Regarding my now-closed “Offloading Mail Services” post:
I have identified a potential issue with using these outbound SMTP services.
Using DuoCircle’s outbound SMTP service, I still have delivery issues.
Not 100% sure it’s responsible but their relay is applying spf authentication to my client.
Even though I authenticate with a username / password and pay $ with a company CC, they still authenticate my client mailer (claws mail on rocky 9.2) using spf and add the following header:
You can see spf=fail.
This is because I do not have <verizon residential ip> in my spf record (which of course I should not for various reasons).
Ultimately when sending a message to Gmail, selecting “Show original” indicates ARC: 'FAIL'.
Although it’s not tagged as SPAM, this and the presence of the fios residential ip is the only thing I can see that would cause this error message.
So it seems sending email from a residential IP for a custom domain is proving to be exceptionally difficult.
The only way I can conceive of doing it would be to send mail from my mail server so that I can put it in the spf record and run a DKIM service (this still doesn’t solve periodically being listed on the UCEPROTECT scammers RBLs).
Or find some outbound SMTP service that does NOT authenticate my client mailer using spf (which I would think should be ok if they have all of my intimate details like CC and company info).
Either that or just give-in and use web-mail.
But I REALLY don’t want to give-in and let microsoft or google or anyone else host my private company email.
Couple of options. 1st is to relay through verizon’s smtp servers:
You probably need to check with verizon what needs to added to your spf record
The other option is see if you can get a static ip. You can then add that to the SPF. You will also need a rdns/ptr record which matches a Forward A record for the static IP.
Actually I think I found a solution (immediately after posting here of course).
I just use my mail server (previously used mostly for receiving mail) to also send mail changing postfix/main.cf to add relayhost = outbound.mailhop.org:587 and added creds to postfix/sasl_passwd.
Then I added my mail servers fixed IP to spf and let DuoCircle handle DKIM.
Kinda convoluted IMO but I recon it’s a fairly typical delegation of responsibilities. It’s just because I’m one guy that this all seems terribly overkill to use two separate servers to handle a few emails. I suppose the real issue is that email is unusual in that there are no pre-established trust relations between authorities. It’s amazing it works at all.