Email sent from server with rDNS & SPF being blocked by Hotmail
- by Canadaka
I have been unable to send email to users on hotmail or other Microsoft email servers for some time. Its been a major headache trying to find out why and how to fix the issue.
The emails being sent that are blocked from my domain canadaka.net. I use Google Aps to host my regular email serverice for my @canadaka.net email addresses. I can sent email from my desktop or gmail to a hotmail without any problem. But any email sent from my server on behalf of canadaka.net is blocked, not even arriving in the junk email.
The IP that the emails are being sent from is the same IP that my site is hosted on: 66.199.162.177
This IP is new to me since August 2010, I had a different IP for the previous 3-4 years.
This IP is not on any credible spam lists
http://www.anti-abuse.org/multi-rbl-check-results/?host=66.199.162.177
The one list spamcannibal.org my IP is listed on seems to be out of my control, says "no reverse DNS, MX host should have rDNS - RFC1912 2.1". But since I use Google for my email hosting, I don't have control over setting up RDNS for all the MX records.
I do have Reverse DNS setup for my IP though, it resolves to "mail.canadaka.net".
I have signed up for SNDS and was approved. My ip says "All of the specified IPs have normal status."
Sender Score: 100
https://www.senderscore.org/lookup.php?lookup=66.199.162.177&ipLookup.x=55&ipLookup.y=14
My Mcafee threat level seems fine
I have a TXT SPF record setup, I am currently using xname.org as my DNS, and they don't have a field for SPF, but their FAQ says to add the SPF info as a TXT entry.
v=spf1 a include:_spf.google.com ~all
Some "SPF checking" tools ive used detect that my domain has a valid SPF, but others don't. Like Microsoft's SPF wizard, i think this is because its specifically looking for an SPF record and not in the TXT. "No SPF Record Found. A and MX Records Available".
From my home I can run "nslookup -type=TXT canadaka.net" and it returns:
Server:
google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer: canadaka.net
text = "v=spf1 a
include:_spf.google.com ~all"
One strange thing I found is i'm unable to ping hotmail.com or msn.com or do a "telnet mail.hotmail.com 25". I am able to ping gmail.com and many other domains I tried. I tried changing my DNS servers to Google's Public DNS and did a ipconfig /flushdns but that had no effect. I am however able to connect with telnet to mx1.hotmail.com
This is what the email headers look like when I send to a Google email server and I receive the email with no troubles. You can see that SPF is passing.
Delivered-To: [email protected]
Received: by 10.146.168.12 with SMTP
id q12cs91243yae;
Sun, 27 Feb 2011 18:01:49 -0800 (PST) Received: by 10.43.48.7 with SMTP id
uu7mr4292541icb.68.1298858509242;
Sun, 27 Feb 2011 18:01:49 -0800 (PST) Return-Path: Received:
from canadaka.net ([66.199.162.177])
by mx.google.com with ESMTP id uh9si8493137icb.127.2011.02.27.18.01.45;
Sun, 27 Feb 2011 18:01:48 -0800 (PST) Received-SPF: pass (google.com: domain of
[email protected] designates
66.199.162.177 as permitted sender) client-ip=66.199.162.177;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of
[email protected] designates
66.199.162.177 as permitted sender) [email protected]
Message-Id:
<[email protected]
Received: from coruscant
([127.0.0.1]:12907) by canadaka.net
with [XMail 1.27 ESMTP Server] id
for from
; Sun, 27
Feb 2011 18:01:29 -0800 Date: Sun, 27
Feb 2011 18:01:29 -0800 Subject: Test
To: [email protected] From: XXXX
Reply-To:
[email protected] X-Mailer: PHP/5.2.13
I can send to gmail and other email services fine. I don't know what i'm doing wrong!
UPDATE 1
I have been removed from hotmails IP block and am now able to send emails to hotmail, but they are all going directly to the JUNK folder.
UPDATE 2
I used Telnet to send a test message to port25.com, seems my SPF is not being detected.
Result: neutral (SPF-Result: None)
canadaka.net. SPF (no records)
canadaka.net. TXT (no records)
I do have a TXT record, its been there for years, I did change it a week ago. Other sites that allow you to check your SPF detect it, but some others like Microsofts Wizard doesn't.
This iw what my SPF record in my xname.org DNS file looks like:
canadaka.net. 86400 IN TXT "v=spf1 a include:_spf.google.com ~all"
I did have a nameserver as my 4th option that doens't have the TXT records since it doens't support it. So I removed it from the list and instead added wtfdns.com as my 4th adn 5th nameservers, which does support TXT.
