So we are using MinistrySafe for Awarness Training. We send out training emails to various people with gmail addresses (e.g. external to our domain). For some reason these emails to gmail clients are never received, not it trash, junk, SPAM. emails to other non-gmail clients work, they end up in their spam filters but at least they are sent. Emails to our domain work fine. I’ve contacted the company and the recommended getting authenticated by gmail so I added appropriate TXT and CNAME records to our domain but still nothing so we are google authenticated now. I would like to trace emails but can’t since i don’t know what MinistrySafe uses as their email server. i’m at a loss on how to proceed.
I’m unfamiliar with that product, so my first question is: are the emails that MinistrySafe is sending come from one of your church email addresses or from their address? If they are sending “on behalf” of your email domain, you will need to add something to your SPF record. This would be exactly like adding ContantContact, MailChimp, etc. If not, and they come from one of their email addresses (eg. training@ministrysafe.com), then it’s entirely on them to solve this deliverability problem.
EDIT: side note on your SPF record (for cbcbellevue.com): you are using ?all, which is generally a bad idea. If you’ve got a good handle on what systems are sending email on your behalf, you should at least change it to ~all so that unknown sources are treated as spam.
okay thank you. they are sending on behalf of our domain. i’ll contact them again about what to put in the SPF record. thanks for the tip about the ?all. Much appreciated.
MinistrySafe just informed me that Google is blocking cbcbellevue.com. I’ve attached the error.
Here’s my DMARC record. I’ve had it at 100% reject for a long time. Not sure why gmail has a problem with it.
v=DMARC1; p=reject; pct=100; rua=mailto:support@cbcbellevue.com; ruf=mailto:d8840c43@forensics.dmarc-report.com;
It’s almost certainly not DKIM signed mail, which your DMARC policy says to
reject.
So what do you recommend? I’m at a loss here. Do I not reject emails or set it at a lower reject rate?
Your DMARC report should say exactly why it’s getting rejected. Then,
either you have to get the signing and SPF fixed or turn them off, or have
the emails sent by the sender and not from your domain.
Excellent, thank you!!