Some of our clients are experiencing delivery issues to some domains that use Gmail/Google for their email.
I previously covered that here – http://www.computersolutions.cn/blog/2015/04/gmail-and-other-google-hosted-mail-delivery-issues/
The issue is that China is still blocking Gmail/ Google hosted mail, and the recipient domain hasn’t setup their MX records correctly.
This is fine for servers outside of China, where all of googles mail servers (should) work, but breaks things for those inside China, where only a few servers are reachable.
Google hosted mail settings are here: https://support.google.com/a/answer/33915?hl=en
You’ll note that there are 5 different email servers that are listed in priority order.
Priority Mail Server
For mail servers, the higher number is more important, so a priority of 1 will be the first server tried, then the next highest number, and so on.
If I try to connect to the servers from China.
telnet ASPMX.L.GOOGLE.COM 25
telnet ALT1.ASPMX.L.GOOGLE.COM 25
telnet ALT2.ASPMX.L.GOOGLE.COM 25
telnet ALT3.ASPMX.L.GOOGLE.COM 25
Connected to ALT3.ASPMX.L.GOOGLE.COM.
Escape character is ‘^]’.
(yay, we have a winner!)
telnet ALT4.ASPMX.L.GOOGLE.COM 25
Connected to ALT4.ASPMX.L.GOOGLE.COM.
Escape character is ‘^]’.
(yay, we have a winner!)
So, we can see that alt3, alt4 work, but none of the others do (as of 9th September 2015 from Shanghai)
So, some rudimentary testing shows that some servers work, and some do not.
How does that apply to real world examples.
Lets look at a non-working domain – ihg.com
dig mx ihg.com
;; ANSWER SECTION:
ihg.com. 600 IN MX 100 aspmx3.googlemail.com.
ihg.com. 600 IN MX 50 alt1.aspmx.l.google.com.
ihg.com. 600 IN MX 50 alt2.aspmx.l.google.com.
ihg.com. 600 IN MX 100 aspmx2.googlemail.com.
ihg.com. 600 IN MX 10 aspmx.l.google.com.
You should easily be able to see 2 things.
1 – that the MX records are not as per Google settings.
2 – that the 2 working MX records are not listed.
This means that while their MX records probably work oversea’s, they will not be deliverable from China. They need to amend their MX records to Googles recommended settings.
Lets look at another example.
dig mx rsms-west.com
;; ANSWER SECTION:
rsms-west.com. 6238 IN MX 30 alt2.aspmx.l.google.com.
rsms-west.com. 6238 IN MX 10 aspmx.l.google.com.
rsms-west.com. 6238 IN MX 40 aspmx2.googlemail.com.
rsms-west.com. 6238 IN MX 50 aspmx3.googlemail.com.
rsms-west.com. 6238 IN MX 20 alt1.aspmx.l.google.com.
Once again, we can see that the alt3, and alt4 servers are missing, and unfortunately none of the other listed servers are connectable from China.
Lastly, lets look at a working server
dig mx teamsequel.com
teamsequel.com. 12878 IN MX 1 ASPMX.L.GOOGLE.com.
teamsequel.com. 12878 IN MX 5 ALT1.ASPMX.L.GOOGLE.com.
teamsequel.com. 12878 IN MX 5 ALT2.ASPMX.L.GOOGLE.com.
teamsequel.com. 12878 IN MX 10 ALT3.ASPMX.L.GOOGLE.com.
teamsequel.com. 12878 IN MX 10 ALT4.ASPMX.L.GOOGLE.com.
You can see that they have the correct Gmail settings as per Gmail / Google settings page, and mail to them is deliverable (as alt3, alt4 are currently not being blocked by the beneficent government of China).
Unfortunately as this is an issue that is out of our control (MX records are incorrect, and China is being difficult), we cannot mitigate against it. The affected domains will need to amend their MX records appropriately as per the page here- https://support.google.com/a/answer/33915?hl=en.
Google has added another MX (mail server) for Google Hosted mail – alt4.gmail-smtp-in.l.google.com.
This does not currently appear to be blocked (unlike their other 4 MX servers), so we have removed the forwarding, and mail is transiting normally.
China has completely blocked gmail hosted mail as of today [28th April 2015]
This means that all mails heading to google’s servers is now blocked from Chinese ISP’s like ourselves.
Symptoms will include bounce messages where our server has given up retrying to send out the mail, as the remote server is not accessible over the Chinese internet.
Hi. This is the qmail-send program at mail.computersolutions.cn.
I’m afraid I wasn’t able to deliver your message to the following addresses.
This is a permanent error; I’ve given up. Sorry it didn’t work out.
Sorry, I wasn’t able to establish an SMTP connection. (#4.4.1)
I’m not going to try again; this message has been in the queue too long.
In the interim, we have added forwarding for all gmail addressed mail to transit through our oversea’s mail servers in the USA.
This should solve email delivery issues for gmail addresses – essentially anything addressed to someone @gmail.com
We are looking at solutions for resolving delivery to other google hosted mail clients, this will take some time to come up with a usable solution. In the interim, we can manually add routes on a server by server basis.
Be aware that this specific issue is out of our control, and we can only mitigate against it.
Examples of google hosted mail clients from recent queries/failure notices:
teamsequel.com – Their mail is served by google.
dig mx teamsequel.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> mx teamsequel.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11757 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;teamsequel.com. IN MX ;; ANSWER SECTION: teamsequel.com. 2320 IN MX 5 ALT1.ASPMX.L.GOOGLE.com. teamsequel.com. 2320 IN MX 5 ALT2.ASPMX.L.GOOGLE.com. teamsequel.com. 2320 IN MX 10 ALT3.ASPMX.L.GOOGLE.com. teamsequel.com. 2320 IN MX 10 ALT4.ASPMX.L.GOOGLE.com. teamsequel.com. 2320 IN MX 1 ASPMX.L.GOOGLE.com.
dreamonproductions.com – their mail is served by google.
dig mx dreamonproductions.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> mx dreamonproductions.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35828 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;dreamonproductions.com. IN MX ;; ANSWER SECTION: dreamonproductions.com. 3600 IN MX 5 alt1.aspmx.l.google.com. dreamonproductions.com. 3600 IN MX 1 aspmx.l.google.com. dreamonproductions.com. 3600 IN MX 10 aspmx2.googlemail.com. dreamonproductions.com. 3600 IN MX 5 alt2.aspmx.l.google.com. dreamonproductions.com. 3600 IN MX 10 aspmx3.googlemail.com.
The government has imposed extended legislation regarding domains and domain hosting in China. As part of these new requirements, we will be required to keep and maintain a set of registration documents for each domain we host.
We will also need to impose a small service fee (300rmb per client for first domain, 100rmb for subsequent domains) for providing assistance with application submission, so that we can cover our costs.
We are now required to do the following for all .CN domains we administer according to Chinese Law.
- Take a color headshot of the contact person of the Applicant Company.This photo must be taken in our office against an official backdrop image.
– A copy of the Certificate of Business License of Legal Entity for the applicant company or a copy of the Certificate of National Organization Code of the applicant company.
– A copy of the Chinese Resident Identity Card of the contact person of the applicant company.
Applicants will need to bring the originals to our office so that we can scan them in color in an acceptable format for CNNIC and MII.
- Have the applicant sign/ chop a registration form confirming all information is correct.
- Ensure that your ICP 备案 is up to date and information is correct.
- Verify domain content, and ICP presence on your site.
Note that no personal .CN domain registrations are currently allowed for foreigners.
We are required to submit a valid China business licence, and Chinese ID to the applicable authorities.
If this information cannot be submitted, and your domain url ends in .CN , you will lose your .CN domain..
This information has to be submitted by us to the relevant involved bureau’s (MII, CNNIC, Shanghai Telecom) before the end of October.
We appreciate that this is quite short notice, and urge you to arrange a time to come to our office to fulfil these requirements before the end of October.
We will be updating our ICP and other customer support sites shortly to take into account new requirements.
What is a .cn domain?
Any domain that ends in .cn
Is this applicable to .com or other domains too?
We are required to submit and verify identification information for all domains that we host prior to November 1st.
All clients with domains will need to submit information by coming to our offices with the required information.
Where can I read more about this?
(Note that requirements were extended on October 1st to be applicable for all domains, not just new registrations.)
-你需带上原始件，以便我们能够彩色扫描为CNNIC 和 MII格式。
Why do I need an ICP licence?
As we often get asked why people need to register an ICP licence, as well as whats required. I thought it would be a good idea to explain what it is, and why its needed.
Essentially, an ICP licence is a permit from the Ministry of Industry and Information Technology (MII) in order to have a website in China.
In Chinese this licence is called a Bei An (ICP备案).
This was made law way back in September 2000, but not enforced until the late parts of this decade – 2007 onwards.
The latest documentation about this, and other requirements (in Chinese) is over here – http://www.miibeian.gov.cn/chaxun/flfg1.jsp?id=12
It is mandatory for any websites hosted in China to have an ICP licence, under penalty of law.
This applies whether the site is a .com, or a .cn or any other kind of domain name.
How do you apply for an ICP licence?
Website ICP licences are applied for at the MII website ( http://www.miibeian.gov.cn ), as this is all in Chinese, we typically assist clients with this process.
What do I need to apply for an ICP licence?
The official requirements are below:
Name of the website owner
Ownership information – ( Is the site is owned by an individual or a company? )
Valid identification documents (e.g., passport, ID card, etc)
Passport ID or Identification ID
Name of website investor
Your Location (in China)
Address (in China)
Types of valid identification documents of the contact Person (e.g., passport or ID card, etc)
Passport ID or other Identification ID of the contact person
Office Phone (in China)
Mobile Phone (in China)
Name of the website
Home page of the website
Domain name of the site
What type of site it is (e.g., blog, forum, etc.)
What is the content of the site?
Although foreigners should be able to apply for an ICP licence, in practice that’s not possible (we haven’t been able to successfully have an ICP licence issued for a foreigner for at least a year).
Effectively this limits us to the following two requirements (we can fill in the rest for you):
Legal Chinese Company Licence Number
Company Name (in Chinese and English)
Note that while companies are able to register multiple websites, individuals are only permitted to register a single site.
Where do I put the licence?
The excerpt from the official wording reads as follows: 并在取得经营许可证或备案号后 3 天内放在网站主页下方显著位置.
This basically says that the licence must be placed on the website within 3 days of receiving the licence, and must be placed on the home page at the bottom of the page.
Note that we do check clients sites on a semi regular basis for this, so if you redesign your site and forget to put the ICP licence in, you may find your site closed until this is done.
How long does it take?
Typically licence application takes less than two weeks. We have seen licenses issued in as little as a day though, through to taking 2-3 months!
This all depends on when you apply, and what kind of business you are doing in China.
We recommend that you avoid leaving things until the Chinese Holidays if things are urgent, as the relevant departments are usually understaffed, and about to go on vacation.
In a worst case scenario, we can host sites oversea’s until the licence is issued.
The licence department will ask us to close down acccess to the site when they perform the check though.
We recommend that licenses are applied for well ahead of time, so that you don’t have any downtime.
What does it cost?
Applying for an ICP licence is free. If you are one of our clients, we perform licence application as part of our service.
If you aren’t one of our clients, then why not become one!
What kind of sites can get licenses? / What can we host?
Any site that does not contravene China law can get a license. We cannot assist you with hosting anything that is illegal in China!
China law prohibits the following kinds of websites:
- Pornographic or promoting immoral behaviour.
- Sites offensive to the Chinese government or people.
- Sites that sell online drugs or satellite equipment
- Sites that promote banned activities or organizations.
Note that certain kinds of content do require additional licensing, in addition to an ICP licence.
An example would be BBS (Forums).
If you require a forum, we recommend that the forum is hosted outside of China until a license can be issued.
Note that BBS licensing requires additional fee’s and documentation due to the amount of work involved.
- February 2017
- September 2016
- June 2016
- May 2016
- September 2015
- August 2015
- June 2015
- April 2015
- December 2014
- October 2014
- September 2014
- July 2014
- June 2014
- April 2014
- October 2013
- July 2013
- May 2013
- April 2013
- March 2013
- January 2013
- December 2012
- October 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- December 2011
- November 2011
- October 2011
- September 2011
- July 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- Arcade Machines
- China Related
- Cool Hunting
- General Talk
- IP Cam
- Service Issues
- Tao Bao
- Technical Mumbo Jumbo
- Things that will get me censored
- Useful Info
Most Popular Posts
- BMW Keys and Transponders E36 E38 E46 etc (EWS2) (6806)
- RoundCube login attack prevention with Fail2ban (6223)
- Repairing a Nespresso Cube (Krups XN5005) (6173)
- Blog博客 (4137)
- Home首页 (4041)