XF 1.4 Confirmation emails not being received

sgr

Active member
Hi,

About 15% of the confirmation emails sent in the past 20 days have not been received by the users trying to sign up on my forum. The others receive them just fine.

Why is this happening, any idea?

In the Email Options, the 'email transport method' is default, and the 'set return path' was unchecked. I've checked that now. I can understand there are problems with the email configuration if no emails were being sent, but what's the reason behind it partially working?
 
I have similar troubles with e-mail providers blocking my IP. Mostly seems to be Apple and Microsoft providers for us.

Is the SPF and DKIM solution helping? How do we implement that?
 
The shared vs dedicated doesn't directly matter.
Really?
I can promise you it DOES matter.
If you are on a VPS and not using cPanel (or any other panel) there are numerous steps you have to go through.
This is pretty much what you have to do on a Debian server with no panel:
https://servinglinux.com/resources/opendkim-setup-on-debian-with-postfix.50/
This is what you have to do with cPanel:
https://forums.cpanel.net/threads/setting-up-spf-and-dkim-records.322311/
So, you want to tell me again that it doesn't directly matter?

Valid SPF records will help but are not a driving factor.
Not according to the folks I dealt with at Outlook.com.
Where the shared can hurt is if a different account using the same outgoing IP is compromised and/or used to send spam.
Start with the sender score, RBL's after that, and work it from there.
And now we are right back to the need to ascertain if it's a VPS or a shared hosting account... which DOES make a difference.
 
Really?
I can promise you it DOES matter.

It is possible (and I maintain) shared relays for thousands of domains (times however many accounts in each domain) and SPF/DKIM doesn't matter most. It's not the biggest factor in decision making. It helps (doesn't hurt), but not what matters most.

When sending to the BIG email service providers, sender score matters much more.

Yes, sending to "Joe" with his little mail server and 54 RBL's configured cause he can't manage spam is different, but we're not talking about that.

Leading someone to think DKIM should be addressed first is wrong.

First questions, what is your sending IP address, what is it's sender score?

If that's good, continue to work on the extras that can/should be done such as SPF & DKIM.

If you have a bad sender score, none of the other stuff is going to help.
 
I have similar troubles with e-mail providers blocking my IP. Mostly seems to be Apple and Microsoft providers for us.

Is the SPF and DKIM solution helping? How do we implement that?

@upnet,

I think that the SPF and DKIM solution should help a lot. My mail server couldn't send any emails to Microsoft (Hotmail/Live) addresses -- my IP was being blocked by them. SPF and DKIM is the norm now; the providers are definitely scanning these two records and deciding our email reputation.

I'm sure there are a lot more factors than only these two records.

Let me just say that after 10 hours or so of entering my SPF and DKIM records, I stopped receiving any single 'Mail delivery failed' in my mail server or in my exim logs. That says a lot because I was easily getting 10 failed delivery reports on an average per day. It's only been almost 2 (1 and a half to be precise) days since I've added the records, but I think it is definitely helping me. Fingers crossed! :unsure:

You can find SPF record generators online (http://www.spfwizard.net/ and many others), and similarly for DKIM. Though DKIM keys can be generated on your server too using openssl commands on the terminal. cPanel/ host-specific instructions should help with this.


Thanks to @popowich my DKIM signature is now validated. He's the man :cool:
 
Last edited:
Let me just say that after 10 hours or so of entering my SPF and DKIM records, I stopped receiving any single 'Mail delivery failed' in my mail server or in my exim logs. That says a lot because I was easily getting 10 failed delivery reports on an average per day.

Was that before you did anything with DKIM or during the time the broken TXT record was in DNS?

If that's a before & after (and not for a day with the broken record) that's very interesting to me. Thanks for sharing!
 
Was that before you did anything with DKIM or during the time the broken TXT record was in DNS?

If that's a before & after (and not for a day with the broken record) that's very interesting to me. Thanks for sharing!


Yes, that was with a broken DKIM TXT record! I got a single day without errors with a valid SPF and a broken DKIM record!
 
When sending to the BIG email service providers, sender score matters much more.
and with Outlook part of that sender score is based upon having a valid DKIM, RDNS and SPF entry.. and that's according to them. I think I'll trust them to know what they rank upon.
Yes, sending to "Joe" with his little mail server and 54 RBL's configured cause he can't manage spam is different, but we're not talking about that.
Yes, we ARE talking about that.. his is a VPS and odds are it has a static IP for it that is NOT shared amongst anyone else. If it was used by others in the past it could be blacklisted. Simply going to the mxtools website can confirm that.
Leading someone to think DKIM should be addressed first is wrong.
First place to check is whether you are blacklisted.. but any half-way reputable sys admin will configure DKIM for the MTA of the server, especially if it is a managed server using cPanel.
 
The 55 is bad. That's below the limit, usually in the 60's, where many ISP's such as Comcast will block you.

You're outside the good or even grey range "for further processing" and can expect to get outright blocked sometimes.

So, what can you do about the 55? What can we do to help improve your grade?

Now we're into the are you dedicated and everything is in your control vs. are you sharing the outbound IP with other potentially bad senders?

@upnet, do you mind sending me your IP address and domain name in a private conversation if you don't want it posted in public?
 
The 55 is bad. That's below the limit, usually in the 60's, where many ISP's such as Comcast will block you.
Well, mine doesn't even show a senders score.. but guess what. My Comcast users, Yahoo, Gmail and Hotmail/Outlook get their delivered email just fine from my MTA (which is running on the server) - or at least none of them have commented on it.
So I guess SPF/DKIM/RDNS does play a high factor in it.

It's a chicken/egg scenario. If you don't have the RDNS/DKIM/SPF then you are not as trusted and will get rejected more often, which hurts your score.


@upnet, do you mind sending me your IP address and domain name in a private conversation if you don't want it posted in public?
Or @upnet could go to http://mxtoolbox.com/blacklists.aspx and input his IP or domain and see if he's listed in any of the major ones.
 
A neutral sender score isn't a bad score, it means the large email providers don't see enough email volume from you for return path to be able to create a score or for the providers to make informed decision making at that level for you.
 
Top Bottom