Google emails from my domain as spam

Loneweaver

Member
Nov 30, 2016
18
1
3
Botswana
cPanel Access Level
Root Administrator
Hi everyone

I need help with determining why gmail is flagging emails from my domain as spam. I have enabled both DKIM and SPF on the server but when I run a test with www.mail-tester.com or www.dkimvalidator.com it shows that I'm not fully authenticated.

On cPanel email authentication, there's the following warning message "cPanel is unable to verify that this server is an authoritative nameserver for “example.co.bw

The site is hosted at a different ISP than the one that the domain name is registered with, I'm wondering if this is what is causing the issue.
 
Last edited by a moderator:

mtindor

Well-Known Member
Sep 14, 2004
1,417
82
178
inside a catfish
cPanel Access Level
Root Administrator
It sounds like the authoritative nameservers for your domain are not set to be the nameservers in use on the cPanel server. As such, any DNS changes that you make within cPanel are not seen publicly. If you are going to have authoritative nameservers set to something other than the nameservers associated with the hosting server, you've got to go to the place where the DNS is being managed and duplicate the appropriate DKIM / SPF records.

Basically, cPanel is probably signing your emails with a DKIM key for which there is no public key published on the public authoritative nameservers associated with your domain, which is likely worse than having DKIM disabled altogether.

Mike
 

Loneweaver

Member
Nov 30, 2016
18
1
3
Botswana
cPanel Access Level
Root Administrator
It sounds like the authoritative nameservers for your domain are not set to be the nameservers in use on the cPanel server. As such, any DNS changes that you make within cPanel are not seen publicly. If you are going to have authoritative nameservers set to something other than the nameservers associated with the hosting server, you've got to go to the place where the DNS is being managed and duplicate the appropriate DKIM / SPF records.

Basically, cPanel is probably signing your emails with a DKIM key for which there is no public key published on the public authoritative nameservers associated with your domain, which is likely worse than having DKIM disabled altogether.

Mike
Thanks Mike. I'm relatively new to cPanel so I've attached screenshots of the tests I carried at www.mail-tester.com to see if you can pick any pointers and assist.
 

mtindor

Well-Known Member
Sep 14, 2004
1,417
82
178
inside a catfish
cPanel Access Level
Root Administrator
Where are you adding those TXT SPF and DKIM records? On the vxp-twebhost01 box? If so, are you sure that those local records on that box are being synced to vbnservices.net nameservers? If not, then you have to either set your authoritative nameservers for your domain to the nameservers that are used by accounts on vxp-twebhost01, or you need to somehow have access to the vbnservices nameservers to add the records there.

A typical cPanel server [not using a DNSOnly cluster] has two nameservers set up pointing to IP addresses _on_ the cpanel server. Then any accounts being hosted on that server must have their authoritative nameservers set to those nameservers that are on the local cPanel server, or you have to manually add the records to DNS wherever authoritative DNS is handled.

It's a little different if the hosting server is using external cPanel DNSONLY servers in a cluster where the local cPanel server automatically syncs its records with the DNSONLY nameservers.

At any rate, from your screenshots it isn't possible for me to really tell whether the vbnservices.net nameservers are supposed to received updates from the cPanel server or if you have to actually have to have vbnservices.net add the entries there for you because those servers are totally external.

I will say this though --

vxp-twebhost01.mascom.bw hostname does not resolve in DNS, and the ###.###.###.233 IP address does not have valid reverse DNS in place.

So even if your forward DNS zone for tsena.BBB.BB had all of the appropriate records in its authoritative nameservers for SPF / DKIM, you'd still run into problems sending mail from the ###.###.###.233 IP address because many if not most remote mail systems would not want to accept mail from an IP address that doesn't reverse resolve, and whos reverse DNS hostname does not forward resolve back to the ###.###.###.233 IP address.

Me thinketh that who you should really be asking for help from vbnservices / mascom.

If I telnet port 25 on the .233 IP address, it suggests that it's hostname is vxp-twebhost01.mascom.bw. However, vxp-twebhost01.mascom.bw doesn't even exist in the DNS zone of mascom.bw (dig vxp-twebhost01.mascom.bw) and reverse DNS for the .233 address doesn't exist either (dig 223.73.223.41.in-addr.arpa ptr).

Before that server starts to host any accounts, it should be set up properly with a valid hostname that resolves in DNS, and with a reverse DNS (PTR) record added for the main IP address on the server that matches the main server hostname.

Sorry, I know too little about how things are really configured [regarding DNS] to help you any further. I would suggest that you contact your hosting provider and point out the lack of DNS/rDNS resolution for the hostname / primary IP address of that server. And while you're at it you should ask them "what are the authoritative nameservers for the domains hosted on this server?"


mike
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

You'll need to ensure the domain name uses name servers associated with the cPanel server by setting up name servers per the instructions at:

How to Set Up Nameservers in a cPanel Environment - cPanel Knowledge Base - cPanel Documentation

Or, access the DNS registrar admin interface for the domain name in-question and manually add the SPF and DKIM TXT records that you see listed in "cPanel >> Authentication" for this domain name. You may also find this document helpful:

How to Keep your Email out of the Spam Folder - cPanel Knowledge Base - cPanel Documentation

Thank you.
 

behzad neissari

Registered
Feb 13, 2018
2
0
1
UAE
cPanel Access Level
Root Administrator
Hi
I send mail from webmail to google and check header of mail and see following detail

Received: from localhost ([127.0.0.1]:59792 helo=....
and google spam my email , please tell me how can change [ localhost ([127.0.0.1] ] to my server ip ?
also when i send mail with smtp from outlook i hjave this problem too and my client ip added in this header.

please give me help to solve that

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=.......
Received: from localhost ([127.0.0.1]:32812 helo=.......
MIME-Version: 1.0
Date: Tue, 16 Mar 2021 09:48:14 +0000




thanks
 
Last edited: