02-16-2024 05:46 AM
Folks,
I run a global online community and we are finding some of our users are not getting emails, this seems to only be happening when the recipient is using Ciscos Secure Email Gateway solution.
I have submitted a sample of our emails to the not_ads email address but is there anyone else who can help us figure out whats going on?
Our logs show the email gets sent to the email relay but the user either never receives it or it gets pushed to the quarantine.. How can I get some help to resolve this?
02-16-2024 06:19 AM
02-16-2024 06:28 AM - edited 02-16-2024 06:32 AM
Hi Ken,
Thanks we already checked talosintelligence and it says our domains are trusted and not blocked. Yes we have SPF and DKIM setup.
What is interesting is that the cisco community here uses the same community platform and also uses DKIMs so I am thinking someone in the admin team might have some clue here
Interesting our email is sent via this IP: 20.51.98.61 which has a neutral rating
02-17-2024 03:54 PM
So its looking like the source of our problem maybe because Cisco Secure Email Gateway is doing a domain lookup on the sender domain. Since the domain doesn't actually resolve (its only used to send email) there is no a record. So I think I need an MX record, which feels a bit odd since you can't actually email our community domain either.
Does this ring true with anyone?
The MX Record - does it need to resolve to the IP of the sending server or the ip of the domain of the from address? (these are different)
02-17-2024 07:42 PM
02-17-2024 11:58 PM
So for this community they have the same SPF we do:
Type | Domain Name | TTL | Record |
TXT | community-email.cisco.com | 600 | v=spf1 include:us.khoros-mail.com -all |
Obviously ours has our domain in the domain column, however neither cisco nor us have a PTR record or an a record on the domain.. But ours is being bounced by any Cisco Secure Email Gateway as with the error "Domain of sender address <sender email address> does not exist (in reply to MAIL FROM command)"
Now I am guessing the Cisco community team have resolved this as they wouldn't want their community email getting bounced and the only difference I can see is we don't have an MX Record, NS Record or a SOA Record (although I believe the SOA will pull from our parent domain when not specified on the sub-domain.
02-18-2024 07:57 AM
02-20-2024 04:07 AM
Hi all,
@charella Thanks yes we have DMARC already. Your question made me go back and check a few things through so let me share what I found:
I think we have now solved this, even if no one answer above is 100% the right answer and I would like to thank everyone who contributed to the discussion!
02-21-2024 04:25 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide