I have an email server with the spf record set up like this:
"v=spf1 ip4:192.0.2.21 ip6:2001:db8::f08c:95ff:feb4:f317 -all"
Actual ip address changed to protect the innocent, but those would be the ips of the mail server.
I have a user who uses yahoo mail, and has set up their 'send-only address' to use their custom domain name that's on my email server (example.com in the example below).
So when they send mail through yahoo, it fails spf with this error (was sent to a gmail address)
Authentication-Results: mx.google.com;
spf=fail (google.com: domain of tlin#example.com does not designate 98.137.69.147 as permitted sender) smtp.mailfrom=tlin#example.com;
dkim=pass header.i=#yahoo.com header.s=s2048 header.b=KXfctSKQ
Received-SPF: fail (google.com: domain of tlin#example.com does not designate 98.137.69.147 as permitted sender) client-ip=98.137.69.147;
The 98.137.69.147 is a yahoo address, but I tried adding include:yahoo.com and include:_spf.mail.yahoo.com to the spf1 record and it failed with those as well. I assume I can't just add that ip, as it will likely change.
What do I need to add to the record to get it so she can email through her yahoo address without spf failing?
I realize a solution will mean allowing anyone with a yahoo address to send through the server, but I don't expect unauthorized users to really be a problem.
Thanks for any help!
Chris
Finally found it, I had to add:
ptr:yahoo.com
This from https://clickwp.com/kb/yahoo-mail-alt-address/
Works!
Related
For example, I have:
example.com (in this domain I create account)
need.com (additional domain)
I want to give the users the ability to send emails as #need.com using alias in accounts settings.
The problem is that all messages go to spam with DMARC policies.
Authentication-Results: mx.google.com;
dkim=pass header.i=#need-com.20150623.gappssmtp.com header.s=20150623 header.b="y0qDXN/D";
spf=pass (google.com: domain of mailtest#example.com designates 209.85.220.41 as permitted sender)
smtp.mailfrom=mailtest#example.com;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=QUARANTINE) header.from=need.com
It is necessary to configure so that everything would work correctly with the quarantine DMARC policy. Is it possible? Maybe someone has a practical solution to this problem?
Presumably the problem is in the difference of headers but could not figure out how to solve it.
I have a VPS (Droplet) at DigitalOcean.
I am sending mail from a website, but I have configured PHP to use my SMTP server instead of just the usual PHP Mail().
I have DKIM, DMARC, SPF configured correctly.
Here are some of the relevant headers in my message:
Received-SPF: pass (google.com: domain of stockapi#lfto.me designates 104.236.231.177 as permitted sender) client-ip=104.236.231.177;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of stockapi#lfto.me designates 104.236.231.177 as permitted sender) smtp.mailfrom=stockapi#lfto.me;
dkim=pass header.i=#lfto.me;
dkim=pass header.i=#lfto.me;
dmarc=pass (p=QUARANTINE dis=NONE) header.from=lfto.me
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lfto.me; s=mail;
t=1452989846; bh=czrEg02FSPEvWjTq3enrcAZrxmaNPmFuwA/aUIJ/fNY=;
h=From:To:Date:Subject:From;
b=hQ/09WMZxJO692Lg7g/1TmOLbwWp2rMoHhl/P5Eb6auvhIjDG6tEYxgksg5qYBYEq
4NmPO9yddeW/JqLHCL4GWFafYGXorfA6oR/uqwwI0Jt6aflEJunFEVxxon8jvxiVp5
BsuxdU0vu7GPDH289L3Lf3/oG1nKrn22L2PcKreo=
According to these, it seems my message is passing all checks, but still is getting into the "spam" folder. What could be the problem?
Chiefly, to avoid a spam engine classifying your messages as spam you should:
Make sure they aren't spam (i.e. ensure that only users who have really opted in get mailed - make sure you keep an opt-in audit log)Make sure they don't look too much like spam - $$$ MAKE MONEY FAST is not a good subject lineEnsure that the sender address is not spoofed and does not appear to be spoofed. Use a domain that you are authorised to send from (add valid SPF records if you like)Not do anything that looks malware-ish (e.g. HTML emails containing scripts, forms, flash etc)
But by and large the main one is:
Do not send them from an IP address which is known for sending spam.
The last point means that YOU CANNOT USE SHARED HOSTING. Almost all shared hosting providers allow the sending of mails which don't conform to any of the above. Shared hosting providers' relays are almost always on lots of blacklists.
It only takes one vulnerable web app on your shared hosting for it to turn into a spam gateway - something which you can't afford.
It seems like most of the email from unlisted (the list is held by Google) IP addresses will go to junk folder in Gmail, even the sent email are valid according to SMTP.
We are currently using a webapp that generates outbound emails, but are experiencing a few issues.
When the system sends an email directly to a Gmail user (eg. john.smith#domain.com) it is received fine. If the email is sent to a Google apps group (eg. finance#domain.com) it is never received by any of the group members.
The "finance#domain.com" propogates to approximately 6 users. I have reviewed the Spam folder for a few of them and the email still isn't there either.
If the Google engine does indeed classify the inbound email as spam for a Google group, what does it do with it?
Here's a snippet of the header showing that SPF passes:
Received-SPF: pass (google.com: domain of XXXX designates XXX.XXX.XXX.XXX as permitted sender) client-ip=XXXXX;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of XXXX designates XXX.XXX.XXX.XXX as permitted sender) smtp.mail=XXXXXXX
This could be an issue of the mail being marked as spam by the Group, not the users. Essentially, when you leave spam on for a group, it'll get checked there and also at the user level. More informaiton about this can be found here.
If that doesn't seem to be the root cause, I would check at the Email log search within the Admin console to see what's going on with a bit more detail.
Hope this helps!
Due to spoofing problem, I have recently set up DKIM, and SPF record on my domain. I am using Google APPS for our organization. My emails are now getting checked, and I get a hard-fail SPF message, when I try to spoof my email using: https://emkei.cz/
I have noticed the following behaviour:
Email send from my organisation using Google Apps to a gmail.com account.
Message gets to inbox
Received-SPF: pass
Authentication-Results: mx.google.com; spf=pass dkim=pass
Email send from https://emkei.cz/ to gmail.com account, using a "from" email that does not exist in my organisation.
Message usualy goes to spam
Received-SPF: fail
Authentication-Results: mx.google.com; spf=hardfail
Email send from https://emkei.cz/ to gmail.com account, using a "from" email that does exist in my organisation.
Message goes to inbox
Received-SPF: fail
Authentication-Results: mx.google.com; spf=hardfail
Now, since in 3., the spoofed email message made it to inbox although the SPF has hard-failed (why google?), what happens when I mark this message as spam? I do not feel at ease marking spoofed emails, which made it to inbox, as spam. I Am afraid my real email will not make it next time.
This is also a problem for my organization, because the spoofed emails that we try to prevent are done by people, not bots.
It may happen if the spoofed email comes from an IP configured as whitelisted or as an inbound mail gateway.
Check those settings at https://admin.google.com/ ||insert your domain here|| /AdminHome?fral=1#ServiceSettings/service=email&subtab=filters
I'd like to allow Google Apps and CampaignMonitor (email marketing service) to send emails from my domain.
I've set my TXT records to:
v=spf1 a mx include:_spf.google.com include:cmail1.com ~all
However, all emails sent from Google Apps shows:
Received-SPF: neutral (google.com: 209.85.216.43 is neither permitted nor denied by best guess record for domain of example#example.com) client-ip=209.85.216.43;
Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.216.43 is neither permitted nor denied by best guess record for domain of example#example.com) smtp.mail=example#example.com; dkim=pass header.i=#example.com
How can I make my emails SPF "pass" instead of "neutral"?
Is this happening for all emails? Because doesn't make sense if you are sending from Gmail and you have the _spf.google.com in your SPF it should pass.