Continuing with the ongoing cases:
Regarding the Kinsta.com case, we received a response from support:
We don’t support outgoing DKIM signing with our relay service.
In this case, you will need to use a 3rd party provider. An example is gmail which is currently the site’s mail provider. Here‘s how to set it up.
However, as the emails are going to spam and SPF is set up, I will forward you to our security team so they can further assist and provide some pointers.
Please note, Our Malware and Abuse team works Monday – Friday. The Malware and Abuse team is not available on a real-time or live chat basis and will reply back as soon as we can, usually within one business day. If you have any further issues, please open a new chat with our Support team!
Support Analyst, Kinsta
Unfortunately, this email address is not on file in MyKinsta so I can’t delve into the details. Please reach out with an email on file or open a chat in MyKinsta.
With that said, I can provide some general advice. When a domain has a DKIM and DMARC record setup, it can cause transactional emails to fail. When either record is required, it’s advised to have a plugin like Post SMTP handle outbound WordPress emails, that way emails can successfully pass all checks.
Kinsta Malware & Abuse Engineer
So I asked the client to proceed and am waiting for an update:
We will need to install an SMTP plugin for WordPress. Could you please ask someone to install one of these and let me know when it’s available?
Regarding the case of messages being blocked by Google, support responded with the following instructions.
Hello Fabrício,
Thank you for contacting Google Workspace support.
I checked the shared message header and I see that the message is sent from Microsoft Outlook. In this case, could you please try all this IP address in your Inbound gateway in your Admin console and ask the Client to send the email to your account and check if you are able to receive the emails. You can follow the below steps to add the IP address in the Admin console.
Login to admin.google.com
Go to Apps > Google Workspace > Gmail
Select Spam , phishing and malware
Under Inbound gateway > enable the check box
Click on Add IP and add the first IP address “XXXXXXXXXXXX”
Click Save
Check > Automatically detect external IP (recommended)
Uncheck > Reject all mail not from gateway IPs and Require TLS for connections from the email gateways listed above
Uncheck > Message is considered spam if the following header regexp matches
Click Save.Once done please wait for the propagation time of 24 hours and check if you are able to receive the emails. You can refer to this Help Center article for more details: https://support.google.com/a/answer/60730. Please note that this case will be closed in
Regards,
Support Analyst, Google
Google Workspace Support
My response was:
Hi,
Thank you for your response. Will this solution work for all Google users or just for me?
If this solution only works for me, it won’t solve the client’s problem: they are unable to send messages to almost 100% of Google users.
And what about the fact that Microsoft’s IP is dynamic and may change for each message sent?
Best regards,
Fabrício
Next, they replied:
Hello Fabrício,
Thank you for contacting Google Workspace support.
Once you configure the IP address in your Inbound gateway, this will be applicable for the entire organisation users. Anyone who sends emails from that IP address will be delivered without any issues. I want you to monitor the changes once you add the IP address in the Admin console Inbound gateway. Please note that this case will be closed in the next 3 Business days, you can always reply to this message within the next 30 days and the case will reopen.
Regards,
Support Analyst, Google
Google Workspace Support
And I said:
Hi,
I made the changes, although I’m still determining if it will solve the issue for the reasons I mentioned.
I’ll get back to you later with the result.
Kind regards,
Fabrício
Well, the result is that the test did not work.
Today I sent this message:
Hi,
As I expected, it didn’t work.
Attached are the tests sent to:
a) fabricio at gmail.com (unsuccessful) – undeliverable-gmail.eml
b) fabricio at arena.tec.br (unsuccessful) – undeliverable-arena.tec.br.eml
c) fabricio at hand-delivered.email (successful) – delivered-private-email.txt
(a) and (b) are Google user email accounts.
What do you think about passing this case to the email deliverability team?
Kind regards,
Fabrício
To the client, I sent this message:
Thank you, ________. I reported to Google.
I suggested we pass our case to the email deliverability team in support.
Have you been able to find a contact in the not-for-profit area?
We need to talk to the right person. Otherwise, it won’t be easy to make progress.
I am considering reaching out to someone from Google directly on LinkedIn.
In parallel, please see if we can use the tool I suggested (InboxAlly)
I also want to remind you to suspend emails to Google recipients (from any sender on the @____________ domain). The domain’s reputation has dropped even further to “Low.”
Now with the DMARC record sending logs to GlockApps, we discovered that the platforms Blackbaud and Sendgrid are also sending emails on your behalf, and some settings need to be included. Do you think this makes sense? Who can we talk to to adjust them?
To be continued.
Another case:
I sent a meeting invitation to a client. The notification that she had accepted it went to my spam folder.
I found it weird and investigated. The reason: the lack of DKIM authentication in a Google Workspace account.
I sent this email to her:
Hi,
It looks like there’s a configuration missing in your primary email. Can you send any message to this address? [email protected]
I will share the results later. Thank you.
Kind regards,
Fabrício
She sent the email and I shared the results with her:
Hi,
Thank you. Here are the results. (I won’t publish the results due to privacy implications.)
There’s a configuration missing. It’s not a critical error; it’s an optimization. If you want me to fix it, I’ll need (temporary) admin access to the Google Workspace and the credentials to access the domain in https://iwantmyname.com/
Let me know how you want to proceed?
Kind regards,
Fabrício
To be continued.
