Bounce Back Email: Fault of Sending ISP or Receiving Hosting Co? - Page 6

puffchumpy · 13 Mar 2022, 12:08 AM

tldr; Disabling DNS-SEC for the email domain "fixed" the comcast.net can't send issue.

I had the same problem receiving emails sent by comcast.net email users at my personal email server. Being a Comcast Xfinity internet subscriber I created an email account to test sending emails. They all failed with the same generic "smtp" error reporting by the comcast.net sending server. Same as the case for this discussion thread. Running tcpdump on my mail server I could see that comcast.net never attempted to connect to my mail server. This thread pointed out various DNS issues could be a likely cause.

In one of many experiments I disabled the DNS-SEC setting provided by my domain registers DNS service. Then all the queued emails flooded in.

I believe the DNS-SEC setting and signed DNS results provided by my domain register's DNS service were correct. I don't know why comcast.net would not send outbound email to domains using DNS-SEC, but I have 2 theories.
1) Potentially the additional effort to check the DNS-SEC cryptographic signatures is too much effort causing a timeout. Only a problem for Comcast.net and no one else?
2) Comcast.net might assume that a domain using DNS-SEC has DANE( RFC 7672) configured via an additional TLSA dns record. My email domain was not setup with a TLSA DNS record. This might have failed an outbound security check on the comcast.net servers. DANE seems to an optional feature, not sure my comcast.net servers would require it if dns-sec is active.

This is an old thread but has great information about comcast.net failing to deliver outbound emails. Adding my findings here as the information in the thread helped me realize that DNS could be part of the problem. And to help other that have similar issues with comcast.net outbound email delivery.

tony17112acst · 1 Apr 2022, 09:20 AM

puffchumpy: OK, it's hard keeping a straight face typing your name....

Anyway, thank you for adding to this body of knowledge. I also felt it was Comcast at the time. I am just lucky that the problem basically went away and I no longer have the problem.

This is astonishing: I never got notified of your posting from 2 weeks ago, I randomly came here from an old link just to see what this was all about 5 years ago! I couldn't believe there was a recent message!

Thank you again!

13 Mar 2022, 12:08 AM	#76
puffchumpy Junior Member Join Date: Mar 2022 Posts: 1	tldr; Disabling DNS-SEC for the email domain "fixed" the comcast.net can't send issue. I had the same problem receiving emails sent by comcast.net email users at my personal email server. Being a Comcast Xfinity internet subscriber I created an email account to test sending emails. They all failed with the same generic "smtp" error reporting by the comcast.net sending server. Same as the case for this discussion thread. Running tcpdump on my mail server I could see that comcast.net never attempted to connect to my mail server. This thread pointed out various DNS issues could be a likely cause. In one of many experiments I disabled the DNS-SEC setting provided by my domain registers DNS service. Then all the queued emails flooded in. I believe the DNS-SEC setting and signed DNS results provided by my domain register's DNS service were correct. I don't know why comcast.net would not send outbound email to domains using DNS-SEC, but I have 2 theories. 1) Potentially the additional effort to check the DNS-SEC cryptographic signatures is too much effort causing a timeout. Only a problem for Comcast.net and no one else? 2) Comcast.net might assume that a domain using DNS-SEC has DANE( RFC 7672) configured via an additional TLSA dns record. My email domain was not setup with a TLSA DNS record. This might have failed an outbound security check on the comcast.net servers. DANE seems to an optional feature, not sure my comcast.net servers would require it if dns-sec is active. This is an old thread but has great information about comcast.net failing to deliver outbound emails. Adding my findings here as the information in the thread helped me realize that DNS could be part of the problem. And to help other that have similar issues with comcast.net outbound email delivery.

1 Apr 2022, 09:20 AM	#77
tony17112acst Member Join Date: Jan 2017 Posts: 31	puffchumpy: OK, it's hard keeping a straight face typing your name.... Anyway, thank you for adding to this body of knowledge. I also felt it was Comcast at the time. I am just lucky that the problem basically went away and I no longer have the problem. This is astonishing: I never got notified of your posting from 2 weeks ago, I randomly came here from an old link just to see what this was all about 5 years ago! I couldn't believe there was a recent message! Thank you again!