Gmail now rejecting unauthenticated mail

Gmail has long pushed for adoption of email authentication best practices from email senders, effectively making it tough to get to the inbox without proper email authentication in place. They also, for years now, have been very cautious about what mail they accept over IPv6, declining to accept mail over IPv6 that fails authentication checks. Well, now those same checks now apply to all mail sent to Gmail -- over IPv4 or IPv6. Meaning, if you want to send mail to Gmail, you need to authenticate that mail with Domain Keys Identified Mail (DKIM) or Sender Policy Framework (SPF).

If you're trying to send mail to Gmail subscribers, and the mail doesn't authenticate properly, it'll be rejected with this error message:

550-5.7.26 This mail is unauthenticated, which poses a security risk to the sender and Gmail users, and has been blocked. The sender must authenticate with at least one of SPF or DKIM. For this message, DKIM checks did not pass and SPF check for [domain] did not pass with ip: [IP address]. The sender should visit for instructions on setting up authentication. x-y.z - gsmtp

What does this mean? Your mail is not properly authenticated with DKIM or SPF.

If you think your mail is authenticating properly, but you're still seeing this error message, then there is likely a problem causing your mail not to authenticate properly. Time to review your settings and/or reach out to your email platform's support for assistance.

Don't assume that Google must be wrong. Just about every time somebody says, "I'm seeing authentication errors, but I know I have everything set up right," we later find that something wasn't set up right. Yes, ISPs can and do get it wrong once in a while, but that's the exception, not the rule.

Google has been tightening Gmail's filtering over these past few years. Once upon a time they were loath to reject mail, being much more likely to deliver bad (or misconfigured) mail to the spam folder. They are now much more likely to block mail that has problems -- authentication failures, misconfigured headers, etc. I think it's safe to assume that if they can find other good reasons to reject bad or misconfigured mail, that they are likely to do so. Thus, it's very important, more than ever before, to make sure that your email systems are configured correctly.

Post a Comment