1

My team supports a website for a client, and we use SendGrid to send email related to the site on their behalf.

We do not have anything to do with their own email server and I don't at present know anything about it.

So far as I can work out, SendGrid has proper authentication and is an authorised sender for their domain, and almost 98% of email is delivered successfully.

However, we have had a handful of bounces with the reason "550 relaying denied" and all of these were to addresses at our client's domain (the same one as their website and the from address of the emails.)

Most emails to their domain were delivered successfully.

Unfortunately I don't have access to the full headers of the bounce emails, only the reason.

I understand that in general this error can either be caused by

  • the sender not being authenticated correctly. I am very far from being an expert in this but so far as I can tell, there is nothing wrong there. Or
  • a DNS or similar misconfiguration on the part of the recipient's email domain. I have even less understanding about this and I have no access or responsibility for the client's email server.

My main question is, is there any way the domain being the same as the from address could be related? Being as the email is claiming to be from the same place it's sent to, is it possible for that to affect how it's handled by relays?

If not, I'd also appreciate any pointers on where to look for the issue (or what to advise the client to look at if the problem is likely to be from their end.) I have been trying to research issues with email configuration and authentication but I am very much a novice in this area.

Thanks in advance.

CarrieVS
  • 140
  • 1
  • 7

1 Answers1

1

The domain being the same could very well be related, but normally when that happens, the receiving server refuses all mail purporting to be from itself.

Separate from DKIM & SPF, most mail servers believe they alone are responsible for the mail from their domain.com. As such, a lot of them have anti-phishing filters that reject "outside" mail that claims to be from themselves. It's like "You can't be Carrie, I'm Carrie! Go Away!"

The fact that it's only some mail is interesting. The error being relay denied may also be key, though these anti-phishing filters often use "fake" errors to not give away the game.
Do the recipients of the messages that are being rejected have some kind of internal forwarding applied? That may be the cause, in which case that bounce reason is honest.
Or they may have a more defined anti-phishing feature, only rejecting mail From or For certain addresses. You can try testing certain combinations, and see if anything is repeatable.

Ultimately however, it will come down to working with the receiving mail domain's admin, and either updating those rules, or whitelisting the SendGrid IPs that are sending the mail to them.

jacobmovingfwd
  • 2,185
  • 14
  • 11
  • 1
    At least one of the addresses that rejected the message does indeed have internal forwarding - I don't know about the others. Also, that same address has accepted another email since then. Thank you! I have something to investigate now. – CarrieVS Oct 19 '18 at 09:14