Read more posts by this author.
Our domain ‘sendx.io’ was set up 4 years ago and we have been using GSuite to communicate within the team. We would never expect our emails to land in the spam box…
We have been in the email deliverability space for over 2 years now. Proper authentication (SPF/DKIM/DMARC records), maintaining server/domain reputations, etc, have been like the back of our hands.
What was Going Wrong?
But when we added DMARC records… we noticed that something was not right.
Because I once came for a Zoom call and sat there for 10min munching my makhanas… alone. Everyone invited to the meeting said they didn’t get an invite in the first place. (ugh, should check if people accepted the invite next time)
The bigger issue was, where are the calendar invites sent from a 4-year-old domain managed by experts going?
It was that moment when my detective hat was on I could hear the words, ‘Daya, pata lagao ye mail gaya to gaya kahan’. (Meaning: Find out where these emails actually went?’
Yes, this was a big issue because calendar emails are so crucial for sales calls as well. Internally, we can always ping people on slack or check on WhatsApp but that’s not possible for a sales call. And if a sales call doesn’t happen… you just left a big bag of cash on the table and walked away.
How we Tried to Find a Solution?
When we started investigating this, initially we couldn’t find a clue. Everything looked perfect. Let me show you what I mean.
We knew our GSuite emails were properly authenticated. But we still checked everything to not just be blinded by our own perception.
We checked each and every mail to know if DMARC was passing. The result was: “Yes”, they were… See the screenshot below.
Then, we thought that the problem could be with just the Google apps related emails e.g. Google calendar or Google drive related mails, which need special changes for them to work.
But even those seemed perfect.
But were still landing in the spam box.
Then on some of the emails, we saw the dreaded yellow banner telling that authentication failed.
What went wrong with this one? Why was DMARC FAILing?
*cue dramatic sad music in my head*
Were different inboxes on the same domain configured differently? Definitely not.
I was ready to make a sacrifice to the gods of bugs. But then resorted to less dramatic stuff - took a shot of tequila, an ice-cold shower, and started the week-long search.
We started from the first obvious place - Google. And found people who faced similar questions & posted in the forums asking for help. Here is that link: https://support.google.com/a/thread/14276582?hl=en.
I took a hopeful sigh.
But it was too soon for that.
Because from there we were led to this page - https://toolbox.googleapps.com/apps/checkmx/.
Which again added to our confusion since OUR CHECKS WERE PASSING!
My wtf/minute was now increasing.
How we Actually Found the Solution?
We knew we had to go back to the very basics and start from scratch.
Let’s look at everything related to DKIM setup for the sendx.io domain - how it’s implemented, what services it applies to, and are we supposed to expect DMARC failing for calendar and other apps and not for GSuite emails.
We opened the admin console totally sure that there’s nothing wrong.
Clicking one link after the other.
*cue soothing zen music*
Apps -> GSuite -> GMail -> Authenticate email, everything was exactly as it is supposed to be. We even checked the DKIM value and matched it with our DNS record. All good.
What does this START AUTHENTICATION button mean? *confused look on my face*
I clicked it. Sent a GSuite email.
And noticed just one difference.
Now, the DKIM passed with the domain ‘sendx.io’ instead of google.com. If you go back to the previous screenshots, you will notice DKIM passed, but with domain google.com
We sent calendar invites & noticed the same thing. DKIM PASSed with domain sendx.io and DMARC passed too.
It was freaking amazing to finally catch the bug, our own ‘eureka’ moment. I went from a cussing machine to a complete zen monk :D while others danced in joy.
So Who was the Culprit?
So here, Google’s authentication messages were the culprit. We had never passed DMARC in the first place. The DKIM had to pass with the domain sendx.io in order to pass DMARC.
If you ever expected a mail from us and didn’t get it… don’t think we are rude. The email might just have gone to the spam box instead.
But that’s not going to be the case anymore. The feeling of solving the freaking issue & knowing our emails are never going to the spam box is amazing.