Emails sent from IONOS account rejected by Gmail

[Dr Stephen Strange]

I have several domains and assocaiate email accounts hosted by IONOS. If
I send an email from any of these accounts to a Gmail address they get
rejected with the following error -

SMTP error from remote server for TEXT command, host:
gmail-smtp-in.l.google.com (108.177.119.27) reason: 550-5.7.26 This mail
is unauthenticated, which poses a security risk

So how do I authrnticate my emails???

[Chris Green]

You probably need to enable SPF and/or DKIM, I'd expect IONOS to make
these easy to add to E-Mails sent from their servers. It's usually
just a matter of clicking a button somewhere in the E-Mail
configuration.

I think gmail is wanting DKIM signatures but enabling both SPF and
DKIM is probably a good idea.

--
Chris Green
·

[Roger]

https://support.google.com/a/answer/3726730?hl=en

Scroll down to read about 550 5.7.26. Note that there are three
entries so you will have to decide which applies to you.
--
Roger

[Theo]

Also, it's no longer really feasible to set your From address from a domain
different from the SMTP server you're sending from. In the past we would
'forge' addresses like From: Mr Big <c...@mycorp.com> and send it from our
home ISP, but these days the spam protection sees that as a forgery and
rejects it. If you want to send using an address in a domain, you now have
to use the SMTP server run by the company who operates mail for that domain
(the ISP hosting mycorp.com in this example)

Most mail clients allow you to configure a different SMTP server per account
nowadays, although it's easy to get this config wrong.

Theo

[Tweed]

Contact Ionos support. They can set the appropriate SPF settings on your
account. You must, of course, use their authenticated smtp server to send
your emails.

[Java Jive]

Thanks, I've just realised I get this error with my Ionos accounts as
well, which may explain why recently more of my emails have ended up in
correspondents spam folders.

> So how do I authrnticate my emails???

You could try typing SPF into the Ionos search box, and read the Help
article "Using an SPF Record to Prevent Spam ..."

Also:
https://support.google.com/mail/answer/81126#auth-reqs

--

Fake news kills!

I may be contacted via the contact address given on my website:
www.macfh.co.uk

[Java Jive]

On 31/03/2023 16:01, Java Jive wrote:
>
> You could try typing SPF into the Ionos search box, and read the Help
> article "Using an SPF Record to Prevent Spam ..."

Can now confirm, worked for me.

[Graham J]

Java Jive wrote:
> On 31/03/2023 10:35, Dr Stephen Strange wrote:
>> I have several domains and assocaiate email accounts hosted by IONOS.
>> If I send an email from any of these accounts to a Gmail address they
>> get rejected with the following error -
>>
>>   SMTP error from remote server for TEXT command, host:
>> gmail-smtp-in.l.google.com (108.177.119.27) reason: 550-5.7.26 This
>> mail is unauthenticated, which poses a security risk
>
> Thanks, I've just realised I get this error with my Ionos accounts as
> well, which may explain why recently more of my emails have ended up in
> correspondents spam folders.
>
>> So how do I authrnticate my emails???
>
> You could try typing SPF into the Ionos search box, and read the Help
> article "Using an SPF Record to Prevent Spam ..."
>
> Also:
> https://support.google.com/mail/answer/81126#auth-reqs
>

The error code 550-5.7.26 suggests a problem with the SPF record.

To be clear:

1. Is the email address you send from actually hosted by IONOS?

2. Are you sending through a SMTP server provided by IONOS for which
you have the correct username & password?

If so IONOS should have configured the SPF and DMARC records correctly.
I would be worried if such a widely advertised provider did not.

If you can't answer "yes" to both my questions, tell us more about the
email address and SMTP server you are using.



--
Graham J

[Peter Johnson]

On Fri, 31 Mar 2023 12:54:20 -0000 (UTC), Tweed
<usenet...@gmail.com> wrote:


>>
>
>Contact Ionos support. They can set the appropriate SPF settings on your
>account. You must, of course, use their authenticated smtp server to send
>your emails.

I did mine yesterday.

This is what the bounce message said:
SMTP error from remote server for TEXT command, host:

gmail-smtp-in.l.google.com (142.251.31.27) reason: 550-5.7.26 This
mail is unauthenticated, which poses a security risk to th e
550-5.7.26 sender and Gmail users, and has been blocked. The sender
must
550-5.7.26 authenticate with at least one of SPF or DKIM. For this
message ,
550-5.7.26 DKIM checks did not pass and SPF check for
[narrowgauge.co.uk] did
550-5.7.26 not pass with ip: [212.227.126.135]. The sender should
visit
550-5.7.26 https://support.google.com/mail/answer/81126#authentication
fo r
550 5.7.26 instructions on setting up authentication.
sa11-20020a1709076d0
b00b00946c2651290si5122512ejc.232 - gsmtp

So I read what Google had to say and Googled Ionos SPF which led to an
Ionos crib sheet.
Log in to your Ionos account/manage domains/dns
I had to add a new TXT record. I was quite straightforward. Afterwards
I resent the message that had bounced and it didn't bounce so I assume
that it's OK.

[DaverN]

On 31/03/2023 12:32, Theo wrote:

> Also, it's no longer really feasible to set your From address from a domain
> different from the SMTP server you're sending from. In the past we would
> 'forge' addresses like From: Mr Big <c...@mycorp.com> and send it from our
> home ISP, but these days the spam protection sees that as a forgery and
> rejects it. If you want to send using an address in a domain, you now have
> to use the SMTP server run by the company who operates mail for that domain
> (the ISP hosting mycorp.com in this example)
>
> Most mail clients allow you to configure a different SMTP server per account
> nowadays, although it's easy to get this config wrong.
>
> Theo

See also Mythic Beasts "Sender Rewriting Scheme" (SRS)

<https://www.mythic-beasts.com/support/hosting/mail/srs>

--
DaverN

[Richard Tobin]

In article <utacnT21fq7vNLv5...@brightview.co.uk>,

Dr Stephen Strange <no....@me.com> wrote:

Are you sending via an IONOS SMTP server or directly from your own host?

-- Richard

[Gordon Freeman]

It should be ok as long as you add the sending IP to the SPF record
of your domain's DNS entry. (Obviously you need control over your
domain name's DNS records to do this.) I did this a while ago where
I am working, in particular I wanted to stop forged emails we were
getting (e.g. people within our organisation getting spoofed emails
apparently from their own IT support) by setting unknown IP
addresses to hard-fail whereas the default is soft-fail which in
practice means it gets through; but in order to do this I needed to
add all possible genuine sending IP addresses to the record to avoid
genuine emails being bounced. E.g an SPF txt record containing this:

v=spf1 +mx +a +ip4:validIPaddress -all

allows any mail coming from your actual domain name (+a) or your
domain's official mailserver (+mx), or from <validIPaddress> but
hard-fails all other mail.

[Theo]

Gordon Freeman <Gor...@freeman.invalid> wrote:
> It should be ok as long as you add the sending IP to the SPF record
> of your domain's DNS entry. (Obviously you need control over your
> domain name's DNS records to do this.) I did this a while ago where
> I am working, in particular I wanted to stop forged emails we were
> getting (e.g. people within our organisation getting spoofed emails
> apparently from their own IT support) by setting unknown IP
> addresses to hard-fail whereas the default is soft-fail which in
> practice means it gets through; but in order to do this I needed to
> add all possible genuine sending IP addresses to the record to avoid
> genuine emails being bounced. E.g an SPF txt record containing this:
>
> v=spf1 +mx +a +ip4:validIPaddress -all
>
> allows any mail coming from your actual domain name (+a) or your
> domain's official mailserver (+mx), or from <validIPaddress> but
> hard-fails all other mail.

That's a useful tool, but it depends how much control over the outgoing mail
path you have. If you're sending direct from a machine with a static IP
then fine, but if you're sending via your ISP's mailservers then it depends
how they have configured their clustering/etc arrangement. You'd end up
having to tweak your domain settings every time they added another backend
IP, which you'd only find out about when some of your mails aren't
delivered.

So for most people I think using the hosting company's official mailserver
is going to be easier.

Theo

[Graham J]

Theo wrote:

[snip]

>
> That's a useful tool, but it depends how much control over the outgoing mail
> path you have. If you're sending direct from a machine with a static IP
> then fine, but if you're sending via your ISP's mailservers then it depends
> how they have configured their clustering/etc arrangement. You'd end up
> having to tweak your domain settings every time they added another backend
> IP, which you'd only find out about when some of your mails aren't
> delivered.

If sending via your ISP's mailservers and from a domain registered with
them (e.g. jo...@smith.myzen.co.uk for Zen Internet) then the ISP should
configure the SPF record correctly, and update it when they change their
mailserver clustering.

>
> So for most people I think using the hosting company's official mailserver
> is going to be easier.

So for a hosting company such as IONOS as used by the OP I would expect
them to maintain the SPF (and DKIM) records for you.

But if the OP had been sending from a domain not hosted by IONOS, but
nevertheless using the IONOS mailserver, then I would expect problems.


--
Graham J

[Pete W]

I had the same problem and contacted IONOS support who added the SPF
and Dmarc records to my domains solving the problem.

When I ask them whether it was something I could had done myself this
is their reply.

Adding or changing a DNS record (e.g., SPF, DMARC, NS, etc.) of your
domain is something that you can do on your end by logging in to your
IONOS Control Panel.

For future reference, you may refer to the article links provided
below:

Managing DNS Services
Setting Up and Managing DNS Templates

Using an SPF Record to Prevent Spam

Configuring a DMARC Record for a Domain
---
Pete.

[Java Jive]

On 02/04/2023 12:44, Graham J wrote:
>
> So for a hosting company such as IONOS as used by the OP I would expect
> them to maintain the SPF (and DKIM) records for you.

One would have hoped so, but with my site, macfh.co.uk, hosted by Ionos,
that didn't happen, I had to do it myself, by following their help
instructions on the subject.

> But if the OP had been sending from a domain not hosted by IONOS, but
> nevertheless using the IONOS mailserver, then I would expect problems.

I just send mail from macfh.co.uk using Thunderbird on my PC in the
usual way, but to the best of my knowledge received no notification
either as to the necessity of adding the SPF record, nor of my mail
being treated as spam, until this thread prompted me to try a test
sending to a GMail address, so I don't know how long it had been going
on for. Seems all a bit shabby to me, and a decided downvote for Ionos.

Further, I'm having trouble accessing some of their website account
management features in the latest versions of both Pale Moon and
Firefox, but they say they can't replicate the issue, and I can no
longer set global email spam blacklists over all the email accounts at
once, I now have to do each one individually, and I have had other
issues with them that were never satisfactorily resolved. I'm
increasing unhappy with their rather expensive service.

[Dr Stephen Strange]

The answer was to go into my IONOS control panel and for all my domains
add a SPF TXT setting under the DNS settings