Community Forum

Mail to gmail failing

Silver Problem Solver

Mail to gmail failing

I tried to send email to a friend with a gmail account yesterday afternoon. I've gotten several bounces saying that the message doesn't have authentication info:

 

    This is an automatically generated Delivery Status Notification.      

Delivery to the following recipients was aborted after 14.6 hour(s):

 * XXXX@gmail.com

Reason: Temporary Failure

Reporting-MTA: dns; resqmta-ch2-06v.sys.comcast.net [69.252.207.38]
Received-From-MTA: dns; resomta-ch2-02v.sys.comcast.net [69.252.207.98]
Arrival-Date: Mon, 06 Aug 2018 20:54:34 +0000


Final-recipient: rfc822; XXXX@gmail.com
Diagnostic-Code: smtp; 421-4.7.0 This message does not have authentication information or fails to pass

Last-attempt-Date: Tue, 07 Aug 2018 11:28:31 +0000

This might be a problem with this specific Comcast server. I've been able to send mail to other gmail accounts in the past few days, and I just sent a successful test message to my gmail account.

Silver Problem Solver

Re: Mail to gmail failing

It's been happening yesterday and today with different Comcast servers:

 

Reporting-MTA: dns; resqmta-ch2-09v.sys.comcast.net [69.252.207.41]
Received-From-MTA: dns; resomta-ch2-11v.sys.comcast.net [69.252.207.107]
Reporting-MTA: dns; resqmta-ch2-10v.sys.comcast.net [69.252.207.42]
Received-From-MTA: dns; resomta-ch2-20v.sys.comcast.net [69.252.207.116]

Each of these is for a different gmail recipient. So some mail to gmail goes through, some doesn't, it seems random.

Official Employee

Re: Mail to gmail failing

Hi Bamar, I would like to help look into this further for you.  Please send me a private message with your full name and phone number.

 

Thank you 


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Official Employee

Re: Mail to gmail failing

Barmar,

 

Do you send all of your messages using the "MIT" email address? 


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Frequent Visitor

Re: Mail to gmail failing

I have had the same problem.

Frequent Visitor

Re: Mail to gmail failing

And yes, I send all my email through Comcast using my MIT address.

Silver Problem Solver

Re: Mail to gmail failing

Yes, my sender address is @Alum.mit.edu

Official Employee

Re: Mail to gmail failing

Okay, I reached out to someone at Gmail to see if I can get a more definitive answer.

 

From what I can see, "alum.mit.edu" has an SPF record (obviously not including the comcast.net outbound servers), but no DMARC record.  The SPF record does end with a "~all", which indicates "SoftFail" for IPs not explicitly included.  That may be the basis for the rejections.  I'll reply to this thread when I hear back from Gmail.


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Silver Problem Solver

Re: Mail to gmail failing

If it were a problem with the SPF record, why would some messages go through and others fail?

 

That's why I suspect that Gmail has some of Comcast's servers on a blocklist.

Official Employee

Re: Mail to gmail failing

We'd know if we were being blocked by IP.  The volume of mail between the two sites is rather large.  The message they're giving indicates they want the messages to be authenticated using SPF or DKIM.


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Frequent Visitor

Re: Mail to gmail failing

One theory that an email expert I consulted about this problem came up with is that some of GMAIL's servers are running newer software with the stricter authentication protocols and some are not (yet).  If the theory is correct, over time the problem would get worse and eventually all email from alum.mit.edu through Comcast to Gmail would bounce.

 

What can be done to add the appropriate authentication?

Official Employee

Re: Mail to gmail failing

Correct, that's plausible.  That's why I reached out to Gmail for confirmation (no word back yet).

 

There's not much we can do. If their SPF doesn't allow "comcast.net" servers to be used, and we can't DKIM sign on their behalf, Gmail (or anyone else validating those mechanisms) might continue to push back.

 

Let's wait to hear back from Gmail before too much speculation.  It could be something we haven't yet considered.


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Frequent Visitor

Re: Mail to gmail failing

I have no idea what SPF, DKIM, etc actually are, other than conceptually some sort of authentication mechanism or requirement.

 

But if you can't add the appropriate magic to make Gmail think these messages are authorized can the alum.mit.edu forwarding service do it?  (Assuming this question even means anything in light of the aforementioned fact that I don't know what I'm talking about)

Silver Problem Solver

Re: Mail to gmail failing


@jpmassar wrote:

I have no idea what SPF, DKIM, etc actually are, other than conceptually some sort of authentication mechanism or requirement.

 

But if you can't add the appropriate magic to make Gmail think these messages are authorized can the alum.mit.edu forwarding service do it?  (Assuming this question even means anything in light of the aforementioned fact that I don't know what I'm talking about)


The "appropriate magic" would have to be added by the alum.mit.edu domain owners. They specify who is authorized to send mail on the domain's behalf.

 

alum.mit.edu does have their own SMTP server. I'd been using it for a while, but a few months ago I started getting authentication errors so I disabled it. I just tried again and it worked, so I've switched back to it. The server name is outgoing-alum.mit.edu.

Frequent Visitor

Re: Mail to gmail failing

Yes, I'd discovered that as well, and am using it.  But it's not a supported feature as best I can tell.

Sending via Comcast with the from: address as my MIT address worked for 15+ years...

Silver Problem Solver

Re: Mail to gmail failing

It's documented here: Email Forwarding for Life FAQ

  

 You can also configure your email client (e.g. Outlook or Apple Mail) to use an SMTP (or outgoing) server that's available exclusively for MIT alumni. To do so, you will need to open your email client and specify outgoing-alum.mit.edu as your SMTP (or outgoing) mail server.

 

Frequent Visitor

Re: Mail to gmail failing

Well, it seems like Gmail is not responding...



 

Frequent Visitor

Re: Mail to gmail failing

Wait.  The outgoing mail in question is going from my machine to Comcast to Gmail.  It's not going through alum.mit.edu.

 

So are you saying that whomever at alum.mit.edu could instruct or give permission to Comcast to affix the appropriate magic to any message that has a From: from the alum.mit.edu domain?


The "appropriate magic" would have to be added by the alum.mit.edu domain owners. They specify who is authorized to send mail on the domain's behalf.

 

Silver Problem Solver

Re: Mail to gmail failing

SPF is a record in the alum.mit.edu domain that says "These are ths servers that are allowed to send mail from account@alum.mit.edu".

 

Currently it allows any server to send such mail, but if it's not one of the MIT servers it's a "soft fail", which means that it's considered suspicious. Apparently some gmail servers are treating this as a hard failure.

 

Actuallly, there's something Comcast might be able to do. It's called "Sender Rewrite Scheme" -- when you send mail through the Comcast server, it rewrites the sender address to your "accountname@comcast.net" address. This doesn't affect the visible "From:" header, so it's relatively transparent. But most SMTP software doesn't have this capability.

Official Employee

Re: Mail to gmail failing

Sorry, Google did respond, and my apologies on not updating this thread.  We're going to try something to see if we can get this to work for our customers.  I don't want to rewrite your messages, but we can DKIM sign the messages and that may be enough for your purposes.  We're going to trial this with the "alumni.mit.edu" and then expand if that's successful.  We're going to use a non-primary domain as the signing domain.  We need to work with the DNS folks to get this in place, not an overnight fix, but let's see if we can make this work for you.


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Silver Problem Solver

Re: Mail to gmail failing


@ComcastAntiSpam wrote:

We're going to trial this with the "alumni.mit.edu" and then expand if that's successful. 


The domain is "alum.mit.edu", not "alumni.mit.edu".

Official Employee

Re: Mail to gmail failing

Noted, and corrected.  Thanks


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Bronze Problem Solver

Re: Mail to gmail failing

I just found this thread.  I am also having problems sending to a Gmail address.  The sending address is my personal domain but I am using Comcast's outgoing mail server from my desktop computer using Pegasus email client.  I have not gotten any error messages and neither has the recipient.  Mail sent from my own Gmail account arrives just fine.

 

Edit:  After some testing I found that mail sent through the Comcast mail server sometimes ends up in the spam folder if it arrives at all.  The exact same mail sent through a non-comcast mail server from the same desktop mail client reaches the inbox with no problem.  So it would seem that the Comcast mail server may be the problem.   At any rate, since I do have access to alternate mail servers this is no longer a problem for me but something to be looked into.

 

mady

Official Employee

Re: Mail to gmail failing

Two things:

 

MadyLarian, if you'd like to provide your domain name (or send it to me via DM), I'll include it in the trial

 

Others using "alum.mit.edu" as your mail from.  Could you please try again and let me know if you see different results?


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Frequent Visitor

Re: Mail to gmail failing

Just sent some messages to a few gmail accounts.  Will see if I get bounces.

One which was sent to my own gmail account did go through.

(This doesn't prove anything since whether a message bounces seems to be somewhat random, but it's a hopeful sign)

Silver Problem Solver

Re: Mail to gmail failing

I just sent 6 test messages to my gmail address. I've received 5 of them so far.

Silver Problem Solver

Re: Mail to gmail failing

The missing message just showed up, it just took a little longer than the rest.

Frequent Visitor

Re: Mail to gmail failing

My two test messages through Comcast were received by the recipients (of whom I had previously been receiving intermittent bounce messages).

 

And, as I noted, my message through Comcast to my gmail account went through.

 

I guess I will start sending through Comcast again generally and see if I get any bounce messages in the next few days.

Official Employee

Re: Mail to gmail failing

Thanks to those of you who are helping validate this appears to be working for you now.  If this trend continues, we'll enable this for all domains being used by customers.


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Bronze Problem Solver

Re: Mail to gmail failing

Mine is now working as well.

 

Mady

Frequent Visitor

Re: Mail to gmail failing

 I have not received any bounces.  I'm ready to believe that the fix is working!

 

Is there a technical description of the fix that, were I, or some other person, to run into this problem with another ISP, we would be able to provide them with the solution in a useful form?

 

Thanks!

Official Employee

Re: Mail to gmail failing

Gmail seems to want to have as much mail as possible using authentication of some sort, typically SPF or DKIM.  Messages using outside domains are not likely (though, it is possible) to pass SPF when sent through the Comcast Residential Email platform.  In the past, we haven't signed messages for domains we didn't control.  To appease Gmail, we'll start signing messages (starting with these trial domains at first) with those outside domains, using an set of DKIM keys & domain (d=) which are unrelated to our primary domains for that platform.  SPF is a mechanism which states which source IPs should be allowed to send on behalf of a domain (openspf.org, RFC7208).  DKIM is mechanism whereby a system can sign a message (a set of headers and a portion of the body in most cases) as a way to use cryptography to ensure the messages hasn't been tampered with (opendkim.org, RFC6376).

 

I know that's a lot of technical jargon, but hopefully that can  help others.


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Frequent Visitor

Re: Mail to gmail failing

Thank you!

New Poster

Re: Mail to gmail failing

I am having a similar problem now. Certain emails are being forwarded while others are not. I am trying to forward to a @gmail.com domain. 

 

Where do I start?

Official Employee

Re: Mail to gmail failing

I'm only seeing that you've sent two messages in the past two weeks with the email address associated with the accont you posted with.  They were both forwarded to their destination.  If you used a different address, please send me a PM with more information.


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
New Poster

Re: Mail to gmail failing

Comcast is not allowing a reauthorization of Google mail for some reason

New Poster

Re: Mail to gmail failing

Comcast mail says I have to reauthorize my Google Gmail account I try it says "sign in with Googel temporarily disabled for this app"

Silver Problem Solver

Re: Mail to gmail failing

When is this happening? This thread is about sending mail from Comcast to Gmail, not about trying to use your own Gmail account.

New Poster

Re: Mail to gmail failing

Yes I get that but it started today I can't access one of my gmail accounts due to that message IO assume it is related

Silver Problem Solver

Re: Mail to gmail failing

No, it's probably not related at all. Website access has nothing to do with communication between mailservers.

 

Whatever problem you're having is probably an issue with your Gmail account, not a general Comcast problem.

Contributor

Re: Mail to gmail failing

Google prioritizes email from senders with proper DMARC, DKIM and SPF setups. I am sure it is a DMARC issue with Comcast. My Comcast email is immediately rejected. It is something to do with RFC on Xfinity’s end . Too many Comcast customers are having the same issues now. 

Highlighted
Official Employee

Re: Mail to gmail failing

All mail going from comcast.net to Gmail is properly DKIM signed, using SPF, and using DMARC.


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Re: Mail to gmail failing

Am I correct about not receiving or sending links anymore with Comcast? That’s why I personally care, but even an email with “test” fails. I will look again to Google. I cannot find any issues myself that work with any of my Comcast issues that began about 6 months ago. Diagnostic tests I run on different devices show no issues that I can see would make any difference, but there is a difference in that emails are not received. One was from a friend in another state who also has been a Comcast customer for many years. Another, a friend in Europe. Once I emailed them, their emails came through. Spam is a new issue. Today’s same spam and new spam I marked as spam. We’ll let this be until I can get to my toolbar and folders. Many customers are having the issues of spam, which had never previously been an issue as well as not receiving emails. That is why I am keeping this on a public forum. Hopefully between Comcast and customers we can get this cleared up for all by working together. Thanks.