SPF, DKIM and DMARC
Why are your emails not getting delivered?
When setting up mailers for the Village Hall website I had to come to grips with some of the techniques used to suppress spam. It seems that not everyone is singing the same song sheet.
The good news is that there are solutions to this and things have moved on with the development of technology. It seems that Google, for example, use ARC to provide authenication using a system that was proposed in July 2019. Microsoft, and possibly others such as BTInternet (Yahoo) do not.
So as not to be caught out in the future when I add emails to forms on websites that I am developing a strategy for I have a "Blacklist" test page. The problem is that a php mail() function call does not allow the interception of a "bounce" message as there is no mechanism for this. There probably is but that is in the "too hard basket" for the moment.
SPF - Sender Policy Framework
This seems to be the first port of call for email authentication. If a website/server does not have SPF record in its DNS settings then the message may get rejected. SPF is more effective when used with DKIM and DMARC.
DKIM - DomainKeys Identified Mail
This was defined in a RFC from September 2011.
DMARC - Domain-based Message Authentication, Reporting, and Conformance
From a proposal - March 2015
ARC - Authenticated Received Chain
This is used by Google and gmail to add headers to messages that transit intermediate servers.
Below I show the ARC headers that google adds to the meassge resulting in an spf=pass
Delivered-To: firstname.lastname@example.org Received: by 2002:a17:906:7c8:0:0:0:0 with SMTP id m8csp234834ejc; Wed, 19 Feb 2020 00:45:22 -0800 (PST) X-Google-Smtp-Source: APXvYqx0o+m5FqWApOgTz+6xMQtgA8XSjmhEthr9kKp/kZ8Z4jn8pFpdmLPbv4HPYtBEWrPVAJRW X-Received: by 2002:a5d:5044:: with SMTP id h4mr32770646wrt.4.1582101922657; Wed, 19 Feb 2020 00:45:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582101922; cv=none; d=google.com; s=arc-20160816; b=luqg5V/ABr4W+B55w6tHa5atChddKItg3p6FPmBUKtyrbxwElIto62MDPQYg4x2FvR sBihKtqSa+9EP55oICx390D7hgsJLaU9kVne7MTxvyKxC6MFB8RY1qat5eRGHmBjcXJA wTcx6u9FC4xfWUAyOfR4kQZ1pIGichtUC/frHm3f2S35hf2hia9vBom05NriB6Gz0xbl eADuTqf3AiCH38ffqIRx/wJbbYAAC9QxJOMk6xvIsJDYieQytGzVuBwKTPBn0IsuMRs6 vBqyfaTKysTExqBA3jO6/8Z0CY4VvINdxs3j6oJxK4M0Puu55rGwMo87rX6gENiw06IE PWOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=date:message-id:reply-to:from:subject:to:delivered-to; bh=RdBuX5K4dbh84zgm6U2gOYB8jZH33D/qVQleHXFhe/Y=; b=kVCqvek7wa7FoRAlNT4lFfb4ctkHPIzAPbP6SH9+LbG0c4E0iF1MRwOSQ1aJezOPh+ k13PMCTGEluoOkgbRBwnH7c87JPW2GqwNw541obCk+6kJ8UEYZFsafiIVPPPW4vqjlq1 AqVEBslOh74Uq/2vzJObEOix+lr0r/mTgadkp6UcuEFanNdftazywwx+9eELLMw8Hgit mE4HjraZJ8f5N54Wk4Bf7yOEETbaQLbkprhSjYF5Djqdy72DFAxFfcFBbRFkVXIQKBkE C8ThmBJ7YnTfpFRCW+p/8498I3Ulfva1WVTLjHABojF7ez9Lf2GiKIsyGJk0QYOE72NL voSQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of email@example.com designates 184.108.40.206 as permitted sender) smtp.mailfrom="SRS0=H+RU=4Hfirstname.lastname@example.org"
Wordpress mail server
At the present time, with a day to go, it is not clear to me what the mail server for wordpress.com is. The Domain mapping is renewed with the plan but the Wordpress help also says that you need an upgraded plan to setup the mapping. Seeing that the subscription is going to revert to a "free" subscription from a "Personal" plan. It is not clear whether the mapping will remain. We shall see as I ws told that nothing would be lost. If it is the site will still be accessable at https://belchampwaltervillagehall.wordpress.com
The blacklisting that I was seeing on the tsohost server seems to have been fixed:
Starting Feb. 19, 2020, Let's Encrypt began making multiple domain validation requests from diverse network vantage points.