email support

Ask us about your TalkTalk email account and Webmail.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Gmail blocking Emails sent from Nildram, Gotadsl etc

JeffreySmith
Conversation Starter
Message 95 of 95

Apparently, Gmail made a change very recently that causes emails to be blocked if the sending domain doesn't have an SPF record.

 

The error detail is:

Hi. This is the qmail-send program at apm-internet.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

142.250.27.27 failed after I sent the message.
Remote host said: 550-5.7.26 This message does not have authentication information or fails to
550-5.7.26 pass authentication checks. To best protect our users from spam, the
550-5.7.26 message has been blocked. Please visit
550-5.7.26  https://support.google.com/mail/answer/81126#authentication for more
550 5.7.26 information. z21-20020a17090665d500b006d1ddb409bbsi6577603ejn.234 - gsmtp
STARTTLS proto=TLSv1.2; cipher=ECDHE-ECDSA-AES128-GCM-SHA256; subject=/CN=mx.google.com; issuer=/C=US/O=Google Trust Services LLC/CN=GTS CA 1C3;

0 Likes
94 REPLIES 94

JeffreySmith
Conversation Starter
Message 61 of 95

Thanks Gondola - I appreciate what you are saying about the delegated authority...however as you well know (and I appreciate all your advice this far) this issue has been outstanding for 3 months.

 

If we don’t have a solution by Friday afternoon we intend to contact Tristia Harrison again and ask for someone above Stewart to take control. Stewart has misled us in stating that he could personally sort it out (and quickly, which must be at least 3 weeks ago), we know that someone has twice tried to send emails from our addresses to gmail addresses and failed, plus we’ve no idea of what if anything is happening.
I’m sure you agree it’s not good enough and our complaint needs to be further escalated.
We should also be told whether, as we’ve suggested at least a couple of times, there’s any need for TT to contact Google and, if so, whether they have done.

0 Likes

Message 62 of 95

Hi JeffreySmith 

 

Complaints managers have delegated authority from the CEO's office to manage high level complaints. Such people are not going to be in depth technical experts per se but do have authority to involve technical experts. I think that getting the right people involved is what's meant by "working on it".

 

I'm surprised that the TTB legacy domains didn't cease when the TTB Mail domain was ceased so it'll be true that there are fewer email experts in TTB than previously.

GondolaVolunteer 2017-2022

  Like below to appreciate my help . . . Mark as solved  Accept as Solution

0 Likes

JeffreySmith
Conversation Starter
Message 63 of 95

Ady - Just to clarify....

"I dropped a mail to Stewart to make him aware of your posts. He's aware of the issue and working on it."

That’s not true as Stewart is simply dealing with the admin side! As indeed was Kit previously!
Until we get someone with technical knowhow, little is likely to change.
 
Phil Cook has certainly got the measure of Kit and Stewart, so we are more than happy to write to Tristia Harrison again to take it out of Stewart’s hands.

 

0 Likes

JeffreySmith
Conversation Starter
Message 64 of 95

Just to let you know the current state - Posted 5 test Emails yesterday and 4 failed with 1 getting through. Today I posted 8 Emails and 2 failed with 6 getting through. An improvement, but still hit and miss. 

As a separate issue, Windows Live Mail with a gmail account was rejecting signins in last 2 days. This is almost certainly a consequence of the Google signin change on May 30 where they removed the allowance for 'less secure apps' signins. Thankfully I was able to do the workaround (and probably better policy) of setting 2-stage verification in the Google account with an App Password specifically for Windows Live Mail.  Google then provided a 16 bit password which can be used as the WLM sign in password. There is no need to remember this password as u can regenerate new ones by logging in to google account. This probably is a more secure process.

Message 65 of 95

You're welcome. 

 

Ady


Please log in to My Account if you need to view or pay your bill, manage boosts and track your usage. From My Account you can also check your connection and test your line for any issues in the Service Centre.


cookp1
Team Player
Message 66 of 95

Thanks @Ady-TalkTalk 

PhilC

Message 67 of 95

I dropped a mail to Stewart to make him aware of your posts. He's aware of the issue and working on it. 

 

Ady


Please log in to My Account if you need to view or pay your bill, manage boosts and track your usage. From My Account you can also check your connection and test your line for any issues in the Service Centre.


Message 68 of 95

Hi cookp1 

 

If you've already escalated to a formal complaint then you'll need to leave it to the Complaints Manager to liaise with the TTB Domains Admin team that are the right team to get a suitable SPF file added to the DNS record for your personal domain. The DNS is set up and there are pointers to the MX servers for freedomtosurf.net that are hosted by apm-internet. 

 

You'd already contacted the right team in TTB, the Domains Admin. Normally, I'd expect you to have access to a DNS Control Panel to add things like the SPF file. But maybe that's restricted. The Domains Admin team would definitely have DNS Control Panel access.

 

Just to repeat that whilst we can give you general advice and guidance here on the TalkTalk Consumer Community there's no access to business accounts or systems and no direct escalation process from here into TalkTalk Business.

 

You were contacted by Stewart so he's your Complaints Manager and the only person, in lieu of any deputy, to keep you updated on what resolution is taking place.

GondolaVolunteer 2017-2022

  Like below to appreciate my help . . . Mark as solved  Accept as Solution

0 Likes

cookp1
Team Player
Message 69 of 95

Thanks @Gondola. I’m not aware of any access route that would enable me to add to my DNS record for cook.f2s.com myself. The TTB Domain Admin team have been sitting on my request since 20-Apr and there’s no sign of them doing anything constructive despite my many chasers and despite me raising my complaint via CS. Does @Ady-TalkTalk have any suggestions as to how I can get this escalated?

PhilC
0 Likes

Message 70 of 95

Hi JeffreySmith 

 

The SPF records for the TTB legacy domains seem to be all different. The f2s.com domain does have the SPF file (v=spf1 ip4:85.119.248.0/22 ~all) that encompasses all the possible apm-internet sending IP addresses that might be in use. 

 

But the personal domain name (registered for Cookp1 by the TTB Domain Admins) cook.f2s.com does not have any SPF record set up with the DNS record. Normally, I'd expect the user, that's you Cookp1, to have been given access to the DNS record to be able to set up and manage your own SPF record. But if that's not the case then the TTB Domain Admins should have set that SPF record up for you. 

GondolaVolunteer 2017-2022

  Like below to appreciate my help . . . Mark as solved  Accept as Solution

0 Likes

JeffreySmith
Conversation Starter
Message 71 of 95

Well they keep promising (latest message today 15:04 as below) but nothing ever happens.  Back to the CEO Tristia Harrison in a day or two, I think!

 

I apologise for the delay in response, I have requested an update from our SMC team regarding the ongoing email issue. I will contact you tomorrow afternoon and hopefully we will have this situation finally resolved.

Yours sincerely,

Stewart Anderson
Customer Experience Team | TalkTalk Business

0 Likes

cookp1
Team Player
Message 72 of 95

Just to add to the conversation, I too have experienced this problem with sending messages to gmail from my own @cook.f2s.com mail accounts. An SPF record is required for every subdomain that originates email so although the SPF record for f2s.com is in place I need someone to add a similar record for cook.f2s.com. I've spent the last 7 weeks chasing Kit in the Domain Admin team (case ref 08813752) and he's completely useless. So much so I raised a complaint on 11-May (case ref 08904751) which is being handled by Stewart Anderson, but even that has not prompted any useful progress. If the support team (Ady or the like) could intervene and generate a bit of effort and engagement from the various teams around TTB I would really appreciate it.

 

Thanks,

 

 

Phil

 

PhilC
0 Likes

Message 73 of 95

Why specify such a huge range of apm-internet IP addresses and then soft-fail the use of any IP address?

 

If the information originates from Google then I'd conclude that Gmail is failing the current SPF file. 

 

It's true that the IPv4 addresses in the current SPF file are no longer in use as they're for the legacy domains' smtp servers. Which leaves the IP addresses specified by the smtp.apm-internet.net domain i.e. 85.119.248.220 and 221. Using any other sending address will fail. Ping the mail.overssl.net server and it resolves to 85.119.249.65 so I can see why someone is suggesting 85.119.248.1 - 85.119.251.254 as the range of designated sending addresses. It's a catch all (weak) SPF file that doesn't give strong protection. I'd personally like to see specified IP addresses, or address ranges for the senders that could be used, and then hard fail any other IP address.

 

Interested to see where this SPF change takes you.

 

GondolaVolunteer 2017-2022

  Like below to appreciate my help . . . Mark as solved  Accept as Solution

0 Likes

JeffreySmith
Conversation Starter
Message 74 of 95

What they are telling me is:

 

"We need to set the SPF records for these domains to Needs to be set as follows:

v=spf1

ip4:85.119.248.0/22 ~all

 

This is the information I have passed on to the team and currently awaiting a fix for this"

 

0 Likes

Message 75 of 95

Hi JeffreySmith, please let us know how you get on. 

 

Ady


Please log in to My Account if you need to view or pay your bill, manage boosts and track your usage. From My Account you can also check your connection and test your line for any issues in the Service Centre.


Message 76 of 95

The domains team in TalkTalk Business normally manage the hosting of business domain names and may have taken on the outsourcing of the legacy mail domains to apm-internet. I don't yet see any change in the apm-internet SPF file nor any DMARC policy but I'll check back to see what happens. Thanks for the update. It's appreciated.

GondolaVolunteer 2017-2022

  Like below to appreciate my help . . . Mark as solved  Accept as Solution

0 Likes

JeffreySmith
Conversation Starter
Message 77 of 95

Hi Gondola, Phil et others,

I dont know if Phil got anywhere with his complaint but as a last resort we have taken it right up the CEO Tristia Harrison with an appropriate complaint. We pretty quickly had a phone call from someone from Customer Experience TTB and an Email saying "I will get into contact with our domains team straight away on how to fix the google authentication issue, I have had a very similar issue to this and believe I know what fix to implement for this. " Maybe it pays to go to the top to get anywhere...we will see!

Rgds

0 Likes

Message 78 of 95

Hi and thanks for the update. I see the situation hasn't improved any. I wish there was a workaround for your legacy mail other than sending from a domain that uses SPF, DKIM signing and a DMARC policy that will keep the inbound Gmail servers happy.

 

Perfect results sending from TalkTalk Mail servers into Gmail. I cannot test from the apm-internet servers. I would have hoped that TTB could have asked apm-internet email admins to liaise with their opposite numbers in Google to agree a solution.

GondolaVolunteer 2017-2022

  Like below to appreciate my help . . . Mark as solved  Accept as Solution

0 Likes

JeffreySmith
Conversation Starter
Message 79 of 95

Just a prompt that the issue is still ongoing!

Domain Admin Team Talk Talk Business keep replying that the problem is cleared by using Imap / Overssl but that just doesnt help!

They dont seem as yet to have addressed the authentication of outsourcing the legacy mail to apm-internet and have not come back with any workable response as yet on clearing the problem.

0 Likes

Message 80 of 95

Hi JeffreySmith, as always Gondola's advice is great. 

 

Thanks fro the heads up on the Gmail change.

 

Ady


Please log in to My Account if you need to view or pay your bill, manage boosts and track your usage. From My Account you can also check your connection and test your line for any issues in the Service Centre.