mailing list bounces

Question asked by Eric Bourland - 9/18/2014 at 5:04 AM

Unanswered

Platform: SmarterMail 12.4

Windows Server 2012 / IIS 7.5

Question:

Good morning. I could use some help with this. I am getting some delivery problems on a SmarterMail mailing list.

Messages sent from mailing list lcpforum@careplanners.net are bounced at these two addresses:

cklegalmed@msn.com (hosted at MSN)

sandy@comprehensivemedicallegalservicesllc.com (hosted at GoDaddy)

I have set up DKIM/DomainKeys (1024bit) / SPF / rDNS / DMARC for domain careplanners.net.

I have searched in the SmarterMail SMTP and Delivery logs but I do not see specific errors for either of these addresses.

The two users are complaining that they are excluded from the mailing list.

What are some next steps I can take to resolve this delivery problem?

Thanks as always for your help.

Eric

7 Replies

Reply to Thread

Bruce Barnes Replied

9/18/2014 at 6:20 AM

With the exception of a nameserver which is listed in your nameservers, but not listed with your registrar:

Source: http://www.dnsinspect.com/careplanners.net/1411045629

and the fact that your have the same MX server listed four times, with all four using the same IP address (you should really clean that up as it can cause confusion in some delivery situations):

your DNS looks clean.

I would make certain your SMTP LOGS are set to DETAILED and search for the two e-mail addresses in question:

cklegalmed@msn.com and sandy@comprehensivemedicallegalservicesllc.com, in the SMTP logs, on the day the messages were supposed to be forwarded to see if there are any error messages listed in those logs.

The one test I cannot run is with UNLOCKTHEINBOX.COM.

Try sending an e-mail, from a valid address on the domain which sends the newsletter, to MAILTEST@UNLOCKTHEINBOX.COM and then check the results for any errors.

It's a pretty thorough test and will help you diagnose issues with mail delivery.

Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting

Eric Bourland Replied

9/18/2014 at 10:06 AM

Bruce, always good to hear from you. Here is the result, below. It looks like I have a couple of failures:

RUA

RUF

And I do not use SSL -- I really can't afford to set up SSL for each of the 30-something domains on my server.

Questions: do you think the RUA and RUF failures are significant?

And -- this seems basic and I should know this -- where can I confirm that detailed logging is set up in SmarterMail 12.4?

Thanks as always for your help.

Eric

Publication: RFC 822
Header Information
Name	Value
return-path	<sgrisham@careplanners.net>
received	from tarsier.viviotech.net (tarsier.viviotech.net [205.210.188.179]) by mail.unlocktheinbox.com with SMTP (version=TLS\Tls cipher=Rc4 bits=128); Thu, 18 Sep 2014 12:42:46 -0400
x-smartermail-authenticated-as	sgrisham@careplanners.net
domainkey-signature	a=rsa-sha1; c=nofws; q=dns; d=careplanners.net; s=selector; h=received:from:to:subject:date:reply-to:message-id:mime-version :content-type:x-originating-ip; b=POw9y9xR8AZXBg20GVwoEQpitk860hvk1/RPZJ5voiXMtdv0whzXUvdaK8xdrjDo7 ZMRa6qj2F13Yx6M4Z+/G1H12qmimdHlVUS3PzDWTFDUCixQm/mw6aFQjTlb7F3+45 XQiwtV7PoRQx5TQ5TSwxtwyzRNpB8ulyDHOjvZEog=
dkim-signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=careplanners.net; s=selector; h=x-originating-ip:content-type:mime-version:message-id:reply-to :date:subject:to:from; bh=Ero/mRYR1bxH/C6SDF3hKdnFOspLgDVtNJExT3n1FAI=; b=I+VbuSzTGNrGkqsBsKwNb25cMNR1qy/hg0xtU8MtHwRN0U+7QHOwudGxA/47H7s88 Y8zlDPQD2l7v8RQNsLPilGAkp48BhK2URi7lu8W0PKt/mFcznMHkjt7s0KtcaPcAM lQfia4ZwhS38e1zyW+iKgsUjLVMyZng/13le8hmIA=
received	by tarsier.viviotech.net via HTTP; Thu, 18 Sep 2014 12:41:58 -0400
from	"Susan Grisham" <sgrisham@careplanners.net>
to	<mailtest@unlocktheinbox.com>
subject
date	Thu, 18 Sep 2014 12:41:58 -0400
reply-to	sgrisham@careplanners.net
message-id	<c21767b1247c44c0bad2971ee0d32896@careplanners.net>
mime-version	1.0
content-type	multipart/alternative; boundary=e99a3231b044447ab3fa4b93b6d23c62
x-originating-ip	[69.250.144.41]

Authoritative DNS Server (SOA) Check for: careplanners.net
SOA Server	Results
tarsier.viviotech.net	Passed

MX Records
Pref	Value	Blacklists
10	mail.careplanners.net	Check for Blacklists
20	mail.careplanners.net	Check for Blacklists
30	mail.careplanners.net	Check for Blacklists
40	mail.careplanners.net	Check for Blacklists

Information: PTR Records
rDNS PTR Records
Type	Mail Domain	ARPA Record	Results
MX	mail.careplanners.net [205.210.188.179]	179.188.210.205.in-addr.arpa.	Passed
MX	mail.careplanners.net [205.210.188.179]	179.188.210.205.in-addr.arpa.	Passed
MX	mail.careplanners.net [205.210.188.179]	179.188.210.205.in-addr.arpa.	Passed
MX	mail.careplanners.net [205.210.188.179]	179.188.210.205.in-addr.arpa.	Passed
LSIP	tarsier.viviotech.net [205.210.188.179]	179.188.210.205.in-addr.arpa.	Passed

Mail Flow
Mail Domain	IP Address
tarsier.viviotech.net	205.210.188.179
Unknown	Unknown

Email Port Checks for: mail.careplanners.net
Protocol	Results
SMTP (Port 25):	Connection Established
- Extensions:	SIZE, AUTH, 8BITMIME, OK
- SSL Valid:	No SSL Certificate Found

SMTP SSL (Port 465):	Unable to Establish Connection

POP3 (Port 110):	Connection Established
- Extensions:	TOP, USER, UIDL, IMPLEMENTATION
- SSL Valid:	No SSL Certificate Found

POP3 SSL (Port 995):	Unable to Establish Connection

IMAP (Port 143):	Connection Established
- Extensions:	IMAP4rev1, UIDPLUS, XLIST
- SSL Valid:	No SSL Certificate Found

IMAP SSL (Port 993):	Unable to Establish Connection

Email Port Checks for: mail.careplanners.net
Protocol	Results
SMTP (Port 25):	Connection Established
- Extensions:	SIZE, AUTH, 8BITMIME, OK
- SSL Valid:	No SSL Certificate Found

SMTP SSL (Port 465):	Unable to Establish Connection

POP3 (Port 110):	Connection Established
- Extensions:	TOP, USER, UIDL, IMPLEMENTATION
- SSL Valid:	No SSL Certificate Found

POP3 SSL (Port 995):	Unable to Establish Connection

IMAP (Port 143):	Connection Established
- Extensions:	IMAP4rev1, UIDPLUS, XLIST
- SSL Valid:	No SSL Certificate Found

IMAP SSL (Port 993):	Unable to Establish Connection

Email Port Checks for: mail.careplanners.net
Protocol	Results
SMTP (Port 25):	Connection Established
- Extensions:	SIZE, AUTH, 8BITMIME, OK
- SSL Valid:	No SSL Certificate Found

SMTP SSL (Port 465):	Unable to Establish Connection

POP3 (Port 110):	Connection Established
- Extensions:	TOP, USER, UIDL, IMPLEMENTATION
- SSL Valid:	No SSL Certificate Found

POP3 SSL (Port 995):	Unable to Establish Connection

IMAP (Port 143):	Connection Established
- Extensions:	IMAP4rev1, UIDPLUS, XLIST
- SSL Valid:	No SSL Certificate Found

IMAP SSL (Port 993):	Unable to Establish Connection

Email Port Checks for: mail.careplanners.net
Protocol	Results
SMTP (Port 25):	Connection Established
- Extensions:	SIZE, AUTH, 8BITMIME, OK
- SSL Valid:	No SSL Certificate Found

SMTP SSL (Port 465):	Unable to Establish Connection

POP3 (Port 110):	Connection Established
- Extensions:	TOP, USER, UIDL, IMPLEMENTATION
- SSL Valid:	No SSL Certificate Found

POP3 SSL (Port 995):	Unable to Establish Connection

IMAP (Port 143):	Connection Established
- Extensions:	IMAP4rev1, UIDPLUS, XLIST
- SSL Valid:	No SSL Certificate Found

IMAP SSL (Port 993):	Unable to Establish Connection

Publication: RFC 4408
SPF Records
ARSoft Check:	Passed
SmarterMail Check:	Passed
SpamAssassin Check:	Passed
SPF DNS Location:	Click Here: careplanners.net
SPF Record in TXT (TYPE 16):	v=spf1 a mx ip4:205.210.188.179 -all
(TYPE 16) Syntax:	Passed
SPF Record in SPF (TYPE 99):	Not Found - Learn about SPF (TYPE 99) Click Here

Information: Identifier Alignments
SPF Alignment Test (Used in DMARC ASPF Test)
Mail From/Return Path Domain:	careplanners.net
From Domain:	careplanners.net
SPF Identifier Alignment:	Strict

Publication: RFC 4406
Sender ID
Sender ID Check:	Passed
Sender ID Record:	Uses SPF implementation above

Publication: RFC 4870
Domain Keys Additional Information (Obsolete)
Tag	Value
Key Algorithm:	a=rsa-sha1
Canonicalization:	c=nofws
Query Method:	q=dns
Domain Name:	d=careplanners.net
Selector:	s=selector
Signed Headers:	h=received:from:to:subject:date:reply-to:message-id:mime-version :content-type:x-originating-ip
Signature Data:	b=POw9y9xR8AZXBg20GVwoEQpitk860hvk1/RPZJ5voiXMtdv0whzXUvdaK8xdrjDo7 ZMRa6qj2F13Yx6M4Z+/G1H12qmimdHlVUS3PzDWTFDUCixQm/mw6aFQjTlb7F3+45 XQiwtV7PoRQx5TQ5TSwxtwyzRNpB8ulyDHOjvZEog=

Domain Keys Check (Obsolete)
Signature Found:	Yes
SM Signature Verification:	Passed
From Signed:	Yes
Restricted Headers Signed:	Yes - Return-Path, Received, Comments, Keywords, Bcc, Resent-Bcc, DKIM-Signature should not be signed.

Public Domain Key (Obsolete)
Selector Location:	Click Here: selector._domainkey.careplanners.net
DNS Record Found:	Yes
Record Syntax:	p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC95lwgnJSu+HxVtDKd/RWfl9vkV/KOjnNF+8hhIV9ooMaGdz0AkP3LaMojPwQkGNDoyOmNHsdSdQz+IgWGwTFeUm03nKXbHRhwXQpy+6RcImvautzGagAQiEB44gKTJF3I1dee9oDFx0RUX5R7nOtkD5P1wd2XZKNMaz7y3pLVkwIDAQAB
Key Size:	1024

Publication: RFC 6376
DKIM Signature Additional Information
Tag	Value
Version:	v=1
Key Algorithm:	a=rsa-sha256
Canonicalization:	c=relaxed/relaxed
Domain Name:	d=careplanners.net
Selector:	s=selector
Signed Headers:	h=x-originating-ip:content-type:mime-version:message-id:reply-to :date:subject:to:from
Body Hash:	bh=Ero/mRYR1bxH/C6SDF3hKdnFOspLgDVtNJExT3n1FAI=
Signature Data:	b=I+VbuSzTGNrGkqsBsKwNb25cMNR1qy/hg0xtU8MtHwRN0U+7QHOwudGxA/47H7s88 Y8zlDPQD2l7v8RQNsLPilGAkp48BhK2URi7lu8W0PKt/mFcznMHkjt7s0KtcaPcAM lQfia4ZwhS38e1zyW+iKgsUjLVMyZng/13le8hmIA=

Publication: RFC 6376
DKIM Check
Signature Found:	Yes
SmarterMail DKIM Test:	Passed
LimiLabs DKIM Test:	Passed
SpamAssassin DKIM Test:	Passed
From Signed:	Yes
Restricted Headers Signed:	No

Public DKIM Key
Selector Location:	Click Here: selector._domainkey.careplanners.net
DNS Record Found:	Yes
Record Syntax:	p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC95lwgnJSu+HxVtDKd/RWfl9vkV/KOjnNF+8hhIV9ooMaGdz0AkP3LaMojPwQkGNDoyOmNHsdSdQz+IgWGwTFeUm03nKXbHRhwXQpy+6RcImvautzGagAQiEB44gKTJF3I1dee9oDFx0RUX5R7nOtkD5P1wd2XZKNMaz7y3pLVkwIDAQAB
Key Size:	1024 bits

Information: Identifier Alignments
DKIM Alignment Test (Used in DMARC ADKIM Test)
DKIM d= Tag:	careplanners.net
From Domain:	careplanners.net
DKIM Identifier Alignment:	Strict

Draft Publication: DMARC Base-00-02
DMARC Check
Record Syntax:	Passed
DKIM Test:	Passed
SPF Test:	Passed
ADKIM Test:	Passed
ASPF Test:	Passed
RUA Test:	Failed The 'rua' tag value is not allowed to receive the report - Dmarc Draft 2 Change The 'ruf' tag value is not allowed to receive the report - Dmarc Draft 2 Change
RUF Test:	Failed
DMARC Passed:	Yes
DMARC Record Location:	Click Here: _dmarc.careplanners.net
DMARC Record:	v=DMARC1; p=none; sp=none; rua=mailto:postmaster@tarsier.viviotech.net!10m; ruf=mailto:postmaster@tarsier.viviotech.net!10m; rf=afrf; pct=100; ri=86400

Publication: RFC 5617
ADSP (Author Domain Signing Policy) Check
ADSP Record:	Not Found - Learn how to set up your ADSP record by clicking here: ADSP Record
ADSP Record Syntax:	Not Found

Publication: RFC 822 (6.3), RFC 1123 (5.2.7), RFC 2821 (4.5.1)
Acceptance of Postmaster Address
postmaster@careplanners.net	Passed

Acceptance of Abuse Address
abuse@careplanners.net	Passed

Spam Assassian Results
Content analysis details: (You scored 2.2 points, 5.0 or higher is considered to be spam)
Pts	Rule Name	Description
-0.0	SPF_PASS	SPF: sender matches SPF record
-0.0	BAYES_40	BODY: Bayes spam probability is 20 to 40%
		[score: 0.2654]
0.0	HTML_MESSAGE	BODY: HTML included in message
-0.1	DKIM_VALID_AU	Message has a valid DKIM or DK signature from author's
		domain
-0.1	DKIM_VALID	Message has at least one valid DKIM or DK signature
0.1	DKIM_SIGNED	Message has a DKIM or DK signature, not necessarily valid
2.3	EMPTY_MESSAGE	Message appears to have no textual parts and no
		Subject: text
0.0	FROM_12LTRDOM	From a 12-letter domain

Steve Reid Replied

9/18/2014 at 11:35 AM

You should only have one MX record, having multiple identical entries with different priorities is not required.

Also You only need one SSL cert to lock down your server. Unless you use more than one IP. Basically it's one cert per IP.

Eric Bourland Replied

9/18/2014 at 12:05 PM

Got it! Thank you, Steve. I will look into this.

Eric Bourland Replied

9/18/2014 at 12:07 PM

I found the log settings .... yes, they are set to Detailed.

I will search again for those two addresses.

Do you think SSL-enabled delivery will improve delivery rates for my mailing lists?

My clients use many mailing lists in SmarterMail. I find that I spend a lot of time helping list subscribers sort out delivery problems from mailing lists.

Thanks again for any advice.

Eric

Eric Bourland Replied

9/18/2014 at 12:46 PM

I have also fixed the SOA problems; here is a new report: http://www.dnsinspect.com/careplanners.net/1411069101

I wonder if the RUA and RUF failures in DMARC are causing delivery problems.

Bruce Barnes Replied

9/19/2014 at 4:39 PM

The RUA / RUF issues should be resolved to bring you into DMARC compliance.

There are numerous factors which can affect list delivery rates, including:

double-opt-in - forcing sign-ups to acknowledge the fact that they want to be on a list - auto-adding is no longer allowed.
removal of bounced addresses - generally after three bounces at the most
IMMEDIATE removal when requested
making certain the owner of the e-mail address ASKS to be on the list and is not automatically placed on the list
making certain that all of your hosted domains have FEEDBACK LOOPS

For more information on delivery issues, for both regular e-mail and lists, see:

Why Am I Having Problems Getting My E-Mail Delivered? and
SmarterMail Antispam Settings Document - Section M, beginning on page 73, deals with list and spam issues.

Bruce BarnesChicagoNetTech

Back to Community Threads

Please leave this box unchecked

7 Replies

Reply to Thread

Tags

Related Knowledge Base Articles