Weird Spoofing Alert

Alex Read

Active Member
Hi

I'm getting this alert in my inbox from emails that are sent from my own G Suite account.

Any idea what could be causing this?

Alex
 

Attachments

  • Spoof Alert.jpg
    Spoof Alert.jpg
    98 KB · Views: 9
Hi

I'm getting this alert in my inbox from emails that are sent from my own G Suite account.

Any idea what could be causing this?

Alex
Can you send a screen shot (redacted for privacy of course) of »the result« when you click on Gmail's top right corner menu option 'show original'?

GmailTopRightCornerMenu.jpg
 
https://pastebin.com/c4Ufk1GU

I have it on another domain on the server. I assume it's an incorrect record somewhere.

Maybe this gives a clue?
Code:
spf=permerror (google.com: permanent error in processing during lookup of name@lab41.co: mailgun.org~all not found)
 
It was a space before ~all! I hope this fixes it. :-) Thanks for the help and guidance. I wasn't sure where to start looking!
 
It was a space before ~all! I hope this fixes it. :) Thanks for the help and guidance. I wasn't sure where to start looking!
You are welcome! When you setup a DS, send yourself a confirmation message to your gmail account and see that show origina´ls and you will know if you setup the authentications properly (and the green lock) ;)
 
(and the green lock)?
If the email was sent making encrypted connections (SSL/TLS) then a number of mobile clients will show a green lock (similar to web browers when using httpS). And when gmail does not receive that, it flags it as unsafe (and recipients view that as negative, which harms the open/click rate).
GmailGreenLock.jpg
 
Hi

I've also seen this recently:
But reverse DNS must be correct or you will get mails rejected at many email systems.

Can you explain that a bit and how to check/fix it?

Not even sure where to begin!
 
Hi

I've also seen this recently:


Can you explain that a bit and how to check/fix it?

Not even sure where to begin!

rDNS/PTR: IP -> domain (opposite of your A record: domain -> IP), but domain should actually be rather a FQDN
e.g.
https://www.nslookuptool.com/#PTR&204.194.223.101 -> smtp-soi-g01-101.aweber.com
https://www.nslookuptool.com/#A&smtp-soi-g01-101.aweber.com -> 204.194.223.101

https://en.wikipedia.org/wiki/Reverse_DNS_lookup

# if your host is the admin for rDNS: then either your host allows you to set rDNS in their web gui, or you need to open a ticket to have them do it
# if it is at a third party provider, then in their interface, e.g.:
https://help.dnsmadeeasy.com/managed-dns/dns-record-types/pointer-ptr-record/
https://www.cloudns.net/wiki/article/40/
https://www.cloudflare.com/learning/dns/dns-records/dns-ptr-record/

In any case, if sending from an IP, the smtp banner should match the rDNS (see test results of mail-tester or mxtoolbox or dnstools), as otherwise deliverability suffers.
 
Yikes. I think I get it.

So I do this:
1) https://www.nslookuptool.com/#A&kathreadwrites.agency which gives the IP 104.24.122.209
2) I then put the IP into https://www.nslookuptool.com/#PTR&104.24.122.209.
and if I get an X everywhere I need to fix it?

To Fix It:
1) I use Cpanel shared so I guess I need to open a ticket.
2) But what do I tell them to set it to?
I can't work out how to get this part for my domain '147.94.208.in-addr.arpa.'
(I'm basing it off https://help.dnsmadeeasy.com/managed-dns/dns-record-types/pointer-ptr-record/)
3) Do I need a PTR record for EACH addon domain that I'm sending from?
4) Does it make a big difference to deliverability?

Thanks for your help & patience!
 
I need to fix it
only if u send from that ip

Cpanel shared
shared hosts will most likely not allow u to use their ip for rdns ;)
but if it is your own (rented) ip (not shared), then it could work

however, 104.24.122.209 is a cloudflare ip, so this is neither your ip nor of the shared host...

3) Do I need a PTR record for EACH addon domain that I'm sending from?
see earlier post re banner match

4) Does it make a big difference to deliverability?
it can mean, depending on receiving server, the difference between full inboxing and complete rejection

if u do a test as suggested in the earlier post, then the results should be useful (feel free to post them if u want further hlp)
 
Hi

I've configured 5 email servers.
2 send correctly to inbox.
3 are going straight to spam in gmail.

Spam Demo 1: https://pastebin.com/mJua9mSS
Spam Demo 2: https://pastebin.com/2zxyKXkZ
Spam Demo 3: https://pastebin.com/BgcKEP2C

NOTE: Emails have the same body copy. The only change is the subject line, but I don't think the subject line is the reason.

Is there anything I'm missing? Would love your 2 cents!
1st cent: just read/follow the previous posts thoroughly
2nd cent: simply post the results of mail-tester.com for each problem domain/ip
 
Back
Top