Delivery Status Notification even though I have a valid SPF
I was receiving Delivery Status Notifications so added a SPF to the zone file. Even though the new DSNs see the SPF, I'm still receiving them from Google. Any ideas why?
Return-Path: <pjmifrzmbrufr@[my-domain]
Received: from psmtp.com (exprod8mx246.postini.com.
by mx.google.com with SMTPS id tt6si24317106pac.36.2015.0
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Tue, 05 May 2015 06:06:12 -0700 (PDT)
Received-SPF: fail (google.com: domain of pjmifrzmbrufr@[my-domain].
Authentication-Results: mx.google.com;
spf=fail (google.com: domain of pjmifrzmbrufr@[my-domain] does not designate 80.92.253.6 as permitted sender) smtp.mail=pjmifrzmbrufr@[m
Return-Path: <pjmifrzmbrufr@[my-domain]
Received: from psmtp.com (exprod8mx246.postini.com.
by mx.google.com with SMTPS id tt6si24317106pac.36.2015.0
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Tue, 05 May 2015 06:06:12 -0700 (PDT)
Received-SPF: fail (google.com: domain of pjmifrzmbrufr@[my-domain].
Authentication-Results: mx.google.com;
spf=fail (google.com: domain of pjmifrzmbrufr@[my-domain] does not designate 80.92.253.6 as permitted sender) smtp.mail=pjmifrzmbrufr@[m
Apparently your SPF file doesn't have a statement for the IP address that you're sending from: 80.92.253.6. A standard text SPF record would need the following in the statement: ip4:80.92.253.6. So, for example, your SPF might read:
v=spf1 mx:my-domain.com ip4:80.92.253.6 -all
This should only be necessary if the sending host that uses that IP address isn't listed in your public DNS zone with an MX record.
Please show the contents of your SPF file if you're not sure about how to add this.
v=spf1 mx:my-domain.com ip4:80.92.253.6 -all
This should only be necessary if the sending host that uses that IP address isn't listed in your public DNS zone with an MX record.
Please show the contents of your SPF file if you're not sure about how to add this.
ASKER
Hi. There's confusion. I'll clarify.
I'm hiding my domain and IP, but everything else is here.
This is my SPF: v=spf1 a ip4:[my Exchange server IP] -all
As you can see, Google sees my SPF and knows that an unauthorised IP is faking my domain. What I do not understand is why Google has sent the DSN to my server at all, when it already knows that the email address is spoofed.
And below is the DSN
----- Original message -----
X-Received: by 10.70.61.68 with SMTP id n4mr21338129pdr.78.1430831
Tue, 05 May 2015 06:06:12 -0700 (PDT)
X-Gm-Message-State: ALoCoQl9UAJN3uQj7R4gphRovy
X-Received: by 10.70.61.68 with SMTP id n4mr21338104pdr.78.1430831
Tue, 05 May 2015 06:06:12 -0700 (PDT)
Return-Path: <pjmifrzmbrufr@[my domain].com>
Received: from psmtp.com (exprod8mx246.postini.com.
by mx.google.com with SMTPS id tt6si24317106pac.36.2015.0
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Tue, 05 May 2015 06:06:12 -0700 (PDT)
Received-SPF: fail (google.com: domain of pjmifrzmbrufr@[my domain].com does not designate 80.92.253.6 as permitted sender) client-ip=80.92.253.6;
Authentication-Results: mx.google.com;
spf=fail (google.com: domain of pjmifrzmbrufr@[my domain].com does not designate 80.92.253.6 as permitted sender) smtp.mail=pjmifrzmbrufr@[m
Received: from 6.chabry.cz ([80.92.253.6]) by exprod8mx246.postini.com ([64.18.7.13]) with SMTP;
Tue, 05 May 2015 13:06:11 GMT
Message-ID: <393355195162-OWLJJESRVFLY
From: "Kim Winter" <Winter_Kim@blueprint-tech
Subject: Re: hungry for a f&ck friend
To: rowhiten@hrbmc.com
Date: Tue, 05 May 2015 15:06:08 +0100
Mime-Version: 1.0
Content-Type: text/html;
Content-Transfer-Encoding:
X-pstn-mail-from: <pjmifrzmbrufr@[my domain].com>
X-pstn-dkim: 0 skipped:not-enabled
X-pstn-nxpr: disp=neutral, envrcpt=rozme@hrbmc.com
X-pstn-nxp: bodyHash=02d2e9920ee4d9f8d
X-Gm-Spam: 1
X-Gm-Phishy: 0
----- End of message -----
I'm hiding my domain and IP, but everything else is here.
This is my SPF: v=spf1 a ip4:[my Exchange server IP] -all
As you can see, Google sees my SPF and knows that an unauthorised IP is faking my domain. What I do not understand is why Google has sent the DSN to my server at all, when it already knows that the email address is spoofed.
And below is the DSN
----- Original message -----
X-Received: by 10.70.61.68 with SMTP id n4mr21338129pdr.78.1430831
Tue, 05 May 2015 06:06:12 -0700 (PDT)
X-Gm-Message-State: ALoCoQl9UAJN3uQj7R4gphRovy
X-Received: by 10.70.61.68 with SMTP id n4mr21338104pdr.78.1430831
Tue, 05 May 2015 06:06:12 -0700 (PDT)
Return-Path: <pjmifrzmbrufr@[my domain].com>
Received: from psmtp.com (exprod8mx246.postini.com.
by mx.google.com with SMTPS id tt6si24317106pac.36.2015.0
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Tue, 05 May 2015 06:06:12 -0700 (PDT)
Received-SPF: fail (google.com: domain of pjmifrzmbrufr@[my domain].com does not designate 80.92.253.6 as permitted sender) client-ip=80.92.253.6;
Authentication-Results: mx.google.com;
spf=fail (google.com: domain of pjmifrzmbrufr@[my domain].com does not designate 80.92.253.6 as permitted sender) smtp.mail=pjmifrzmbrufr@[m
Received: from 6.chabry.cz ([80.92.253.6]) by exprod8mx246.postini.com ([64.18.7.13]) with SMTP;
Tue, 05 May 2015 13:06:11 GMT
Message-ID: <393355195162-OWLJJESRVFLY
From: "Kim Winter" <Winter_Kim@blueprint-tech
Subject: Re: hungry for a f&ck friend
To: rowhiten@hrbmc.com
Date: Tue, 05 May 2015 15:06:08 +0100
Mime-Version: 1.0
Content-Type: text/html;
Content-Transfer-Encoding:
X-pstn-mail-from: <pjmifrzmbrufr@[my domain].com>
X-pstn-dkim: 0 skipped:not-enabled
X-pstn-nxpr: disp=neutral, envrcpt=rozme@hrbmc.com
X-pstn-nxp: bodyHash=02d2e9920ee4d9f8d
X-Gm-Spam: 1
X-Gm-Phishy: 0
----- End of message -----
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That seems fair enough, I guess. The SPF seems to protect the recipient, but not whoever has had their domain spoofed. SPF could do with refining. It just seems to redirect the problem.
Thanks Mike.
Thanks Mike.
It protects your reputation because others have an opportunity to see that you are trying to be a responsible "netizen" by at least making it possible to identify whether it's spam or not. That might help prevent putting your domain on a blacklist.
ASKER
Thanks Mike
I see 80.92.253.6 resolving as 6.chabry.cz
Your MX records:
Non-authoritative answer:
chabry.cz MX preference = 100, mail exchanger = ns.megaprint.cz
chabry.cz MX preference = 10, mail exchanger = host1.chabry.cz
What does the SPF record look like?