I have noticed that since around the 18th October, I don’t seem to be receiving a ‘CC’ copy of invoices when I send them and select the ‘CC Me’ option (which I usually do).
Looking in the ’ [Settings] - Sent Email Log’ section, I can see two entries for when I am sending invoices - one to my client send via an SMTP server of my own configuration (SMTP:smtp-relay.brevo.com), and another ‘CC’ entry relating to the copy that should be sent to my ‘QuickFile’ account registered email address which shows the ‘SMTP:SESAPI’ when I look at the details.
It seems QuickFile is recording that an email is being sent, but it’s not coming through to me and I can see no reason why that should be. I have tried sending an email to the email address I use on my account and that does come through. But nothing when the email is generated from within the QF system for an invoice, which is very strange.
Has the setup for this changed, or is there something else I need to do? I have tried sending a test invoice to myself using a Gmail email address I use for testing purposes, which I then ‘CC’ copied to myself when sending. The ‘client’ copy comes through to my Gmail address, but my CC copy does not, despite the ‘Sent Email Log’ showing as being processed in ‘0.39 seconds’.
All CC emails are sent through the default email setup regardless of if there is SMTP enabled on your account.
Nothing has changed on our side with regards to how they are processed, but we have recently tightened the settings on our email, which, if anything, would improve deliverability.
If they are showing as “Sent” in the email sent log and you’re not receiving anything, it would suggest your receiving email server is rejecting the email before it gets as far as being moved to a spam/junk folder. If this is the case, you would need to contact your email provider so they can check their logs.
If we had received a bounce back, this would prevent future emails being sent (they’d show as “Blocked” rather than “Sent”), so I don’t believe that is the issue here.
Yes, I do understand that all ‘CC’ messages go through the default QF email setup, not the configured SMTP server used to send to client addresses.
I don’t know why messages would be blocked. I don’t pay for any kind of mail filter, and I certainly receive plenty of spam messages, so odd to pick on these messages which have been coming through for 8 years or so. I will speak to the supplier to see what they say.
I have spoken with my provider. It seems Hotmail (Microsoft) is rejecting the messages, according to the server log, which shows the following:
Oct 31 15:29:29 glamailrelay2 postfix/smtp[5531]: 1224D86663: to=<[<REDACTED_INFORMATION>@hotmail.co.uk](mailto:<REDACTED_INFORMATION>@hotmail.co.uk)>, relay=eur.olc.protection.outlook.com[104.47.12.33]:25, delay=0.51, delays=0.02/0/0.27/0.23, dsn=5.7.509, status=bounced (host eur.olc.protection.outlook.com[104.47.12.33] said: 550 5.7.509 Access denied, sending domain [QUICKFILE.CO.UK] does not pass DMARC verification and has a DMARC policy of reject. [LO0P123MB6653.GBRP123.PROD.OUTLOOK.COM 2023-10-31T15:29:29.563Z 08DBD9790477F011] [DB9PR02CA0006.eurprd02.prod.outlook.com 2023-10-31T15:29:29.575Z 08DBD8DFDBDB68E4] [DB3EUR04FT044.eop-eur04.prod.protection.outlook.com 2023-10-31T15:29:29.567Z 08DBD948B7337635] (in reply to end of DATA command))
You mentioned that you’ve made changes recently that was through to “improve deliverability”. Was that to add ‘DMARC’ information, as if so, it would appear there could be an issue with it
To explain, the email address in my QF setup forwards to my hotmail address. That’s how it’s been for many, many years.
Yes, it is the DMARC information that we’ve amended. Unfortunately this isn’t something that we’re able to change as it was done to ensure emails are delivered for our users.
If your emails are being forwarded, what email address are they being forwarded from - ours, or the one we send it to (originally)?
It’s a fair question, though it would seem the answer is in the log message, which says:
“Access denied, sending domain [QUICKFILE.CO.UK] does not pass DMARC verification and has a DMARC policy of reject”
It is specifically mentioning ‘QUICKFILE.CO.UK’ not my ‘ridea.co.uk’ domain, which I don’t think has DMARC configured.
Let’s think of it this way; you’ve made a change and If that change was made on or around the 18th October, which was the last time I successfully received a ‘CC’ email from the QuickFile system, then it would seem there is some issue caused by that. As I have previously stated, I CAN send an email to my ‘@ridea.co.uk’-based email address and receive the server forwarded message on my hotmail email address. That setup has been in place for as long as I have used QuickFile. Something has changed and it’s stopping an important feature from working. How can we fix it?
From the error, it suggests that DMARC is failing, which if it’s being forwarded, this is a possibility.
If the emails are being received by the initial email address (where QuickFile is sending them), it would suggest that the email is sent and processed correctly, and there’s something happening when it’s being forwarded.
It’s known for some mail servers to break the DMARC signature when forwarding emails, which is unfortunately outside of our control.
Removing or reversing the changes we’ve made aren’t a possibility due to the risks involved, especially with the type of emails being sent through QuickFile (relating to invoices, asking for payment, etc.).
Your email provider may be able to assist with this further, so it may be worth querying this with them.
OK, so I understand what you’re saying. But it’s a feature of the service I am paying for that was working. A change has been made and now it doesn’t work. I’m still paying for it and it should work but you’re saying that it’s known that DMARC can be “broken” by a mail forwarding setup, which is a common setup to have.
I have spoken to my domain host - EasySpace - who provide the mail forwarding service. That is who provided the rejection notice detailed in a previous post. That notice is very specifically detailing the issue is on the “QuickFile.co.uk”, which they have no control over, as it’s yours. They’re telling me to speak to you and you’re telling me to speak to them. I’m paying both of you money but it seems neither of you can help. Is this an issue with the ‘DMARC’ standard, as it currently exists?
What else can we do to resolve this, or are you washing your hands of it? All I want to be able to do is get a CC copy of messages sent through the QF system, which is a documented function. What can be changed to get this back that doesn’t result in losing something else or additional cost? You say it’s out of your control, but it’s not in my control either and I didn’t make the change. If you think EasySpace need to do something, do you know what it is I need to ask them to do? What I don’t understand here is that if I send an email to email address used on my QF account from say a ‘Gmail’ address, it successfully forwards through to my hotmail email address. Presumably Google has a DMARC record, but that’s not being broken in the mail forwarding setup I have in place. What’s the difference? Is it the content of email triggering it (mentions of “invoice” & “payment” etc), as that’s not what’s being suggested in the log?
At its heart, DMARC is a mechanism for the owner of an email domain to announce to the world that email that is “from” addresses at this domain should only be accepted if it comes from one of a specific set of email servers. This works well for email sent by the domain owner themselves but it can be broken by forwarders that blindly forward emails on without changing the “from” line. What is happening for you is:
QuickFile sends an email from something@quickfile.co.uk to you@ridea.co.uk
the ridea.co.uk email server (EasySpace) receives this email - if EasySpace checked the signatures and source IPs that make up the quickfile.co.uk DMARC rules they would determine that the email was valid as it was signed by QuickFile and was received from one of the allowed email server IP addresses.
EasySpace then forwards the message on to your real email address but they do not change the “from” address - this is the point where things break
your real email provider (e.g. gmail) receives the email, sees that it is “from” a quickfile.co.uk address, so applies the QuickFile DMARC rules
they reject the email because the EasySpace email server is not one of the allowed sender IPs for the quickfile.co.uk domain.
The only solution for this is for the forwarder to change the “from” address on the email when they forward it, so that the quickfile.co.uk DMARC rules no longer apply. This is what some mailing list providers like groups.io do - when forwarding a message to a mailing list from a domain that enforces DMARC they will change From: something@quickfile.co.uk to From: something=quickfile.co.uk@groups.io so that subsequent receivers see groups.io as the originating domain and don’t try to enforce the quickfile.co.uk rules.
If EasySpace don’t offer this kind of option in their forwarding setup then you’d have to switch to using their hosted email box (via webmail or IMAP) instead of forwarding the email on elsewhere.
Well, there is an alternative solution if you have more control over your eventual “real” mailbox and can somehow configure it not to enforce DMARC/SPF/DKIM on messages it receives via the EasySpace server, but unless you run your own email server I doubt you have this level of configurability available to you. Certainly you can’t do this if you’re forwarding to something like gmail or MS 365.
It’s a frustrating situation that a change has essentially broken a system that has worked for me for over 8 years. My setup, though not at all unusual (to have a mailbox forward another address on a wholesale basis), does appear to cause an issue. I could revert it to an individual POP3 mailbox, but since this isn’t 1998, and I need access to it on various devices which POP3 does badly, I won’t be doing that.
For the time being, I have changed my registered account in QF to directly be my hotmail address, which works. It’s far from a satisfactory solution, but without spending out on a different mail system, it seems it’s the only option I have.
Email is a bit of a beast and has evolved over the years to tackle spam and phishing email, so it’s vital we keep on top of this to maintain trust and security in our service. The forwarding option, in theory, shouldn’t have worked due to the reasons @ian_roberts mentioned above. But this is down to the forwarding email server rather than QuickFile.
If you’re using it on multiple devices, I highly recommend using IMAP over POP3 which does keep all devices in-sync, whereas POP3 would download the email and typically remove it from the server (preventing it from being downloaded to other devices).
You could also a free email address rather than paying for one, such as Outlook, Gmail or the various other platforms out there. Unfortunately this is outside the scope of our support, but we have quite a supportive community who may be able to help.
Thanks. I agree, IMAP would be better than POP3, but that’s a chargable service. If I am paying extra for an email service, I’d probably go to an ‘Exchange Online’ or M365 server, as that offers more again (Calendar & Contact syncing, as well as email). Thus far, I’ve not found the need, as I get that with hotmail, which is essentially an Exchange service anyway. As time goes on, I may find it justifiable to buy that. I probably should, to be honest, but it was just another expense.
As you say, that’s all beyond the scope of your support, but I was mentioning it as it was the reason for the original setup. For now, using a hotmail address for the registered QF account doesn’t seem to cause an issue, so I will leave it that way until I change my email setup, which I am sure I will eventually do.
GMail is still capable of fetching mail from a POP3 server into your GMail inbox (Check emails from other accounts - Computer - Gmail Help) so that might be another possibility - set up a POP3 box on EasySpace and configure GMail to pull the messages from there, rather than having EasySpace forward them. It does mean there will be a delay of maybe 30 minutes or so between someone sending you an email and it appearing in your GMail inbox, but better than it not getting there at all.
Remember there may be other emails besides the QuickFile ones that are getting lost at the forwarder if they come from other domains that have strict DMARC policies - yahoo.co.uk, virginmedia.com, ntlworld.com and btinternet.com are all domains that get the foo=bar.com@groups.io treatment on one of my mailing lists, so any of your customers who email you from one of those are likely to bounce in the same way.