<

Problems sending mail to one or more external domains

Published on
83,005 Points
22,005 Views
40 Endorsements
Last Modified:
Approved
I have seen a lot of questions on EE where there have been problems sending out emails to one or more external email domains and most issues can be resolved fairly simply by checking to see that your Mail Server configuration is setup optimally and that your domains DNS records are setup correctly (where your domain is registered - not internally in your own server's DNS records).

If you face problems sending out mail, but only to a handful of domains, please run through the following checks / tests and make sure your environment is setup properly:

Reverse DNS:

Check your domain on http://www.dnsgoodies.com/ and see if you have a Reverse DNS pointer setup with a proper FQDN, not an ISP generic one.  If you do not have one setup - call your Internet Service Provider (ISP) and ask them to set one up to match the Fully Qualified Domain Name (FQDN) that your mail server responds as e.g., mail.yourcompany.com.  Also, your mailserver FQDN should also be setup with something like mail.yourcompany.com.  Any FQDN ending in .local or .internal or anything that is not a valid Internet Domain Name is not correct and should be changed otherwise you may experience problems sending out emails to some domains.

To get your ISP to setup Reverse DNS on your Fixed IP Address, there must be a corresponding A record configured in your DNS records (at your Domain Registrar) that resolves the name you want added, to the IP Address.  If such a record doesn't exist, then the ISP won't set it up for you!

A simple test from a DOS Prompt (Command Prompt) will help here:

nslookup mail.yourdomain.com

This should return your Public IP Address e.g., 123.123.123.123

Then if you run the following command:

nslookup 123.123.123.123

It will return your Reverse DNS record.  If it says mail.yourdomain.com (or at least if it matches what you type in the first time) then you are good to go.

Blacklists:

Check that your IP address is not listed on any Blacklists on http://www.mxtoolbox.com/blacklists.aspx and http://www.blacklistalert.org/ - If you appear on any blacklists, then you may have problems sending mail to some domains who check against blacklists (not everyone does, but a lot do). Follow the links on the results page to the particular blacklist site to find out the reason why you are listed (you may have an infected computer sending out spam that you are not aware of) and then deal with the issue before requesting removal from those blacklists (if you don't deal with the problem, such as an infected computer, you will get removed from the blacklist, but will only re-appear again as more spam is sent out).  Once you know what you are facing, you can resolve the problem.

If you are blacklisted - configure your firewall / router to block all traffic on TCP Port 25 Outbound from all IP addresses apart from your Mail Server.  This should reduce the possibility of an infection from getting you blacklisted further and will help prevent getting listed again once you have cleaned up your network.

IP Reputation:

Check your IP reputation on Senderbase http://www.senderbase.org.  You will either be Good, Neutral or Poor.  If your reputation is Poor - then you may have problems sending out mail and are most likely appearing on a blacklist or two somewhere.  If you are Neutral, then you may have had a problem in the recent past and are still recovering your reputation.  If you have a Good reputation, you should have no problems sending out emails.

SPF Record (Sender Policy Framework):

Check to see if you have an SPF (Sender Policy Framework) record setup on http://www.mxtoolbox.com/spf.aspx - If you do not have a record setup, visit http://old.openspf.org/wizard.html, run through the various options carefully and then you should see your SPF record in the final box at the bottom of the screen.  Once you have an SPF record, you have to publish this record in your Domains DNS records by adding a TXT record with the SPF record as the data e.g., Type=TXT Record=(output from http://old.openspf.org/wizard.html).  An alternative site to the openspf.org site that you can use is http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/ .

It is far better not to have an SPF record, than it is to have an incorrect one.  Not having an SPF record won't get your emails rejected, but a badly configured on will.

SPF records essentially tell the world which IP Address(es) / Mail Server(s) are permitted to send out mail on behalf of your domain.  If you send out mail from an IP Address that isn't permitted / included in your SPF record, don't be surprised if your emails get rejected and don't blame the recipient server for rejecting you.

General:

If you send out mail from a different IP address to the advertised MX record IP Address, please check that the Reverse DNS entry for this IP Address is also configured properly and that it resolves correctly to the same IP address on http://www.dnsgoodies.com/.  As an example, if you send mail out via IP 123.123.123.123 and the Reverse DNS entry setup on this IP address by your ISP is mail.yourcompany.com then mail.yourcompany.com should also resolve in DNS back to the same 123.123.123.123 IP Address.

Having checked all of the above and made any corrections to your configuration, your mail should be flowing better.  If it is not and your house is now in order, you are not listed on any blacklists and you still have problems sending out mail to one or more domains, then it may be that the external domain may be specifically blocking you, (Hotmail are quite good at doing this for no particularly good reason) you will need to contact them to try to resolve the issue.
40
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free