I have a client that has green check-marks for all authentication settings, but they can't receive their own campaigns (relatively suddenly - started sometime during the first week of September). Emails sent to my Google Apps account (from their CM account) are displaying the "via createsend5.com" in the From field. There are plenty of other domains that have been able to receive their campaigns, but obviously, the most serious issues with clients are when THEY can't receive their own campaigns!
It's not clear if it's something on their end or on CM's end.
I thought I could re-check settings from the CM interface, but ended up using some other DNS testing tools, which confirmed that they are using a correct Sender ID txt record, albeit in the earlier format (without the "a" and with a "~" instead of the "?".
It was harder to test the DKIM records, so I used the one on brandonchecketts.com. Here are the results (with personal information removed). It looks like there is a problem with the DKIM Key, but it matches the one specified in their CM account.
SPF Record Info
Helo Address = mo142.createsend.com From Address = CustomerName@CustomerDomain.com From IP = 184.108.40.206 SPF Record Lookup Looking up TXT SPF record for CustomerDomain.com Found the following namesevers for CustomerDomain.com: a.dns.hostway.net b.dns.hostway.net Retrieved this SPF Record: v=spf1 mx include:cmail1.com ~all. (TTL = 14400) Result: none (No applicable sender policy available) Result code: none Local Explanation: CustomerDomain.com: No applicable sender policy available spf_header = Received-SPF: none (CustomerDomain.com: No applicable sender policy available) receiver=bookscouter.com; identity=mailfrom; envelope-from="CustomerName@CustomerDomain.com"; helo=mo142.createsend.com; client-ip=220.127.116.11
DKIM Signature Message contains this DKIM Signature: DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=cm; d=CustomerDomain.com; h=From:To:Reply-To:Date:Subject:MIME-Version:Content-Type:List-Unsubscribe:Message-ID; i=CustomerName@CustomerDomain.com; bh=n2SkfbOJF6mWLEUiUaMmnP0bqt8=; b=upprePE8VNenve81FAJPTgSBcCD71bXehkR5Z+ZZpmMm0s7xHmsXhk5krlFe6gYz0TtFdNQYzhtO 5wvHMEu64BJ2csT0cDdoaa+kG3YYx9apAt7yfF7RRShbt1+brLSl Signature Information: v= Version: 1 a= Algorithm: rsa-sha1 c= Method: relaxed/relaxed d= Domain: CustomerDomain.com s= Selector: cm q= Protocol: bh= n2SkfbOJF6mWLEUiUaMmnP0bqt8= h= Signed Headers: From:To:Reply-To:Date:Subject:MIME-Version:Content-Type:List-Unsubscribe:Message-ID b= Data: upprePE8VNenve81FAJPTgSBcCD71bXehkR5Z+ZZpmMm0s7xHmsXhk5krlFe6gYz0TtFdNQYzhtO 5wvHMEu64BJ2csT0cDdoaa+kG3YYx9apAt7yfF7RRShbt1+brLSl Public Key DNS Lookup Building DNS Query for cm._domainkey.CustomerDomain.com Retrieved this publickey from DNS: p=MHswDQYJKoZIhvcNAQEBBQADagAwZwJg0NWHqTx89AL0BfnPnq8+e1uF7CXC5YMJ36EdbjAC9UiHERz11wLU3aSVNk+RozYm1/hMmtatytxwr8cb5fBOq5j29QvyvdOxcnENmNAQLIo0TjrW/KztIqan7deXW9IlAgMBAAE=. Validating Signature result = invalid Details: public key: invalid data
Hey there BraceRosso, my first hunch here is that the client's mailserver has started rejecting email from CustomerDomain.com that has been sent from our IP address (instead of say, an internal one). It is likely a matter of getting the customer's tech team to whitelist our sending IP addresses to get the campaigns coming through again.
If whitelisting doesn't bring any joy, kindly get in touch with our team and we'll look at whether domain authentication, or something else is causing these issues.
I can ask them to whitelist your array of IP addresses, but the natural question from the client (if not me) is "how do we know that this isn't happening at other recipients' mail servers?" And "why would this happen" (We're not seeing any bounce reports from email addresses in their own domain).
How do you explain to a client that the platform they selected is using and IP address that might randomly get rejected?
As Ros already mentioned, can you send a support request through? I'd like to take a closer look at your actual account setup. If the DKIM records are all setup correctly the "via createsendx.com" message shouldn't be showing up in google mail, so something looks to have gone wrong here.
Update: We're going to try whitelisting IP addresses and removing a "." from the end of the DKIM record that shouldn't be there. I'd like to test those solutions separately, but for the sake of time, and to avoid future problems, working on getting both done at the same time. Will update once we have an opportunity to test.
Thanks Phil, Ros.
Removing the "." fixed the inbox authentication issue (while we were in there, we also updated the Sender ID record. I couldn't verify if the client's admin folks whitelisted the IP addresses (I don't think they had), but the following campaign was delivered successfully.
Thanks for the attentive support CM!
Thank you for working with us - we're glad the campaigns are making it through now :)
From Australia to Zimbabwe, and everywhere in between, companies count on Campaign Monitor for email campaigns that drive real business results.Get started for free