Delivery Status Notification even though I have a valid SPF

meduzi
meduzi used Ask the Experts™
on
I was receiving Delivery Status Notifications so added a SPF to the zone file. Even though the new DSNs see the SPF, I'm still receiving them from Google. Any ideas why?

Return-Path: <pjmifrzmbrufr@[my-domain].com>
Received: from psmtp.com (exprod8mx246.postini.com. [64.18.3.146])
        by mx.google.com with SMTPS id tt6si24317106pac.36.2015.05.05.06.06.08
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Tue, 05 May 2015 06:06:12 -0700 (PDT)
Received-SPF: fail (google.com: domain of pjmifrzmbrufr@[my-domain].com does not designate 80.92.253.6 as permitted sender) client-ip=80.92.253.6;
Authentication-Results: mx.google.com;
       spf=fail (google.com: domain of pjmifrzmbrufr@[my-domain] does not designate 80.92.253.6 as permitted sender) smtp.mail=pjmifrzmbrufr@[my-domain]
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2004

Commented:
This is a case where posting actual information would be helpful. there's no security risk to you as it's all public anyway, and has to be if you want mail to work:
I see 80.92.253.6 resolving as 6.chabry.cz
Your MX records:
Non-authoritative answer:
chabry.cz       MX preference = 100, mail exchanger = ns.megaprint.cz
chabry.cz       MX preference = 10, mail exchanger = host1.chabry.cz

What does the SPF record look like?
Apparently your SPF file doesn't have a statement for the IP address that you're sending from: 80.92.253.6. A standard text SPF record would need the following in the statement:  ip4:80.92.253.6.  So, for example, your SPF might read:

v=spf1 mx:my-domain.com ip4:80.92.253.6 -all

This should only be necessary if the sending host that uses that IP address isn't listed in your public DNS zone with an MX record.

Please show the contents of your SPF file if you're not sure about how to add this.

Author

Commented:
Hi. There's confusion. I'll clarify.

I'm hiding my domain and IP, but everything else is here.

This is my SPF:   v=spf1 a ip4:[my Exchange server IP] -all

As you can see, Google sees my SPF and knows that an unauthorised IP is faking my domain. What I do not understand is why Google has sent the DSN to my server at all, when it already knows that the email address is spoofed.  

And below is the DSN

----- Original message -----

X-Received: by 10.70.61.68 with SMTP id n4mr21338129pdr.78.1430831172553;
        Tue, 05 May 2015 06:06:12 -0700 (PDT)
X-Gm-Message-State: ALoCoQl9UAJN3uQj7R4gphRovyTeVe6KjrqYWneCDJkWkFr7GH09zkf9ZGEBthe3XkoO4yy2hU7Ieu0EE27TWxYSfkFsiiLAMmj6looIKFRsO55/aX0ON9ljcnf1kK0UhvJkiCKqVMtU
X-Received: by 10.70.61.68 with SMTP id n4mr21338104pdr.78.1430831172428;
        Tue, 05 May 2015 06:06:12 -0700 (PDT)
Return-Path: <pjmifrzmbrufr@[my domain].com>
Received: from psmtp.com (exprod8mx246.postini.com. [64.18.3.146])
        by mx.google.com with SMTPS id tt6si24317106pac.36.2015.05.05.06.06.08
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Tue, 05 May 2015 06:06:12 -0700 (PDT)
Received-SPF: fail (google.com: domain of pjmifrzmbrufr@[my domain].com does not designate 80.92.253.6 as permitted sender) client-ip=80.92.253.6;
Authentication-Results: mx.google.com;
       spf=fail (google.com: domain of pjmifrzmbrufr@[my domain].com does not designate 80.92.253.6 as permitted sender) smtp.mail=pjmifrzmbrufr@[my domain].com
Received: from 6.chabry.cz ([80.92.253.6]) by exprod8mx246.postini.com ([64.18.7.13]) with SMTP;
      Tue, 05 May 2015 13:06:11 GMT
Message-ID: <393355195162-OWLJJESRVFLYSQIKGRWJFS@mjonhzg0.blueprint-technologies.com>
From: "Kim Winter" <Winter_Kim@blueprint-technologies.com>
Subject: Re: hungry for a f&ck friend
To: rowhiten@hrbmc.com
Date: Tue, 05 May 2015 15:06:08 +0100
Mime-Version: 1.0
Content-Type: text/html;
Content-Transfer-Encoding: 7Bit
X-pstn-mail-from: <pjmifrzmbrufr@[my domain].com>
X-pstn-dkim: 0 skipped:not-enabled
X-pstn-nxpr: disp=neutral, envrcpt=rozme@hrbmc.com
X-pstn-nxp: bodyHash=02d2e9920ee4d9f8d8bbc0710a6cc99261799865, headerHash=9597c4dbfa151db21bffc7823904434a24c28305, keyName=4, rcptHash=b4e5ebb6965e09c62fb30b8b76170bccb33b758e, sourceip=80.92.253.6, version=1
X-Gm-Spam: 1
X-Gm-Phishy: 0

----- End of message -----
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Top Expert 2004
Commented:
Because it's your domain. Just because you know it's spoofed doesn't mean they do. It's common when people create SPF records to forget a legitimate server which may be sending email for their domain but is not in their MX for receiving mail. And, it's good information for you to know what's happening out there.

Author

Commented:
That seems fair enough, I guess. The SPF seems to protect the recipient, but not whoever has had their domain spoofed. SPF could do with refining. It just seems to redirect the problem.

Thanks Mike.
Top Expert 2004

Commented:
It protects your reputation because others have an opportunity to see that you are trying to be a responsible "netizen" by at least making it possible to identify whether it's spam or not. That might help prevent putting your domain on a blacklist.

Author

Commented:
Thanks Mike

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial