OLX not sending out all emails

Options
H Aldervan Daly
H Aldervan Daly
Fifth Anniversary Photogenic First Reply
in Blackbaud Raiser's Edge NXT®: General Discussion
Good morning,


We have a big problem in that I discovered that many of our emails that were going to standard email addresses like gmail, Yahoo and Icloud. We have spent weeks working with support trying to get this to work. We followed all of their instructions about adding text to the DKIM. But nothing is working,  We use cloudflare as our email server and have Barracuda as our email security.  Any suggestions will be appreciated.


Aldervan
Tagged:

Comments

  • Chris Martin
    Chris Martin
    Ancient Membership Facilitator 2 Photogenic
    Hi H Aldervan Daly‍. I took a quick peek at at a few of the most recent bounce messages your organization has received and I think I can see what's happening. Your organization has what's called a DMARC policy in place. DMARC is a way to tell the gmails, yahoos and other email providers of the world how they should handle email their users receive that "looks like" it came from your organization. I say "looks like" because anytime you send email using a 3rd party tool like Online Express, the email is not actually coming from your own mail server...it's of course coming (in this case) from a Blackbaud email server. You're able to specify that the "from address" is for your org's domain, but the mailbox providers are still able to tell programmatically that this mail actually came from different servers.


    DMARC policies can be set to different levels of strictness, but based on the bounce messages I looked at, I believe what yours is saying to all of the mailbox providers is: "For emails to your users that look like they're coming from our organization, unless the email has been digitally signed using this special trusted key, I'm instructing you to reject it altogether". That digital key is DKIM and I think our support team is on the right track with trying to get that configured correctly. 


    I'll connect with you offline to get you get you connected to a resource who will be able to help. Thanks and sorry for the inconvenience so far.

    Chris Martin

    Blackbaud Product Management
  • John Alan
    John Alan Blackbaud Employee
    Eighth Anniversary Facilitator 1 Photogenic

    H Aldervan Daly‍ - have Support engage my team (Shared Services) post-haste. We'll give a hard look at this.

    DMARC is a policy. It's not authentication but a set of instructions, if you will, telling a receiving email server what to do if authentication fails. What should be noted is that "fails" means "not passing" - and, to DMARC, only passing = passing. Failing, of course, equals "not passing" but not having authentication ALSO equals "not passing" in the eyes of DMARC. As our servers DKIM sign our sending domains (not yours) this will "not pass" to DMARC. Enabling DKIM-signing for your sending domains will help with this. Until DKIM-signing for your sending domain is implemented fully, however, a site should never publish a DMARC policy as it will be invoked (remember, not having authentication equals "not passing" to DMARC.)

    As I said, get a ticket going with Support and very clearly state you wish it to go to the Shared Services team.

Categories