this post was submitted on 16 Sep 2023
1008 points (98.4% liked)

Technology

59569 readers
3899 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Google says it can’t fix Pixel Watches, please just buy a new one | With no official repair program and no parts, broken Pixel Watches are just e-waste.::With no official repair program and no parts, broken Pixel Watches are just e-waste.

you are viewing a single comment's thread
view the rest of the comments
[–] rar@discuss.online 1 points 1 year ago (1 children)

How do you deal with your custom domain emails being flagged as spam? I did all the requirements (SPF, DKIM, DMARC) and there still are some (e.g. old-fart gov or finantial institutions) that need a gmail address to communicate with.

[–] Chobbes@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

Often times when people complain about this there is some misconfiguration somewhere, which is admittedly hard to notice a lot of the time. One big gotcha with DKIM, for instance, is that TXT records have a limited size in DNS, so if you have a large key you likely cannot fit it within a single TXT record (an RSA 2048 key is too big, unfortunately). In theory you can split the key in DNS, but I'm not sure if every mail server will handle this correctly. Anyway, people will make an RSA 2048 key (or larger) and try to stuff it into a single TXT record and they might not notice that it doesn't fit (e.g., their DNS provider's interface may truncate the record silently). So, it's good to confirm after the fact that the records are good and working (there's a number of free services that will do that, e.g., https://www.learndmarc.com/).

The other thing that's a bigger deal than I think it should be is rDNS. The rDNS on the mail server really needs to be the same as the MX record or certain spam detectors flip out. If your MX record is mail.example.com, it seems like the spam detectors really want the rDNS to be mail.example.com and not example.com, for instance. You'll see some advice online that suggests that the rDNS record just has to exist and doesn't have to match exactly, but this has not been my experience.

Beyond that I have also registered for Outlook's SNDS and Google's Postmaster services, and I've also added myself to the whitelist here: dnswl.org/. I'm not sure how much of difference that makes, but it's something else you can try.