I am just a developer handling this issue for our small organization, so apologies in advance if I have missed anything obvious.
We use Rackspace Cloud as our email provider. Our emails started going to spam folders for our customers in recent weeks. We raised the issue with Rackspace and found that we did not have a DMARC record, which we added about a week ago (SPF and DKIM were added a long time ago). On inspecting email logs from Rackspace, we found that one of the distribution lists was showing as the sender of thousands of spam emails (clearly spoofed) from our domain. Hundreds of different IP addresses were being used. We deleted that DL about 10 days ago. We still see the (now non-existent) DL as sender of spam emails. This is causing our domain to be marked as suspicious by major email providers such as gmail. Many of our customers use gmail as their email provider and this is causing a huge business impact for us. Rackspace customer support has been terrible and utterly unhelpful, but I would rather not get into it here.
I have searched extensively for this issue and I cannot find any suggestions beyond the standard SPF, DKIM, DMARC records. So my questions are:
- How is that a non-existent DL is considered a valid sender and passes all the checks that (I hope) the mail server performs before sending an email?
- Is there anything specific I could ask Rackspace to do for us, as they have no clue how to fix this?
- As the last resort, is switching to a different email provider (we are considering Office 365) likely to fix this problem?
Any insight into understanding the issue and getting closer to a solution is appreciated!