Community
    • Login

    Community weekly digest ends up in SPAM

    Scheduled Pinned Locked Moved General Discussion
    25 Posts 7 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • timint01T
      timint01
      last edited by timint01

      Heads up @donho . This forum’s weekly community digest email ends up in spam.

      SPF SOFTFAIL for 104.131.212.184 and missing DKIM and DMARC.

      Here’s a tool to help you out
      https://www.mail-tester.com/

      PeterJonesP donhoD 2 Replies Last reply Reply Quote 5
      • PeterJonesP
        PeterJones @timint01
        last edited by PeterJones

        @donho,

        I just had to go through the SPAM on my personal domain as well.

        # dig +short notepad-plus-plus.org TXT
        "v=spf1 include:spf.mx.hostinger.com include:relay.mailchannels.net ~all"
        # dig -x 104.131.212.184
        ...
        ;; QUESTION SECTION:
        ;184.212.131.104.in-addr.arpa.  IN      PTR
        ;; AUTHORITY SECTION:
        212.131.104.in-addr.arpa. 1773  IN      SOA     ns1.digitalocean.com. hostmaster.212.131.104.in-addr.arpa. 1639587967 10800 3600 604800 1800
        ...
        

        So it appears your DNS’s TXT entry is set to include hostinger.com and mailchannels.net, but not digitalocean.com.
        It might help to change your TXT record in notepad-plus-plus.org to

        v=spf1 include:spf.mx.hostinger.com include:relay.mailchannels.net include:digitalocean.com ip4:104.131.212.184 ~all
        

        For adding the missing DKIM, my ISP had already defined a DKIM entry for me, so I don’t know how to generate it. It should be under the TXT entry for the default._domainkey.notepad-plus-plus.org entry in your DNS; find out more through https://www.google.com/search?q=how+to+add+dkim+record

        For the DMARC, add a TXT entry to _dmarc.notepad-plus-plus.org, with a value v=DMARC1; p=none; … if you want the DMARC system to maybe email you when there are problems, change it to v=DMARC1; p=none; rua=mailto:don.ho@..... (but give it your real email address)

        addenda: commands for checking the DKIM and DMARC:

        dig +short default._domainkey.notepad-plus-plus.org TXT
        dig +short _dmarc.notepad-plus-plus.org TXT
        

        —

        Whoever downvoted @timint01’s message: it was a valid and reasonable report: the SPF/DKIM/DMARC settings are a real problem for outgoing emails. If Don is going to continue to allow the Forum to email users, it should have the SPF/DKIM/DMARC set correctly so that the emails will make it through. Before I fixed those settings on my domain, emails would randomly never even make it to the SPAM filter of the recipient’s email – their server would block it before it got that far. And the mail-tester web address is a valid site which is helpful for debugging such issues: they give you a dummy address to send to, then you mail that address from your server, and they issue your emails a “score”, and break down why your email got that score (including links to authoritative definitions for what those various DNS settings should be); I used it a lot when trying to get my SPF/DKIM/DMARC set up correctly.

        EkopalypseE 1 Reply Last reply Reply Quote 2
        • EkopalypseE
          Ekopalypse @PeterJones
          last edited by

          @timint01, sorry, I downvoted it - I mistakenly assumed it was another annoying advertising fake post.

          Lycan ThropeL PeterJonesP 2 Replies Last reply Reply Quote 1
          • Lycan ThropeL
            Lycan Thrope @Ekopalypse
            last edited by

            @ekopalypse ,
            To err is human, to really mess up, involve a computer. :-)

            Lee

            1 Reply Last reply Reply Quote 1
            • PeterJonesP
              PeterJones @Ekopalypse
              last edited by

              @ekopalypse said in Community weekly digest ends up in SPAM:

              I mistakenly assumed it was another annoying advertising fake post.

              Not a problem. I probably would have done the same if my last couple weeks hadn’t been intimately involved with those same settings and website – because until the holiday week, I had never heard of any of those terms. ;-)

              1 Reply Last reply Reply Quote 2
              • NicholasN
                Nicholas
                last edited by

                I would be careful about who you allow to send as your primary domain. Any security issues and they could start impersonating admin accounts. You should be using -all at the end of your spf record.

                I would be sending the emails as no-reply@community.notepad-plus-plus.org and adding the TXT record to the community sub domain so it is just this host and no one else.

                I’m not sure if you need to also set the MX record if you don’t intend to receive email for the sub domain. It might affect some spam filters.

                1 Reply Last reply Reply Quote 0
                • donhoD
                  donho @timint01
                  last edited by

                  @timint01

                  I just checked in my host, in fact, DKIM was missing and SPF was conflict.

                  Obviously these 2 parameters are not initialized. I just initialized them by default, it should be getting better now.

                  Please let me know if it’s fixed. If not, I will try to tune it up.

                  PeterJonesP 1 Reply Last reply Reply Quote 0
                  • guy038G
                    guy038
                    last edited by guy038

                    Hi, all,

                    As for me, everything seems OK

                    0f2212f8-e640-4075-9dcc-2e9da1b063d9-image.png

                    Best Regards,

                    guy038

                    EkopalypseE 1 Reply Last reply Reply Quote 0
                    • EkopalypseE
                      Ekopalypse @guy038
                      last edited by

                      @guy038

                      Wow - you are blacklisted, be careful as long as your pseudonym is not Raymond Reddington of course :-D

                      1 Reply Last reply Reply Quote 0
                      • PeterJonesP
                        PeterJones @donho
                        last edited by PeterJones

                        @donho

                        Please let me know if it’s fixed. If not, I will try to tune it up.

                        When I have the forum send the mail to the tester, it still shows up with the errors:
                        7b9eca04-3879-4bc8-88b7-b46b377fdd1f-image.png

                        And when I poll the DNS using dig for windows (or equivalently with the builtin dig on a linux host I have access to), I still don’t see DKIM (_domainkey) or DMARC (_dmarc) entries for notepad-plus-plus.org’s DNS

                        C:\Users\Peter>dig +short notepad-plus-plus.org TXT
                        "v=spf1 include:_spf.mail.hostinger.com ~all"
                        
                        C:\Users\Peter>dig +short default._domainkey.notepad-plus-plus.org TXT
                        
                        C:\Users\Peter>dig +short _dmarc.notepad-plus-plus.org TXT
                        

                        Or doing the equivalent with Windows’ built-in nslookup:

                        C:\Users\Peter>nslookup -type=txt notepad-plus-plus.org
                        Server:  dns.google
                        Address:  8.8.8.8
                        
                        Non-authoritative answer:
                        notepad-plus-plus.org   text =
                        
                                "v=spf1 include:_spf.mail.hostinger.com ~all"
                        
                        C:\Users\Peter>nslookup -type=txt _dmarc.notepad-plus-plus.org
                        Server:  dns.google
                        Address:  8.8.8.8
                        
                        *** dns.google can't find _dmarc.notepad-plus-plus.org: Non-existent domain
                        
                        C:\Users\Peter>nslookup -type=txt default._domainkey.notepad-plus-plus.org
                        Server:  dns.google
                        Address:  8.8.8.8
                        
                        *** dns.google can't find default._domainkey.notepad-plus-plus.org: Non-existent domain
                        

                        So @donho, if you made changes to the DNS entry for notepad-plus-plus.org, they haven’t propagated to the outside world yet. (Normally the changes only take a few hours; it’s been 23 hours since the message above.)

                        Polling to find out the DNS server:

                        C:\Users\Peter>nslookup -type=ns notepad-plus-plus.org
                        Server:  dns.google
                        Address:  8.8.8.8
                        
                        Non-authoritative answer:
                        notepad-plus-plus.org   nameserver = ns2.dns-parking.com
                        notepad-plus-plus.org   nameserver = ns1.dns-parking.com
                        

                        If I then tell nslookup to use ns1.dns-parking.com as the server for doing the query:

                        C:\Users\Peter>nslookup -type=txt notepad-plus-plus.org ns1.dns-parking.com
                        Server:  UnKnown
                        Address:  162.159.24.201
                        
                        notepad-plus-plus.org   text =
                        
                                "v=spf1 include:_spf.mail.hostinger.com ~all"
                        C:\Users\Peter>nslookup -type=txt default._domainkey.notepad-plus-plus.org ns1.dns-parking.com
                        Server:  UnKnown
                        Address:  162.159.24.201
                        
                        *** UnKnown can't find default._domainkey.notepad-plus-plus.org: Non-existent domain
                        
                        C:\Users\Peter>nslookup -type=txt _dmarc.notepad-plus-plus.org ns1.dns-parking.com
                        Server:  UnKnown
                        Address:  162.159.24.201
                        
                        *** UnKnown can't find _dmarc.notepad-plus-plus.org: Non-existent domain
                        

                        … I got the same answers as with the public DNS server.

                        There shouldn’t be any propagation delay on the “home” DNS servers, since that’s the entry that is being edited. So it looks like whatever changes you made didn’t get saved properly.

                        donhoD 1 Reply Last reply Reply Quote 0
                        • donhoD
                          donho @PeterJones
                          last edited by donho

                          @PeterJones said in Community weekly digest ends up in SPAM:

                          So it looks like whatever changes you made didn’t get saved properly.

                          Thank you for your help.

                          Just checked again, it’s saved :

                          8d710f8e-982e-49e4-a76f-92c38c165c7a-image.png

                          As I said, DKIM was missing and SPF was conflict (instead of Active).
                          I guess what I have done is not enough.
                          However, it seems that I cannot change the default settings.

                          On which part I should configure exactly?

                          PeterJonesP 1 Reply Last reply Reply Quote 0
                          • PeterJonesP
                            PeterJones @donho
                            last edited by

                            @donho ,

                            I don’t know hostinger’s interface. All I can tell you for sure is that your public SPF record looks like v=spf1 include:_spf.mail.hostinger.com ~all … and if you want the forum emails to properly have the SPF, it will have to be more like what I showed in January (edited for the new hostinger-default text): v=spf1 include:_spf.mail.hostinger.com include:relay.mailchannels.net include:digitalocean.com ip4:104.131.212.184 ~all – the extra includes, and the ip4, will allow addresses associated with the emails from the Community Forum to also be allowed.

                            For the DKIM, I would be curious if the down arrow at least showed the key name and value, even if it doesn’t ;let you edit… that would at least let me probe externally.

                            But looking at your screenshot of the hostinger entry, I would try clicking on the SPF’s down-arrow, and see if that allows you to edit the raw contents. Otherwise, this page may show you different ways to dig into the raw DNS records rather than their top-level GUI, or another page here – It looks like they are both talking about the “zone editor” feature at Hostinger. It looks like Zone Editor gives you access to all of the entries, so you can maybe see what “selector._domainkey” the DKIM is used with (I was suggesting default._domainkey, but maybe hostinger uses another selector). And from that page, you should be able to edit the TXT for the SPF and add a new TXT entry for _dmarc (and give it the value I suggested in January)

                            donhoD 2 Replies Last reply Reply Quote 0
                            • donhoD
                              donho @PeterJones
                              last edited by donho

                              @PeterJones

                              I just created don.ho@notepad-plus-plus.org (and it’s the only one account on notepad-plus-plus.org so far.

                              And here is the log of email:

                              176abee5-0810-4489-8620-c2801ce49ee4-image.png

                              I’m wondering if I should create the account like admin and news-noreply ?

                              1 Reply Last reply Reply Quote 0
                              • donhoD
                                donho @PeterJones
                                last edited by

                                @PeterJones said in Community weekly digest ends up in SPAM:

                                and if you want the forum emails to properly have the SPF, it will have to be more like what I showed in January (edited for the new hostinger-default text): v=spf1 include:_spf.mail.hostinger.com include:relay.mailchannels.net include:digitalocean.com ip4:104.131.212.184 ~all – the extra includes, and the ip4, will allow addresses associated with the emails from the Community Forum to also be allowed.

                                So should I edit it to the value you suggested?

                                afb6423a-7067-44a1-bdb0-1a04912c4031-image.png

                                donhoD PeterJonesP 2 Replies Last reply Reply Quote 0
                                • donhoD
                                  donho @donho
                                  last edited by

                                  @donho said in Community weekly digest ends up in SPAM:

                                  So should I edit it to the value you suggested?

                                  I’ve just edited the entry I showed you on the screenshot above to the value you suggested, and back to the email section:

                                  15c8e874-70fe-4f81-ae10-57aaec5681e8-image.png

                                  PeterJonesP 1 Reply Last reply Reply Quote 1
                                  • PeterJonesP
                                    PeterJones @donho
                                    last edited by PeterJones

                                    @donho ,

                                    Yes, I would say to Edit the one you have highlighted to the value I supplied.

                                    And if there’s an Add or New button not shown, I would use that to create a new TXT record with the name _dmarc and the value v=DMARC1; p=none; rua=mailto:don.ho@notepad-plus-plus.org

                                    08036303-254c-4cae-a157-0b815dcf479c-image.png

                                    Also, if you could send me an email (I believe you can look at my profile and see my configured email) from the don.ho@notepad-plus-plus.org address, it should put useful information in the headers, which I can use to help you confirm whether that’s gotten set up right or not.

                                    PeterJonesP 1 Reply Last reply Reply Quote 1
                                    • PeterJonesP
                                      PeterJones @donho
                                      last edited by

                                      @donho said in Community weekly digest ends up in SPAM:

                                      I’ve just edited the entry

                                      and I can already confirm that change has propagated:

                                      C:\>nslookup -type=TXT notepad-plus-plus.org
                                      Server:  localhost
                                      Address:  127.0.0.1
                                      
                                      Non-authoritative answer:
                                      notepad-plus-plus.org   text =
                                      
                                              "v=spf1 include:_spf.mail.hostinger.com include:relay.mailchannels.net include:digitalocean.com ip4:104.131.212.184 ~all"
                                      

                                      that alone should help. And I think if you can add the _dmarc entry, that will help also.

                                      donhoD 1 Reply Last reply Reply Quote 1
                                      • donhoD
                                        donho @PeterJones
                                        last edited by donho

                                        @PeterJones said in Community weekly digest ends up in SPAM:

                                        that alone should help. And I think if you can add the _dmarc entry, that will help also.

                                        There’s control for adding entry:

                                        063362f1-8da7-4b46-b927-e92df228aad0-image.png

                                        But what kind of info should I provide to the 3 first case?

                                        PeterJonesP 1 Reply Last reply Reply Quote 0
                                        • PeterJonesP
                                          PeterJones @donho
                                          last edited by

                                          @donho ,

                                          TYPE should be TXT
                                          NAME should be _dmarc or _dmarc. (different interfaces differ on whether or not they want the . after the name)
                                          POINTS TO should be the value v=DMARC1; p=none; rua=mailto:don.ho@notepad-plus-plus.org

                                          donhoD 1 Reply Last reply Reply Quote 0
                                          • donhoD
                                            donho @PeterJones
                                            last edited by

                                            Done:

                                            9d416804-c07e-45c2-ad81-e522aa0aa818-image.png

                                            Could you check now?

                                            PeterJonesP 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            The Community of users of the Notepad++ text editor.
                                            Powered by NodeBB | Contributors