Geek Answers Handbook

How can the Return-Path header differ from the actual email recipient?

I recently transferred transactional email to Mailgun

Works well so far, but I wonder how the header of the return path is.

Consider this email (I removed the unnecessary header and replaced the email address / domain for privacy purposes)

Delivered-To: RECIEVER@gmail.com Received: by 10.76.154.104 with SMTP id vn8csp478308oab; Wed, 4 Sep 2013 05:04:44 -0700 (PDT) X-Received: by 10.50.22.105 with SMTP id c9mr1537992igf.36.1378296283817; Wed, 04 Sep 2013 05:04:43 -0700 (PDT) Return-Path: < bounce+a801a1.c2b37-RECIEVER=gmail.com@my-website.com > Received: from so254-63.mailgun.net (so254-63.mailgun.net. [198.61.254.63]) by mx.google.com with ESMTP id k5si1620852igx.55.1969.12.31.16.00.00; Wed, 04 Sep 2013 05:04:43 -0700 (PDT) Received-SPF: ...stripped... Authentication-Results: ...stripped... DKIM-Signature: ...stripped... DomainKey-Signature: ...stripped... Received: by luna.mailgun.net with HTTP; Wed, 04 Sep 2013 12:04:42 +0000 Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Subject: ...stripped... From: my-website < support@my-website.com > To: RECIEVER@gmail.com Message-Id: < 20130904120442.1488.88532@my-website.com > X-Mailgun-Sid: WyI5YmI1OSIsICJqb2Vob3BmK2VlZ2VpN2lkMm9pbW9vYm9vZmFpQGdtYWlsLmNvbSIsICJjMmIzNyJd Date: Wed, 04 Sep 2013 12:04:43 +0000 Sender: support@my-website.com Content-Transfer-Encoding: base64 ...email body...

This is the email address displayed from the actual mail in the gmail inbox. As you can see, the Return-Path header contains an email address that ends with @my-website.com

But I just set DNS records for outgoing email (spf, domainkey, etc.). Not for incoming email. Meaning, my MX records still point to mail servers somewhere else (in my case, Google apps).

How then can a failure message arrive on email servers?

I would expect to see an email address ending in @some-mailgun-server.com in the Return-Path header!

I used Amazon SES before and there they have a Return-Path header ending in amazonses.com

I asked for Mailgun support and got this answer:

Nick: your setup is correct, Mailgun will still automatically handle bounces, even if your mx records point elsewhere

They simply assured me that everything was in order, but did not give me any explanation (this is normal, since their job is not to teach me things that I don’t know, but to deliver a reliable mail service ...)

Therefore, I hope someone can explain this to me.

I hope this is clear if you do not ask, and I will try to clarify my question.

EDIT:

One of my theories is that a rebound email is indeed sent to Google’s mail servers, where it is freed. However, this is redundant, as an error response is also sent to the sending mail server during the process (when it opens its tcp conneciton to the target mail server).

To test this theory, and since the email with the return path is in the form of bounce+SOMETHING@my-website.com , and google delivers all the email, regardless of what happens after the + symbol, to the user, I went and created an account bounce@my-domain.com in Google apps.

I also tried sending an email to bounce+a801a1.c2b37-RECIEVER=gmail.com@my-website.com .

He went through my inbox.

Now I was expecting to receive bounce traffic in my inbox. So I sent an email to a nonexistent hotmail address. I did not receive email in my google inbox applications, and mailgun successfully tracked the bounce.

So ... It seems that it really works. I just don’t understand why.

Another theory I have is that the mail server to which the bounce message is delivered is never resolved using MX records. Instead, a delivery server is selected, in this case luna.mailgun.net . A domain ending in a Return-Path address is simply the name of the mailbox on the server, but the domain has nothing to do with the server on which the mail was actually sent.

Then it would also make sense to do it this way because it could improve delivery if the From and Return-Path domains match.

However, this is only a theory. And this also means that a mailbox that can receive rejections must be located on the same server that is used for sending.

In other words, it would be impossible for the mailbox to receive fault-tolerant email addresses hosted somewhere else than the actual server sending the mail. But that sounds weird to me too ...

Hope someone can enlighten me.

+7
email email-headers spam
source share
1 answer

It turns out there are different bounces.

When bounces occur, they usually return to the server that sends the email and do not follow MX records.

That's why they go to email servers and also go there.

However, there are also so-called “Delayed bounces" that are sent to a server that is declared as a mail server using MX records in the domain.

Those delayed bounces are usually difficult to handle, and there are opinions that they violate the RFC.

These bounces, however, are very, very rare. This is why mailgun does not cope with them. The reason they use the customer domain in the return path address is because they can assign it to the correct account. They just encode it that way ...

In fact, when I set up my bounce mailbox on my Google Apps mail, I received one such bounced message.

It was this letter that made it possible to properly debug, which led to an understanding of this problem.

So to summarize:

Yes, the address is incorrect. This is not a problem for most failures, because the server does not use MX records to send them, but sends them directly to the server that initiated the connection.

However, in the case of delayed bounces, which also occur several times, the bounce will indeed go to the server for the mx-records of the domain indicated in the return path address.

These letters are not correctly recognized as failures on mailgun servers.

+4
source share

More articles:


All Articles