1
mailing list bounces
Question asked by Eric Bourland - 9/18/2014 at 5:04 AM
Unanswered
Platform: SmarterMail 12.4
Windows Server 2012 / IIS 7.5
 
Question:
Good morning. I could use some help with this. I am getting some delivery problems on a SmarterMail mailing list.
 
Messages sent from mailing list lcpforum@careplanners.net are bounced at these two addresses:
 
cklegalmed@msn.com (hosted at MSN)
sandy@comprehensivemedicallegalservicesllc.com (hosted at GoDaddy)
 
I have set up DKIM/DomainKeys (1024bit) / SPF / rDNS / DMARC for domain careplanners.net.
 
I have searched in the SmarterMail SMTP and Delivery logs but I do not see specific errors for either of these addresses.
 
The two users are complaining that they are excluded from the mailing list.
 
What are some next steps I can take to resolve this delivery problem?

Thanks as always for your help.
 
Eric

7 Replies

Reply to Thread
0
Bruce Barnes Replied
With the exception of a nameserver which is listed in your nameservers, but not listed with your registrar:
 
 
 
and the fact that your have the same MX server listed four times, with all four using the same IP address (you should really clean that up as it can cause confusion in some delivery situations):
 
 
 
your DNS looks clean.
 
I would make certain your SMTP LOGS are set to DETAILED and search for the two e-mail addresses in question:
 
cklegalmed@msn.com and sandy@comprehensivemedicallegalservicesllc.com, in the SMTP logs, on the day the messages were supposed to be forwarded to see if there are any error messages listed in those logs.
 
The one test I cannot run is with UNLOCKTHEINBOX.COM.
 
Try sending an e-mail, from a valid address on the domain which sends the newsletter, to MAILTEST@UNLOCKTHEINBOX.COM and then check the results for any errors.

It's a pretty thorough test and will help you diagnose issues with mail delivery. 
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Eric Bourland Replied
Bruce, always good to hear from you. Here is the result, below. It looks like I have a couple of failures:
 
RUA
RUF
 
And I do not use SSL -- I really can't afford to set up SSL for each of the 30-something domains on my server.
 
Questions: do you think the RUA and RUF failures are significant?
 
And -- this seems basic and I should know this -- where can I confirm that detailed logging is set up in SmarterMail 12.4?

Thanks as always for your help.

Eric
 
 
Publication: RFC 822
Header Information
Name Value
return-path <sgrisham@careplanners.net>
received from tarsier.viviotech.net (tarsier.viviotech.net [205.210.188.179]) by mail.unlocktheinbox.com with SMTP (version=TLS\Tls cipher=Rc4 bits=128); Thu, 18 Sep 2014 12:42:46 -0400
x-smartermail-authenticated-as sgrisham@careplanners.net
domainkey-signature a=rsa-sha1; c=nofws; q=dns; d=careplanners.net; s=selector; h=received:from:to:subject:date:reply-to:message-id:mime-version :content-type:x-originating-ip; b=POw9y9xR8AZXBg20GVwoEQpitk860hvk1/RPZJ5voiXMtdv0whzXUvdaK8xdrjDo7 ZMRa6qj2F13Yx6M4Z+/G1H12qmimdHlVUS3PzDWTFDUCixQm/mw6aFQjTlb7F3+45 XQiwtV7PoRQx5TQ5TSwxtwyzRNpB8ulyDHOjvZEog=
dkim-signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=careplanners.net; s=selector; h=x-originating-ip:content-type:mime-version:message-id:reply-to :date:subject:to:from; bh=Ero/mRYR1bxH/C6SDF3hKdnFOspLgDVtNJExT3n1FAI=; b=I+VbuSzTGNrGkqsBsKwNb25cMNR1qy/hg0xtU8MtHwRN0U+7QHOwudGxA/47H7s88 Y8zlDPQD2l7v8RQNsLPilGAkp48BhK2URi7lu8W0PKt/mFcznMHkjt7s0KtcaPcAM lQfia4ZwhS38e1zyW+iKgsUjLVMyZng/13le8hmIA=
received by tarsier.viviotech.net via HTTP; Thu, 18 Sep 2014 12:41:58 -0400
from "Susan Grisham" <sgrisham@careplanners.net>
to <mailtest@unlocktheinbox.com>
subject  
date Thu, 18 Sep 2014 12:41:58 -0400
reply-to sgrisham@careplanners.net
message-id <c21767b1247c44c0bad2971ee0d32896@careplanners.net>
mime-version 1.0
content-type multipart/alternative; boundary=e99a3231b044447ab3fa4b93b6d23c62
x-originating-ip [69.250.144.41]
 
Authoritative DNS Server (SOA) Check for: careplanners.net
SOA Server Results
tarsier.viviotech.net Passed
 
MX Records
Pref Value Blacklists
10 mail.careplanners.net Check for Blacklists
20 mail.careplanners.net Check for Blacklists
30 mail.careplanners.net Check for Blacklists
40 mail.careplanners.net Check for Blacklists
 
Information: PTR Records
rDNS PTR Records
Type Mail Domain ARPA Record Results
MX mail.careplanners.net [205.210.188.179] 179.188.210.205.in-addr.arpa. Passed
MX mail.careplanners.net [205.210.188.179] 179.188.210.205.in-addr.arpa. Passed
MX mail.careplanners.net [205.210.188.179] 179.188.210.205.in-addr.arpa. Passed
MX mail.careplanners.net [205.210.188.179] 179.188.210.205.in-addr.arpa. Passed
LSIP tarsier.viviotech.net [205.210.188.179] 179.188.210.205.in-addr.arpa. Passed
 
Mail Flow
Mail Domain IP Address
tarsier.viviotech.net 205.210.188.179
Unknown Unknown
 
Email Port Checks for: mail.careplanners.net
Protocol Results
SMTP (Port 25): Connection Established
- Extensions: SIZE, AUTH, 8BITMIME, OK
- SSL Valid: No SSL Certificate Found
   
SMTP SSL (Port 465): Unable to Establish Connection
   
POP3 (Port 110): Connection Established
- Extensions: TOP, USER, UIDL, IMPLEMENTATION
- SSL Valid: No SSL Certificate Found
   
POP3 SSL (Port 995): Unable to Establish Connection
   
IMAP (Port 143): Connection Established
- Extensions: IMAP4rev1, UIDPLUS, XLIST
- SSL Valid: No SSL Certificate Found
   
IMAP SSL (Port 993): Unable to Establish Connection
 
Email Port Checks for: mail.careplanners.net
Protocol Results
SMTP (Port 25): Connection Established
- Extensions: SIZE, AUTH, 8BITMIME, OK
- SSL Valid: No SSL Certificate Found
   
SMTP SSL (Port 465): Unable to Establish Connection
   
POP3 (Port 110): Connection Established
- Extensions: TOP, USER, UIDL, IMPLEMENTATION
- SSL Valid: No SSL Certificate Found
   
POP3 SSL (Port 995): Unable to Establish Connection
   
IMAP (Port 143): Connection Established
- Extensions: IMAP4rev1, UIDPLUS, XLIST
- SSL Valid: No SSL Certificate Found
   
IMAP SSL (Port 993): Unable to Establish Connection
 
Email Port Checks for: mail.careplanners.net
Protocol Results
SMTP (Port 25): Connection Established
- Extensions: SIZE, AUTH, 8BITMIME, OK
- SSL Valid: No SSL Certificate Found
   
SMTP SSL (Port 465): Unable to Establish Connection
   
POP3 (Port 110): Connection Established
- Extensions: TOP, USER, UIDL, IMPLEMENTATION
- SSL Valid: No SSL Certificate Found
   
POP3 SSL (Port 995): Unable to Establish Connection
   
IMAP (Port 143): Connection Established
- Extensions: IMAP4rev1, UIDPLUS, XLIST
- SSL Valid: No SSL Certificate Found
   
IMAP SSL (Port 993): Unable to Establish Connection
 
Email Port Checks for: mail.careplanners.net
Protocol Results
SMTP (Port 25): Connection Established
- Extensions: SIZE, AUTH, 8BITMIME, OK
- SSL Valid: No SSL Certificate Found
   
SMTP SSL (Port 465): Unable to Establish Connection
   
POP3 (Port 110): Connection Established
- Extensions: TOP, USER, UIDL, IMPLEMENTATION
- SSL Valid: No SSL Certificate Found
   
POP3 SSL (Port 995): Unable to Establish Connection
   
IMAP (Port 143): Connection Established
- Extensions: IMAP4rev1, UIDPLUS, XLIST
- SSL Valid: No SSL Certificate Found
   
IMAP SSL (Port 993): Unable to Establish Connection
 
Publication: RFC 4408
SPF Records
ARSoft Check: Passed
SmarterMail Check: Passed
SpamAssassin Check: Passed
SPF DNS Location: Click Here: careplanners.net
SPF Record in TXT (TYPE 16): v=spf1 a mx ip4:205.210.188.179 -all
(TYPE 16) Syntax: Passed
SPF Record in SPF (TYPE 99): Not Found - Learn about SPF (TYPE 99) Click Here
 
Information: Identifier Alignments
SPF Alignment Test (Used in DMARC ASPF Test)
Mail From/Return Path Domain: careplanners.net
From Domain: careplanners.net
SPF Identifier Alignment: Strict
 
Publication: RFC 4406
Sender ID
Sender ID Check: Passed
Sender ID Record: Uses SPF implementation above
 
Publication: RFC 4870
Domain Keys Additional Information (Obsolete)
Tag Value
Key Algorithm: a=rsa-sha1
Canonicalization: c=nofws
Query Method: q=dns
Domain Name: d=careplanners.net
Selector: s=selector
Signed Headers: h=received:from:to:subject:date:reply-to:message-id:mime-version :content-type:x-originating-ip
Signature Data: b=POw9y9xR8AZXBg20GVwoEQpitk860hvk1/RPZJ5voiXMtdv0whzXUvdaK8xdrjDo7 ZMRa6qj2F13Yx6M4Z+/G1H12qmimdHlVUS3PzDWTFDUCixQm/mw6aFQjTlb7F3+45 XQiwtV7PoRQx5TQ5TSwxtwyzRNpB8ulyDHOjvZEog=
 
Domain Keys Check (Obsolete)
Signature Found: Yes
SM Signature Verification: Passed
From Signed: Yes
Restricted Headers Signed: Yes - Return-Path, Received, Comments, Keywords, Bcc, Resent-Bcc, DKIM-Signature should not be signed.
 
Public Domain Key (Obsolete)
Selector Location: Click Here: selector._domainkey.careplanners.net
DNS Record Found: Yes
Record Syntax: p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC95lwgnJSu+HxVtDKd/RWfl9vkV/KOjnNF+8hhIV9ooMaGdz0AkP3LaMojPwQkGNDoyOmNHsdSdQz+IgWGwTFeUm03nKXbHRhwXQpy+6RcImvautzGagAQiEB44gKTJF3I1dee9oDFx0RUX5R7nOtkD5P1wd2XZKNMaz7y3pLVkwIDAQAB
Key Size: 1024
 
Publication: RFC 6376
DKIM Signature Additional Information
Tag Value
Version: v=1
Key Algorithm: a=rsa-sha256
Canonicalization: c=relaxed/relaxed
Domain Name: d=careplanners.net
Selector: s=selector
Signed Headers: h=x-originating-ip:content-type:mime-version:message-id:reply-to :date:subject:to:from
Body Hash: bh=Ero/mRYR1bxH/C6SDF3hKdnFOspLgDVtNJExT3n1FAI=
Signature Data: b=I+VbuSzTGNrGkqsBsKwNb25cMNR1qy/hg0xtU8MtHwRN0U+7QHOwudGxA/47H7s88 Y8zlDPQD2l7v8RQNsLPilGAkp48BhK2URi7lu8W0PKt/mFcznMHkjt7s0KtcaPcAM lQfia4ZwhS38e1zyW+iKgsUjLVMyZng/13le8hmIA=
 
Publication: RFC 6376
DKIM Check
Signature Found: Yes
SmarterMail DKIM Test: Passed
LimiLabs DKIM Test: Passed
SpamAssassin DKIM Test: Passed
From Signed: Yes
Restricted Headers Signed: No
 
Public DKIM Key
Selector Location: Click Here: selector._domainkey.careplanners.net
DNS Record Found: Yes
Record Syntax: p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC95lwgnJSu+HxVtDKd/RWfl9vkV/KOjnNF+8hhIV9ooMaGdz0AkP3LaMojPwQkGNDoyOmNHsdSdQz+IgWGwTFeUm03nKXbHRhwXQpy+6RcImvautzGagAQiEB44gKTJF3I1dee9oDFx0RUX5R7nOtkD5P1wd2XZKNMaz7y3pLVkwIDAQAB
Key Size: 1024 bits
 
Information: Identifier Alignments
DKIM Alignment Test (Used in DMARC ADKIM Test)
DKIM d= Tag: careplanners.net
From Domain: careplanners.net
DKIM Identifier Alignment: Strict
 
Draft Publication: DMARC Base-00-02
DMARC Check
Record Syntax: Passed
DKIM Test: Passed
SPF Test: Passed
ADKIM Test: Passed
ASPF Test: Passed
RUA Test: Failed
The 'rua' tag value is not allowed to receive the report - Dmarc Draft 2 Change
The 'ruf' tag value is not allowed to receive the report - Dmarc Draft 2 Change
RUF Test: Failed
DMARC Passed: Yes
DMARC Record Location: Click Here: _dmarc.careplanners.net
DMARC Record: v=DMARC1; p=none; sp=none; rua=mailto:postmaster@tarsier.viviotech.net!10m; ruf=mailto:postmaster@tarsier.viviotech.net!10m; rf=afrf; pct=100; ri=86400
 
Publication: RFC 5617
ADSP (Author Domain Signing Policy) Check
ADSP Record: Not Found - Learn how to set up your ADSP record by clicking here: ADSP Record
ADSP Record Syntax: Not Found
 
Publication: RFC 822 (6.3)RFC 1123 (5.2.7)RFC 2821 (4.5.1)
Acceptance of Postmaster Address
postmaster@careplanners.net Passed
 
Acceptance of Abuse Address
abuse@careplanners.net Passed
 
Spam Assassian Results
Content analysis details: (You scored 2.2 points, 5.0 or higher is considered to be spam)
 
Pts Rule Name Description
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 BAYES_40 BODY: Bayes spam probability is 20 to 40%
    [score: 0.2654]
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
    domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
2.3 EMPTY_MESSAGE Message appears to have no textual parts and no
    Subject: text
0.0 FROM_12LTRDOM From a 12-letter domain
0
Steve Reid Replied
You should only have one MX record, having multiple identical entries with different priorities is not required.
 
Also You only need one SSL cert to lock down your server. Unless you use more than one IP. Basically it's one cert per IP.
0
Eric Bourland Replied
Got it! Thank you, Steve. I will look into this.
0
Eric Bourland Replied
I found the log settings .... yes, they are set to Detailed.
 
I will search again for those two addresses.
 
Do you think SSL-enabled delivery will improve delivery rates for my mailing lists?

My clients use many mailing lists in SmarterMail. I find that I spend a lot of time helping list subscribers sort out delivery problems from mailing lists.
 
Thanks again for any advice.

Eric
0
Eric Bourland Replied
I have also fixed the SOA problems; here is a new report: http://www.dnsinspect.com/careplanners.net/1411069101
 
I wonder if the RUA and RUF failures in DMARC are causing delivery problems.
0
Bruce Barnes Replied
The RUA / RUF issues should be resolved to bring you into DMARC compliance.
 
There are numerous factors which can affect list delivery rates, including:
  • double-opt-in - forcing sign-ups to acknowledge the fact that they want to be on a list - auto-adding is no longer allowed.
  • removal of bounced addresses - generally after three bounces at the most
  • IMMEDIATE removal when requested
  • making certain the owner of the e-mail address ASKS to be on the list and is not automatically placed on the list
  • making certain that all of your hosted domains have FEEDBACK LOOPS
For more information on delivery issues, for both regular e-mail and lists, see:
Bruce BarnesChicagoNetTech
 
 
 
 
 
 
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread