SPF builder, such as Microsoft's.
DKIM: get it from the Google Apps account manager, under 'Settings for Gmail>Settings for Gmail'
After those two are in the DNS records for the domain in question, use the Port25 verifier to ensure all settings are correct. Of course, if you want to test whether mail from the server is properly setup for deliverability, send them email form the server. Same for email from Outlook, etc.
PS1: These instructions vary slightly if you are using a paid version of Sendgrid
PS2: All Google Compute Engine IPs are listed in Spamhaus PBL. Email should not come from these IPs directly (but if you have a specific reason to do so you can contact GCE Support - which is not free - and request that they add a reverse DNS record for you so you can start sending mail from this address directly).
Related
I don't have any technical problems, but I have a question that I would like to be answered out of curiosity.
Here is my current understanding of how email works:
One of the privileges of having your own domain is that you can hook it up to IMAP/POP3/SMTP servers and use them to send and receive messages to and from "anyone#yourdomain.com". With spam being such a problem, however, the SMTP server that you use to send messages must add a bunch of headers (DKIM, SPF, etc) to each message that you send in order to prove that the SMTP server has the authority to send emails from that domain. The receiving SMTP server can cross-check those headers with DNS records that it finds to verify the legitimacy of the email message.
So if you want to send emails with your domain cheaply, you can use Gmail's "Send Mail As" feature. I followed this help article to get mine working: https://support.google.com/domains/answer/9437157
Note: I unchecked the "Treat as an alias" option during the setup.
But wait... no additional DNS configuration required? I have my domain registered with Cloudflare, and there are no entries related to Google in there.
There is this step in the setup process:
But it seems that this only for Google to prevent you from using their servers to send spam. What is stopping Google from impersonating any email address they want? Why do receiving SMTP servers trust an email from "anyone#yourdomain.com" if Google's SMTP servers have no way of adding legitimate SPF/DKIM headers?
The short answer is that nothing prevents Google from doing this, and that DMARC was created for exactly this case.
There is nothing that stops Google from impersonating any domain. However, there are things receivers can (and should) do when they receive an email which isn't send from the server indicated in the From: field.
Try sending an email from the alias you just added to a different #gmail.com inbox. You will see that it says via gmail.com behind the sender email address. But other email receivers might do more: flag this message with red exclamation marks and scam warnings, throw it into spam or even deny receiving it completely. Gmail probably has some hardcoded trust, but try doing this from your own SMTP server and the above will very likely happen.
As you say in your question, you can authorize your emails by marking gmail.com as an authorized sender with SPF (which protects against forging from other domains, but doesn't stop Google), or even sign your emails with DKIM (not possible from Gmail UI, but you can do this in some email clients or send email with a custom Python script like me; Google can't do this without knowing the key).
However, that only solves one side of the problem – authorizing legitimate email messages. But what if an SMTP server still receives an unverified email? What if they have previously received an email from the same sender which was DKIM signed? What if DKIM passes, but SPF fails?
Because the behavior in that case is largely unspecified, and also the sender wants to check if their DKIM/SPF authorizations are actually working, and if anyone is attempting to spoof them, another standard was created: DMARC. It introduces another DNS TXT record where you can say what checks are required to pass, what to do if they fail, and also what basic analytics should the receivers report to the owner of the domain.
Of all webmail client providers, Google's Send mail as is actually the most well-implemented for a variety of reasons.
First of all, how it works is not different from when you set up POP3 or IMAP using a mail client like Outlook or Thunderbird. You have to specify the domain and port where you receive emails from, and the domain and port where you send emails from. For example, Google's incoming and outgoing servers for IMAP are as follows:
imap.gmail.com:993
smtp.gmail.com:465
The Send mail as feature is a partial implementation of that. It only implements the outgoing part.
How mail clients like Outlook and Thunderbird send emails, is basically that it sends the email to the outgoing mail server, and the outgoing mail server then sends the email. Usually, outgoing mail servers will require some sort of authentication, and will allow authenticated users to only send from specific email addresses.
Gmail works the same way. The outgoing mail server is the one that has to pass the SPF and DKIM tests, not Google's servers.
No other webmail clients do this. Hotmail used to do this, but they recently removed the feature. Now, the option is very difficult to find, and they just rewrite your FROM address and sends your email from Hotmail's SMTP server, which creates delivery problems.
They don't provide you with the option to send emails from another SMTP server, because this allows people to very easily set up virtual mail servers that can send emails under a domain of your choice, but use say a typical free Hotmail account to store incoming mails. This takes away business from their paid services, because both Hotmail and Gmail sell the option to host your company emails. I'm sure Google also knows about this, but it is really awesome of them to still keep the option available to free Gmail users.
If you want to learn more about virtual email servers, you can check out this article here: https://blog.terresquall.com/2022/01/setting-up-a-virtual-postfix-mail-server-part-1/
Given an email address, like "user#example.com", I'm trying to ascertain information about the email server they use, information like:
Domain
Port
Uses TLS
Currently, I can split the email address into two parts (for instance user and example.com), then do a MX lookup on the domain in order to attempt to ascertain the mail domain used:
dns.resolveMx(hostname, callback)
However, several hosts seem to use other servers than those (for instance, JustHost encourages all their domains from example.com to justXX.justhost.com in order to provide them with TLS) and attaining those is proving to be tricky.
The port is okay, as long as they use a default port, else as far as I can see it's impossible and TLS is easy to work out as long as I have both the domain and the port in order to contact the server.
Since all these methods seem unreliable at the best of times, are there better methods of ascertaining this information? This is in relation to making a mail client, which attempts to logon to the mail server to retrieve emails, and using the SMTP protocol in order to send emails from that server.
The only information that you can rely on is what is available in DNS. This is all of the info that is needed to send mail for a given address.
If you want to receive emails then it's an entirely different story. You didn't mention which mail server you need. The server that gets the incoming email? The server that lets user send email? The server that lets users download their emails? I'm assuming that you want the server that you can send email for that domain to - what is available as MX in DNS.
You didn't mention why you need that info but if you want it so you could send emails for those domains then you can sonsider using a transactional email service like or Mailgun, Mandrill or Amazon SES because it will handle all of those details for you. But you didn't say what is the purpose of getting that info so I don't know if that will help you, I'm adding it just in case.
I have been using Google mail application. I have created one email address in Google Mail.
I need to add some more email address and Google is very expensive to create emails. So I am planing to use Zoho for others emails. For example, I created info#example.com in Google application and I want to created santosh#example.com in zoho.
Is it possible.
The first thing you might thought about to setup two MX record (one from Zoho and another one from Google Apps) with different priority could work, but it won't work like that. Single mail server MX can be set as default. You can set two different MX record but that would work as fail-over, it can't split your delivery.
Yes it is possible, the technology called Dual Delivery OR Split Delivery. When emails are addressed to email addresses that are not found in one mail server it will send its delivery to another mail server and even can split them.
For example
domain.com has default mx record set to Zoho. User abc#domain.com is set under google apps & user xyz#domain.com under Zoho. Now if someone send mail to abc#domain.com which is configured under google apps, so the first request transferred to Zoho but zoho cannot found that email within organization so it will push the request to Google apps and will deliver the mail in its inbox.
Google Apps also offer dual delivery but unfortunately its available for Google Apps for Work account only. Zoho is offering it for all type of accounts so you still have chance to get it done via zoho.
Solution
Set up your domain MX record to Zoho
Configure delivery as per guideline mentioned here
https://www.zoho.com/mail/help/adminconsole/email-routing.html
If you would like to keep google apps account as primary then setup instructions can be found here https://support.google.com/a/answer/96855?hl=en
I want to use node-mailer module to send emails to registering users on app for verification and other purposes also. I am not sure which transport mechanism to use so that emails I send are not a spam and also get delivered.
I also want to use the same domain to receive emails regarding support and bugs(i.e lets say on email on support#example.com). I am planning to set-up google apps account for this. Basically I will set-up the google apps account with me being an user and having an alias support#example.com. So can I also set-up an alias with say admin#example.com and send the emails using nodemailer from my app using this email address? But obviously I don't want to store my email id and password for google apps in the code for security reasons. So how Should I do it?
Other option is to Amazon SES, I believe its a good service and would be very useful. But can I use the same domain name for serving email from AMAZON SES and google apps also being able to host my app? So how to send emails from AMAZON SES by authenticating SPF and DKIM so that these emails reach the inbox of the user.
Saransh,
You absolutely can use the same domain and email address with both Google Apps and AmazonSES without any issues. When it comes to receiving emails, all messages have to be directed to a single server (your MX records). But sending email is very different in that you can send email from many different sources without any issues.
To ensure your messages don't go to the SPAM folder just be sure to properly authenticate all your messages with SPF and DKIM. I'm not sure how this works with AmazonSES, but it was really easy with the provider that I chose for my email http://socketlabs.com
I have a domain hosted at Dreamhost -- foobar.com. It has Google Apps associated with it: the 50 free email accounts which are no longer available for a new domain. I just got another domain -- foobar.edu. I want foobar.edu to become my main domain, but I still want to use the free Google Apps associated with foobar.com to handle incoming mail.
My question: Can I adjust the MX records of foobar.edu so that incoming messages to anyone#foobar.edu will be redirected to anyone#foobar.com and then be handled by my Google Apps?
I can adjust the DNS for both foobar domains, but I don't think that I can ask Google's foobar.com account to also handle foobar.edu emails directly.
if you need just catch email on domain and forward to you other mailbox, you can use http://improvmx.com/ just by adding MX records to your domain
No. You can use MX records to direct mail destined for anyone#foobar.edu to any mail server you want, but when the mail is presented to the chosen mail server, it will still be destined to anyone#foobar.edu.
In other words, email forwarding can't be controlled using MX records.
It's the receiving mail server's job to re-send an email to a "forwarding" address.
As Celada saw, with DNS you can't.
You can do that with Google Apps Default Routing: https://support.google.com/a/answer/2368153?hl=en
As suggested in this question, you'd need to point your MX records to a service that supports mail redirection
It can be only done with advanced DNS routing and it is not freely available, It would be more easier if ou have had Google Apps for business. There is only one company who can allow you to manage Email DNS routing and that is ZOHO. The implementation would be a bit complicated, but possible.
Register account for foobar.edu in Zoho, Verify domain then change MX record. Manage it's Email Routing Options and Manage redirection to different accounts.
Check some of Screenshots i have tested on and it worked. Also check zoho dns email routing guide.
https://www.zoho.com/mail/help/adminconsole/email-routing.html
I hope this will help you!