on 11-03-2022 14:39
I run a small business, we have our own domain and a hosted email service.
Recently one of our employees who works from home and uses Virgin Broadband as her ISP has started having email she sends from her business email flagged up as unsafe by Gmail (and potentially others I suspect). She uses Outlook email client and has her business email (so not a virginmedia email account) correctly configured with our mail server settings.
Every business email she sends is being flagged by Gmail as being unsafe. To help troubleshoot I had her use her mobile phone as a hotspot and send test email. Email sent this way Gmail does not flag as unsafe. So I'm pretty sure the problem only occurs when she is connected to the internet using her virgin broadband.
I have had a look at the SMTP header info from email Gmail considers unsafe (extract below) and the issues seems to be with spf and google not liking the virgin I.P address. (I've obfuscated part of the I.P address and our business domain name for security - but an I.P lookup suggests this is a Virgin media I.P address.)
Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning katew@mybusiness.co.uk does not designate 77.100.116.xxx as permitted sender) smtp.mailfrom=katew@mybusiness.co.uk Received-SPF: softfail (google.com: domain of transitioning katew@mybusiness.co.uk does not designate 77.100.116.xxx as permitted sender) client-ip=77.100.116.xxx;
Is there anyway that these outbound emails are being routed by a virgin media email server instead of ours?
I'm at a loss as to how to troubleshoot this further and any help would be appreciated.
Just to recap
Sender is someone@mybusiness.co.uk
Outlook email client (on Windows - not sure what version OS)
Outlook account settings correctly configured for my business.co.uk smpt server (inbound and outbound).
GMail flags the messages as potentially unsafe
Problem does not occur if the sender disconnects from virgin broadband and sends using another ISP for example mobile data.
11-03-2022 15:31 - edited 11-03-2022 15:31
Redact URL from rejected image and repost it.
--
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer and solved, or use Kudos to say thanks
on 11-03-2022 21:09
If you want to troubleshoot, you should look at the full headers from a flagged mail. The receipt lines will tell you exactly what route the mail takes from send to gmails servers.
Tim
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
on 12-03-2022 08:39
Thanks for that.
I've managed to sort this by adding a dmarc txt record to my DNS server for the affected domain.
This doesn't explain why only emails sent using virgin broadband were affected (they are being correctly routed via our mail server). Which is frustrating but at least the problem is resolved
on 12-03-2022 16:32
A DMARC record of p=none isn't a solution, it's a workaround.
If you want to solve the problem then you're going to need to take time to troubleshoot the issue properly.
If you want our help the we're more than willing to assist but at the end of the day, if we don't have the information we need, there's not a lot that can be done.
My first thought is this. What server are they connecting to in order to send their mail.
once you know this, you need to do an nslookup on the server name
Whilst connected to VM's network
Whilst connected to the mobile hotspot.
e.g. if I were checking my server I'd use
PS C:\Users\timdu> nslookup mail.ravenstar68.co.uk
Server: UnKnown
Address: fe80::c206:c3ff:fe3b:cc8d
Non-authoritative answer:
Name: mail.ravenstar68.co.uk
Addresses: 2001:41d0:801:2000::1739
51.68.196.229
Tim
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks