I am trying to troubleshoot a situation where it takes several hours to half a day before an email from my customer arrives in my inbox.
Let's say my email address is `julycoder@example1.com`. I am using Google Workspace Gmail. My DNS is hosted with GoDaddy and I set up mx records to use Gmail servers. I went through all the SPF, DKIM and DMARC steps.
Let's say my customer email address is `myfriend@example2.com`. My customer uses Cisco Iron Port which deliver messages to a mail server that they might be hosting on-premise. Then their mail server does the actual email delivery. My customer is on vacation holidays, and she has set up an Automatic Reply for her email.
Here is the experiment I did.
I emailed my customer at Dec 12, 9:14 PM Switzerland time zone. I asked her to reply to the email with a message saying what time is on her watch or the clock.
At Dec 13, 1:44 AM Switzerland time, two emails came to my inbox at exactly the same time.
- One email had the subject "Vacation Autoreply - Will be back from vacation on Dec 17" with the body content "Hey, I'm on vacation. If there are emergencies, please contact _______".
- Another email was a reply to my email asking for her to tell me what time it is, and she wrote in the email, "I am pressing the send button at Dec 12, 11:17 PM Switzerland time".
I'm learning how to read the email message headers, but as far as I can tell, my customer's mail server `mail.example2.com` with IP address `1.1.1.1` will send the email as soon as my customer's email client presses send, but those emails are queued up somewhere for a while, and then they all arrive at gmail mail servers at the same time.
Here's the email head for the email where my customer actually tried to send the reply at 11:17 PM Switzerland time...I tried to redact all the sensitive information.
```
```
Other colleagues of mine with `@example1.com` emails are also experiencing the same email delays when trying to receive emails from `myfriend@example2.com`. They're queued up for several hours before being released all at once.
Does anyone how I can troubleshoot what's causing emails to queue up for many hours before being released all at once?
---
Additional notes, our website `Example 1` was hacked and was part of phishing activities last month. Our website was sending out a lot of spam emails and our domain appeared on many blocklists. I have since fixed all the issues. I have requested many organizations with public block lists to review our situation and remove us from blocklist. Almost all of them have done so. We have also asked the IT department of our customers to remove us from blocklist which always seems to solve the problem.
The IT team at `example2.com` has not replied to any of my emails. The IT team at `example2.com` are also not replying to the emails or phone calls of employees of `example2.com`.
So that's the history incase it is relevant!
Let's say my email address is `julycoder@example1.com`. I am using Google Workspace Gmail. My DNS is hosted with GoDaddy and I set up mx records to use Gmail servers. I went through all the SPF, DKIM and DMARC steps.
Let's say my customer email address is `myfriend@example2.com`. My customer uses Cisco Iron Port which deliver messages to a mail server that they might be hosting on-premise. Then their mail server does the actual email delivery. My customer is on vacation holidays, and she has set up an Automatic Reply for her email.
Here is the experiment I did.
I emailed my customer at Dec 12, 9:14 PM Switzerland time zone. I asked her to reply to the email with a message saying what time is on her watch or the clock.
At Dec 13, 1:44 AM Switzerland time, two emails came to my inbox at exactly the same time.
- One email had the subject "Vacation Autoreply - Will be back from vacation on Dec 17" with the body content "Hey, I'm on vacation. If there are emergencies, please contact _______".
- Another email was a reply to my email asking for her to tell me what time it is, and she wrote in the email, "I am pressing the send button at Dec 12, 11:17 PM Switzerland time".
I'm learning how to read the email message headers, but as far as I can tell, my customer's mail server `mail.example2.com` with IP address `1.1.1.1` will send the email as soon as my customer's email client presses send, but those emails are queued up somewhere for a while, and then they all arrive at gmail mail servers at the same time.
Here's the email head for the email where my customer actually tried to send the reply at 11:17 PM Switzerland time...I tried to redact all the sensitive information.
```
Code:
Delivered-To: julycoder@example1.com
Received: by [redacted] with SMTP id [redacted];
Tue, 12 Dec 2023 16:44:02 -0800 (PST)
X-Google-Smtp-Source: [redacted]
X-Received: by [redacted] with SMTP id [redacted];
Tue, 12 Dec 2023 16:44:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1702428242; cv=none;
d=google.com; s=arc-20160816;
b=[redacted]
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=mime-version:imanage.sendandfile.filinglocations:content-language
:accept-language:in-reply-to:references:message-id:date:thread-index
:thread-topic:subject:to:from:dkim-signature;
bh=[redacted]
fh=[redacted]
b=[redacted]
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@example2.com header.s=mbhdkim header.b=rf2LEReP;
spf=pass (google.com: domain of myfriend@example2.com designates 1.1.1.1 as permitted sender) smtp.mailfrom=myfriend@example2.com;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=example2.com
Return-Path: <myfriend@example2.com>
Received: from mail.example2.com (mail.example2.com. [1.1.1.1])
by mx.google.com with ESMTPS id [redacted]
for <julycoder@example1.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Tue, 12 Dec 2023 16:44:02 -0800 (PST)
Received-SPF: pass (google.com: domain of myfriend@example2.com designates 1.1.1.1 as permitted sender) client-ip=1.1.1.1;
Authentication-Results: mx.google.com;
dkim=pass header.i=@example2.com header.s=mbhdkim header.b=rf2LEReP;
spf=pass (google.com: domain of myfriend@example2.com designates 1.1.1.1 as permitted sender) smtp.mailfrom=myfriend@example2.com;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=example2.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=example2.com; i=@example2.com; l=27250; q=dns/txt;
s=mbhdkim; t=1702428242; x=1733964242;
h=from:to:subject:date:message-id:references:in-reply-to:
mime-version;
bh=[redacted]
b=[redacted]
Received: from unknown (HELO spmail01.mbh.example2.com) ([192.168.20.111])
by ironport01.example2.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Dec 2023 23:17:13 +0100
Received: from mail.example2.com (unknown [192.168.20.44])
(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by spmail01.mbh.example2.com (Postfix) with ESMTPS
for <julycoder@example1.com>; Tue, 12 Dec 2023 23:17:12 +0100 (CET)
From: My Friend <myfriend@example2.com>
To: July Coder <julycoder@example1.com>
Subject: AW: Email Test 1 - Sent at Dec 12, 9:14 PM Switzerland Time
[mbh-M.FID827276]
Thread-Topic: Email Test 1 - Sent at Dec 12, 9:14 PM Switzerland Time
[mbh-M.FID827276]
Thread-Index: [redacted]
Date: Tue, 12 Dec 2023 22:17:12 +0000
Message-ID: <13ad3cb648d4491fb101c15722a03e6c@example2.com>
References: <[redacted]@mail.gmail.com>
In-Reply-To: <[redacted]@mail.gmail.com>
Accept-Language: en-GB, de-CH, en-US
Content-Language: de-DE
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-smenc: no
x-smplain: no
x-smsign: no
x-smwebmail: no
x-smlfm: no
x-wsguid: mbh-[redacted]
imanage.sendandfile.filinglocations: mandate!827276
x-originating-ip: [192.168.11.36]
x-c2processedorg: [redacted]
X-SM-outgoing: yes
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="[redacted]Other colleagues of mine with `@example1.com` emails are also experiencing the same email delays when trying to receive emails from `myfriend@example2.com`. They're queued up for several hours before being released all at once.
Does anyone how I can troubleshoot what's causing emails to queue up for many hours before being released all at once?
---
Additional notes, our website `Example 1` was hacked and was part of phishing activities last month. Our website was sending out a lot of spam emails and our domain appeared on many blocklists. I have since fixed all the issues. I have requested many organizations with public block lists to review our situation and remove us from blocklist. Almost all of them have done so. We have also asked the IT department of our customers to remove us from blocklist which always seems to solve the problem.
The IT team at `example2.com` has not replied to any of my emails. The IT team at `example2.com` are also not replying to the emails or phone calls of employees of `example2.com`.
So that's the history incase it is relevant!