Turning to Mastodon for tech support in an effort to save my sanity.
Gmail is rejecting mail forwarded to it. But only some of the time.
I own a domain - example.com
It has SPK, DKIM, etc.
It has a catch-all email address.
Any email sent to it is forwarded to a Gmail address.
This works 99% of the time.
But some of the emails aren't delivered - with the reason:
> SMTP error from remote mail server after end of data: 550 5.7.1 [ESA] Sender blocked.
@Edent I've also had an issue with Gmail intermittently rejecting errors.
On the Gmail side, the issue was logged as:
"This message is not RFC 5322 compliant, the issue is: 550-5.7.1 duplicate To headers. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked"
A system sending us emails had slightly odd gmail errors. Some combination of that and the content triggered the rejection.
Not sure if its the same thing as you, but sounds similar.
@Edent@ldodds Working only 50% of the time is an expected failure mode in my experience. Everything is probabilistic, stochastic, and secret. I think the idea is to prevent spammers from developing deterministic countermeasures, but at this point it's just more of an email industry norm and it's infuriating.
DKIM is a neat idea that basically works fine, but DMARC (and SPF) allows for hard-coded network dependencies that flat-out prevent proper forwarding from working in some configurations.
@Edent@ldodds To clarify, let me set up the scenario:
you are running yourhost.example
you are forwarding to bigmailhost.example
an email address on othersite.example is sending you messages
yourhost.example's DNS is immaculate. perfect. DKIM, SPF, DMARC on point. A+.
when bigmailhost checks a forwarded message from othersite.example, it doesn't matter; mail.yourhost.example is not authorized for othersite.example and thus a p=reject policy means "trash the message immediately".
@Edent@ldodds in brief, email forwarding cannot exist in a world that has strictly enforced SPF policies, because SPF is a 1980s-style security framework that uses hard-coded network addresses and secret reputation lists rather than any kind of message-based authentication.
But since there have been a few replies answering "why is this happening" and not "what can I do about it", I'll give it a shot:
You cannot forward your mail to Gmail, period. Instead, you must set up a POP3 or IMAP server on your domain, and configure your Gmail account to log in and download messages from that. That way, mail from WordPress is successfully delivered to your domain with matching DMARC, etc. Gmail downloads as an MDA instead of MTA.
@jwz@glyph@Edent@ldodds exactly my setup and problem as well. Forwarding fails in the weird way you described basically no matter what you do. Letting Gmail do POP/IMAP works well but the frequency isn't deterministic which is annoying (you can force an update by clicking a button hidden in a bunch of submenus but it's a mess. (I have a Userscript running clicking the button every few minutes because otherwise sometimes it takes up to 15 minutes for mails to arrive otherwise which is especially annoying with login tokens and the like)
@jwz@tante@glyph@Edent@ldodds yeah. I'd be fine to have a cronjob pinging them if they can't do it, but you'd have to start loading half a browser in the query to handle login/cookie/JavaScript and it's all soulcrushing
@tante@jwz@Edent@ldodds After my email startup imploded I gave up and used Gmail for quite a while but these deliverability problems eventually got so bad that I switched to Fastmail (at this point… maybe a decade ago?) and never looked back. Hypothetically, the same problems exist, but in practice, Fastmail's massively superior IMAP performance and more transparent support process got it to the point where I don't think about it any more.
In layman’s terms, this error is the email world’s equivalent of being stopped by a bouncer and told, “You’re not on the list.” It essentially means the recipient’s server is putting its foot down, refusing to take your email. Why? Because it doesn’t recognize you as an authorized sender. It’s like trying to send a VIP party invite through a friend of a friend without adding your name to the guest list.
Add comment