Remote Server returned '<mail.mycompany #5.7.1 smtp; 554 5.7.1 Error: need authentication from mail.client.com>'

Senior IT System Engineer
Senior IT System Engineer used Ask the Experts™
on
Hi People,

I've got this error message today even after registering the SPF record in my public DNS succesfully:

Remote Server returned '<mail.mycompany #5.7.1 smtp; 554 5.7.1 Error: need authentication from mail.client.com>'

Open in new window


What I'm trying to do is that I wanted to allow Client.com who is our outsourced marketing partner to send out promotion email on behalf of my users mailbox in mycompany.com, I'm using Exchange Server 2013 while the marketing company is on AWS all in cloud.

How to allow this to work ?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Principal Software Engineer
Commented:
imo:  Stop right here and review what you are doing.  This is a very bad idea.

The "outsourced marketing partner" probably wants to send mail out using your company's domain not because it will look like it's coming from you, but rather because their CIDR blocks and domain names are blocked by all the major spam lists.  

If you allow them to use your servers for outgoing mail and the mailing list is not absolutely, impeccably clean (none are), shortly thereafter people will start complaining which will result in your domain ending up on Spamhaus and other spam lists.  Once on the major spam lists, no outgoing email from your company will be accepted at any organization using anti-spam filters and it will take a couple of years to get your domain and CIDR block off those lists.

Further, if you give them credentials to route mail out through your servers there's no guarantee those credentials will be protected.  Is there a clause in the contract that says if they get your domain name or servers blocked, they will pay to clean up the mess and buy you a new, clean CIDR block?  Probably not.  All the risk is on your end, not theirs.

Think really, really hard before you go ahead with this.  No matter how honest they are, all it takes is one slip on their end, one crooked employee selling your server's credentials, and you, personally, will end up with all the grief.  At the very least, send a memo around to everybody involved stating that you think this is not a good idea, and detailing the risks to your corporate email if this goes through.

Author

Commented:
Hi Dr. Klahn,

What sort of credentials that I need to share with them to allow email routing on my Exchange Server ?

I've never heard that before.
I agree with Dr. Klahn. Your email error code (554 5.7.1) suggests an attempt to "relay" through your organization. Reputable email marketing first would  _NOT_  need to use your email system to send email on your behalf.

A reputable email marketing firm should ask you to add an SPF record that "authorizes" then to send email messages from _THEIR_  email servers, but stamped with your email domain on them. This is common, and I've used many high volume email market firms that use this technique. Anyone can stamp your email address on an outgoing email message. But the SPF record is what authorizes them to do so. Without the SPF record, most spam filters will block the message / flag it as spam.

No one should be relaying email through your email system - except  your own staff (like copiers / fax machines / etc.)

Author

Commented:
Thanks all,

It turns out that I need to whitelisted the IP address in the SPAM filter to allow this to happens.

Yes, I know the risk, at least with the white listing, I know which IP address can do the relay.

I have added THEIR SPF entry to my public DNS record. Hopefully this is correct action I am taking.

Author

Commented:
Thanks all.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial