SMTP - (Google Mail) 550-5.7.26 This message does not pass authentication checks (SPF and DKIM)

t0rxe

11/1/23, 8:36 PM

I have a working mail server and have been for several years, but I recently changed the server location some place else and as such, it has a different IP for the A record.

I have setup the DNS SPF record to have dual IP's to see if that fixes it, but it still doesn't work with Googles Mail server.

v=spf1 ip4:12.34.56.78 ip4:78.56.34.12 -all

Notes:

My primary A record points to the first IP 12.34.56.78.
My other A records mail., smtp. and pop.mydomain.com point to the second IP 78.56.34.12.
My PTR record points to the second IP 78.56.34.12.
My MX record is mydomain.com pointing to the CNAME mail.mydomain.com.
My TXT record is v=DMARC1; p=none; adkim=r; aspf=r;

I have a feeling the A name lookup or reverse lookup is failing since the IP that the email is sent from (in this case, the first 12.34.56.78) ends up being different from the mail server (the second IP 78.56.34.12). I may be incorrect though about that theory so I need the advice of ServerFault members.

I should note that I do not use DKIM (yet). Only SPF is present in my DNS.

Any help would be thankful as I've been trying to fix this for about 2 days with no success. I have tried opening a topic on Googles public support system as well, but no one has been able to help me.

3733

1 + 4

email-server

smtp

gmail

anx

11/2/23, 2:43 AM

Your question is about sending and for that this will not matter, but MX records point to host names (AAAA and A) and do not reference canonical name records (CNAME).

anx

11/2/23, 2:48 AM

Please do not ask about public DNS records omitting the actual name. If I knew the domain, I could run existing tools against it, if I only have a ([inconsistently](https://meta.serverfault.com/questions/963/what-information-should-i-include-or-obfuscate-in-my-posts#6063)) obfuscated description, I can only hope I notice it, if the problem is not lost in translation anyway.

anx

11/2/23, 2:50 AM

You have not quoted the full status sent by the recipient, e.g. Google would usually go on clarifying what IP address it received the connection from (which could very well be *neither* of the two you intended to use) and a link their documentation.

t0rxe

11/2/23, 2:58 AM

No, it's using IPV4 and that's not the issue. `a:hostname` is pointing to the correct A record which is the mail server at `a:mail.mydomain.com.`

Score:0

Server

t0rxe

11/4/23, 10:16 PM

What I did was just make a new domain specifically used for the email system and all DNS records point to the mail server IP (IE: 78.56.34.12). That seems to have solved it. I have no idea why it was not working before, but Google must not like having the A record IP different from other A or CNAME records. If I am mistaken, someone can correct me but until then it's fixed itself and I can send to Gmail again.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: SMTP - (Google Mail) 550-5.7.26 This message does not pass authentication checks (SPF and DKIM)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.