Slow Email, SPF Softfail


#1

I’m forwarding my dreamhost email (me@mydomain.com) to my gmail account. And sometimes there’s a 1-2 hour delay!
I setup gmail to reply as me (a long time ago)
When I send email to someone, like my wife, who also has the same setup (with her separate gmail account), I’m getting the softfail:

Received-SPF: softfail (google.com: domain of transitioning
myuser@gmail.com does not designate 69.163.253.136 as permitted sender)
client-ip=69.163.253.136;

Per: https://support.google.com/a/answer/178723?hl=en

Adding the spf TXT record with google value doesn’t seem like it will help. Seems like it is the opposite and I’d need google to add dreamhost (which I know isn’t going to happen).

I’m wondering if the problem is the way in which I added my “account” to gmail.
A long time ago, you could add an “account” to gmail simply by click settings, account, add another email address you own, and it would send you a code. After typing in the code, the new email address (1@mydomain.com) would show up in the list. Now, when you “add another email address you own” it prompts for SMTP server, user, pass. Is this the cause of my issue? Do I need to switch to sending my non-gmail email thru the dreamhost SMTP servers?

I attempted to setup the gmail “add account” but none of the SMTP settings worked (and I tried them ALL). The default option (port 587, secure using TLS) says:

Authentication failed. Please check your username/password.
[Server response: Unspecified Error (SENT_EHLO): Unable to send AUTH command over non ssl connection code(0) ]

So, in summary:
How should I use my custom domain at gmail? Forwarding seems to be causing the SPF/delay issue.
Should I just setup google as the MX? Is that still free?

Thanks
[hr]
Somewhat related to this old thread, but not quite: https://discussion.dreamhost.com/thread-129658.html


#2

The SPF softfail message you’re getting indicates that, for some reason, your GMail account is trying to send mail, addressed from “gmail.com”, using DreamHost’s mail servers. Can you include some more of the mail headers (in particular, all of the “Received” headers) so that I can see where the message is going from and to?

My first inclination would be to think that something about your GMail account’s settings is making it try to send mail through DreamHost’s web servers, rather than sending it itself. As a first step, I’d try removing everything referring to DreamHost from your GMail settings and see if that corrects the SPF issue. You can add it back later once things are working properly.


#3

Delivered-To: lumisura@gmail.com
Received: by 10.50.78.4 with SMTP id x4csp686821igw;
Thu, 9 Oct 2014 09:31:40 -0700 (PDT)
X-Received: by 10.67.12.175 with SMTP id er15mr584989pad.143.1412872299912;
Thu, 09 Oct 2014 09:31:39 -0700 (PDT)
Return-Path: gabe.misura@gmail.com
Received: from homiemail-mx18.g.dreamhost.com (mx1.sub4.homie.mail.dreamhost.com. [69.163.253.136])
by mx.google.com with ESMTP id at7si1206829pac.112.2014.10.09.09.31.39
for lumisura@gmail.com;
Thu, 09 Oct 2014 09:31:39 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning gabe.misura@gmail.com does not designate 69.163.253.136 as permitted sender) client-ip=69.163.253.136;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning gabe.misura@gmail.com does not designate 69.163.253.136 as permitted sender) smtp.mail=gabe.misura@gmail.com;
dkim=pass header.i=@gmail.com
Received: from mail-ig0-f175.google.com (mail-ig0-f175.google.com [209.85.213.175])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(No client certificate requested)
by homiemail-mx18.g.dreamhost.com (Postfix) with ESMTPS id 7131727626A
for lu@misura.org; Thu, 9 Oct 2014 09:31:39 -0700 (PDT)
Received: by mail-ig0-f175.google.com with SMTP id uq10so13522696igb.2
for lu@misura.org; Thu, 09 Oct 2014 09:31:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:sender:date:message-id:subject:from:to:content-type;
bh=ktiSL03ExMquujUBkRy2KvFUS7lrXkxkKX1rA3tkgBs=;
b=IWOIp7fKlvY/OoYIdzr1FeaX1W3chvIM2VO7lktteqYet96l76PuXRlMuiB0QSbjDi
QB3urr33/5Xv+tUiYLdnX/HqSM6ESMX9F6WUgV5DQhxFzIxqLnYSmoD0j0+ryrG6kyUz
X8OSLzcldJair1yvxj38BAFlP9+iuEvxBNLuQf4Uar5BHtSBJr4N1M13I0A1hnubrYc1
xOZo33pipkSjr8L67C/3iV5aj5GdheZirEesGQB8NPotimyAbBkkJsgHwcDugFn7/DtS
5cLwahhrGEcMAbV2Tlvp3k1mpBglGdV4BSUNtX3uxSgNvzerHqf9AqLYBp2KkwcgWmoM
Q0Fw==
MIME-Version: 1.0
X-Received: by 10.42.10.209 with SMTP id r17mr9208353icr.65.1412868965914;
Thu, 09 Oct 2014 08:36:05 -0700 (PDT)
Sender: gabe.misura@gmail.com
Received: by 10.107.168.93 with HTTP; Thu, 9 Oct 2014 08:36:05 -0700 (PDT)
Date: Thu, 9 Oct 2014 10:36:05 -0500
X-Google-Sender-Auth: loSL2PCLki4Bn87AQia2kLpJobE
Message-ID: CAAz6HWRx30gsK2utWVSS-LSQgUqmQ=frQu9nbvguMjtZc817qg@mail.gmail.com
Subject: gmail alias step-by-step
From: Gabe Misura gabe@misura.org
To: Luciana Misura lu@misura.org
Content-Type: multipart/alternative; boundary=20cf3024483bd3e2ea0504ff30a1
[hr]
http://www.x-pose.org/2013/10/how-to-designate-an-ip-address-as-permitted-sender/

Indicates that the problem is the IP 69.163.253.136 is not in the spf list.
I was surprised to see that misura.org has an SPF list:

misura.org text =

    "v=spf1 ip4:208.97.132.0/24 ip4:66.33.201.0/24 ip4:64.111.100.0/24 ip4:6

6.33.216.0/24 ip4:208.113.175.0/24 mx ~a"

I never set that up, I’m guessing dreamhost did it?
Looks like the homie IP 69.163.253.136 is not in that list. Adding that will fix this?


#4

AH HA! Looks like in 2007, I opened a ticket and dreamhost responded, and that response is what triggered me to put the TXT record:

Hello Gabriel,

On Mon, 12 Nov 2007, you wrote:

I have lu@misura.org forwarding to lmisura@hotmail.com. However, hotmail
replies that the email appears to be spam. See attachment.

Hotmail has been recently blocking many of our mx servers due to spam
that gets forwarded from them. That being said, the following steps have
seemed to legitimize domains ,despite hotmail’s general leariness to our
servers due to their filters only looking at the last relay stamp on
mails, and not at the origin address , to hotmail’s filters, though not
in all cases:

First you want to make sure you have both a postmaster@ and an
abuse@yourdomain.com email address.

Second you will want to add an SPF record for your domain. Visit the
Manage Domains page in Control Panel, and click the “DNS” link for the
domain you wish to edit. You’ll be taken to the domain management page.
In the “Add a new DNS record…” box use these settings.
Type: TXT
Value: v=spf1 ip4:208.97.132.0/24 ip4:66.33.201.0/24 ip4:64.111.100.0/24
ip4:66.33.216.0/24 ip4:208.113.175.0/24 mx ~a
Then click the Add Record Now button.

As I said, this does guarantee that hotmail will allow mail to forward.
We are working to get meaningful conversation with them to get our
servers whitelisted.

Thanks!
Glen

So, I guess the IPs need to be updated.
I see that

C:\Users\gabe>nslookup -query=mx misura.org
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
misura.org MX preference = 0, mail exchanger = mx1.sub4.homie.mail.dreamhost.com
misura.org MX preference = 0, mail exchanger = mx2.sub4.homie.mail.dreamhost.com

So I can add those 2 IP’s to the SPF…

C:\Users\gabe>nslookup -query=txt misura.org
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
misura.org text =

    "v=spf1 ip4:208.97.132.0/24 ip4:66.33.201.0/24 ip4:64.111.100.0/24 ip4:6

6.33.216.0/24 ip4:208.113.175.0/24 ip4:69.163.253.136 ip4:69.163.253.137 ~all"

Are there more IPs I need? Should I get rid of those other IPs?

Thanks


#5

Hi Misura, you might also want to check the link below.