3433341 - Resolving Outbound Email Blocking Issues in Service Cloud V2

• Emails sent from a custom MAIL FROM domain are being marked as spam or not delivered. 
• Users sending emails from Service Cloud V2.
• Emails go directly to SPAM or are not delivered to the end recipient.
• User may receive bounce back emails (depending on the return path).

• SAP Service Cloud Version 2 1.0
• SAP Sales Cloud Version 2 1.0

• The domain health and DNS configuration may be incorrect.
• SPF not configured or fails.
• DKIM signature missing or fails.
• DMARC not set or fails (e.g., DKIM/SPF misalignment).
• DMARC (Domain-based Message Authentication, Reporting, and Conformance) policies are configured to enforce strict email authentication measures.
• When emails are sent from Amazon SES using a custom domain, they fail to meet the DMARC policy requirements.
• The DMARC policy settings result in the blocking of emails sent from the custom domain via Amazon SES.
• Below are generally technical, configuration, or policy-based issues:
  1. Invalid Recipient Address
     • Typos in the email address.
     • Address no longer exists (SMTP 5.1.1 – "user unknown").
  2. Mailbox Full
     • The recipient’s mailbox has exceeded its quota.
  3. Blocked by Recipient Server
     • Your IP/domain is blacklisted or blocked.
     • Recipient server uses spam filters (e.g., Barracuda, Proofpoint).
  4. SPF/DKIM/DMARC Failures
     • DMARC Fail can cause bounces if policy is p=reject.
  5. Policy Restrictions
     • Sender not allowed to relay messages (SMTP 5.7.1).
     • Restrictions like SMTP 5.7.26 (unauthorized sender) or 5.7.509 (mail not permitted for policy reasons).
  6. Misconfigured DNS or Email Infrastructure
     • Incorrect Mail-From setup.
     • Missing or incorrect MX records.
  7. Attachment or Size Issues
     • File types blocked by server.
     • Email exceeds size limits.

Follow the steps below to verify and troubleshoot your custom MAIL FROM domain configuration:

1. Refer to KBA 3502829 - Outbound Email Delivery from Service Cloud going to SPAM
2. Verify DNS Configuration
   • Refer to the SAP Help Portal documentation on Support for Custom MAIL FROM Domain for instructions to configure your domain.
   • Ensure all required DNS records (such as SPF, DKIM, and DMARC) are correctly created in your DNS server. Administrative access to the domain/sub-domain is required.
3. Check Domain Health using Online Tools
   1. Tools like MXToolbox and Google Postmaster Tools can help evaluate the health of your domain.
      • DNS Lookup Example
        1. Go to MXToolbox
        2. Select DNS Lookup
        3. Enter the MAIL FROM sub-domain, e.g., sapcrmemaileuwest1.yourdomain.com
        4. Click DNS Lookup
        5. The result should show the DNS hosting provider, e.g., "Your DNS hosting provider is XYZ"
      • SPF Record Check
        1. Go to MXToolbox
        2. Select DNS Lookup
        3. Enter the sub-domain, e.g., sapcrmemaileuwest1.yourdomain.com
        4. Click DNS Lookup
        5. Click the arrow next to DNS Lookup and select SPF Record Lookup
        6. The expected SPF record should resemble: v=spf1 include:amazonses.com -all
      • Analyze Bounce/Spam Issues. Review full MIME headers of impacted messages to check:
        • SPF, DKIM, DMARC results
        • SMTP error codes, such as:
        • 5.1.1 (recipient address rejected)
        • 5.7.1 (delivery not authorized)
        • 5.3.0 (other mailbox errors)
        • Routing information and spam score
4. Take Corrective Actions. Update the DNS records or sender configuration based on the issues found from the above tests.

• 3576906 - Unable to Activate DKIM for SAP Sales and Service Cloud Version 2
• 3498096 - MTA Configuration and MTA Provider Configuration Not Displayed in V2 Settings
• 3502829 - Outbound Email Delivery from Service Cloud going to SPAM 

MAIL FROM, custom domain, SPF record, DKIM, DMARC, email bounce, SMTP error, email deliverability, domain health, DNS lookup, SAP CRM email , KBA , CEC-CRM-EML , Emails for SAP Sales/Service Cloud , Problem