Delivery Status Notification even though I have a valid SPF

I was receiving Delivery Status Notifications so added a SPF to the zone file. Even though the new DSNs see the SPF, I'm still receiving them from Google. Any ideas why?

Return-Path: <pjmifrzmbrufr@[my-domain].com>
Received: from psmtp.com (exprod8mx246.postini.com. [64.18.3.146])
        by mx.google.com with SMTPS id tt6si24317106pac.36.2015.05.05.06.06.08
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Tue, 05 May 2015 06:06:12 -0700 (PDT)
Received-SPF: fail (google.com: domain of pjmifrzmbrufr@[my-domain].com does not designate 80.92.253.6 as permitted sender) client-ip=80.92.253.6;
Authentication-Results: mx.google.com;
       spf=fail (google.com: domain of pjmifrzmbrufr@[my-domain] does not designate 80.92.253.6 as permitted sender) smtp.mail=pjmifrzmbrufr@[my-domain]
meduziAsked:
Who is Participating?
 
mikebernhardtCommented:
Because it's your domain. Just because you know it's spoofed doesn't mean they do. It's common when people create SPF records to forget a legitimate server which may be sending email for their domain but is not in their MX for receiving mail. And, it's good information for you to know what's happening out there.
0
 
mikebernhardtCommented:
This is a case where posting actual information would be helpful. there's no security risk to you as it's all public anyway, and has to be if you want mail to work:
I see 80.92.253.6 resolving as 6.chabry.cz
Your MX records:
Non-authoritative answer:
chabry.cz       MX preference = 100, mail exchanger = ns.megaprint.cz
chabry.cz       MX preference = 10, mail exchanger = host1.chabry.cz

What does the SPF record look like?
0
 
Hypercat (Deb)Commented:
Apparently your SPF file doesn't have a statement for the IP address that you're sending from: 80.92.253.6. A standard text SPF record would need the following in the statement:  ip4:80.92.253.6.  So, for example, your SPF might read:

v=spf1 mx:my-domain.com ip4:80.92.253.6 -all

This should only be necessary if the sending host that uses that IP address isn't listed in your public DNS zone with an MX record.

Please show the contents of your SPF file if you're not sure about how to add this.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
meduziAuthor Commented:
Hi. There's confusion. I'll clarify.

I'm hiding my domain and IP, but everything else is here.

This is my SPF:   v=spf1 a ip4:[my Exchange server IP] -all

As you can see, Google sees my SPF and knows that an unauthorised IP is faking my domain. What I do not understand is why Google has sent the DSN to my server at all, when it already knows that the email address is spoofed.  

And below is the DSN

----- Original message -----

X-Received: by 10.70.61.68 with SMTP id n4mr21338129pdr.78.1430831172553;
        Tue, 05 May 2015 06:06:12 -0700 (PDT)
X-Gm-Message-State: ALoCoQl9UAJN3uQj7R4gphRovyTeVe6KjrqYWneCDJkWkFr7GH09zkf9ZGEBthe3XkoO4yy2hU7Ieu0EE27TWxYSfkFsiiLAMmj6looIKFRsO55/aX0ON9ljcnf1kK0UhvJkiCKqVMtU
X-Received: by 10.70.61.68 with SMTP id n4mr21338104pdr.78.1430831172428;
        Tue, 05 May 2015 06:06:12 -0700 (PDT)
Return-Path: <pjmifrzmbrufr@[my domain].com>
Received: from psmtp.com (exprod8mx246.postini.com. [64.18.3.146])
        by mx.google.com with SMTPS id tt6si24317106pac.36.2015.05.05.06.06.08
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Tue, 05 May 2015 06:06:12 -0700 (PDT)
Received-SPF: fail (google.com: domain of pjmifrzmbrufr@[my domain].com does not designate 80.92.253.6 as permitted sender) client-ip=80.92.253.6;
Authentication-Results: mx.google.com;
       spf=fail (google.com: domain of pjmifrzmbrufr@[my domain].com does not designate 80.92.253.6 as permitted sender) smtp.mail=pjmifrzmbrufr@[my domain].com
Received: from 6.chabry.cz ([80.92.253.6]) by exprod8mx246.postini.com ([64.18.7.13]) with SMTP;
      Tue, 05 May 2015 13:06:11 GMT
Message-ID: <393355195162-OWLJJESRVFLYSQIKGRWJFS@mjonhzg0.blueprint-technologies.com>
From: "Kim Winter" <Winter_Kim@blueprint-technologies.com>
Subject: Re: hungry for a f&ck friend
To: rowhiten@hrbmc.com
Date: Tue, 05 May 2015 15:06:08 +0100
Mime-Version: 1.0
Content-Type: text/html;
Content-Transfer-Encoding: 7Bit
X-pstn-mail-from: <pjmifrzmbrufr@[my domain].com>
X-pstn-dkim: 0 skipped:not-enabled
X-pstn-nxpr: disp=neutral, envrcpt=rozme@hrbmc.com
X-pstn-nxp: bodyHash=02d2e9920ee4d9f8d8bbc0710a6cc99261799865, headerHash=9597c4dbfa151db21bffc7823904434a24c28305, keyName=4, rcptHash=b4e5ebb6965e09c62fb30b8b76170bccb33b758e, sourceip=80.92.253.6, version=1
X-Gm-Spam: 1
X-Gm-Phishy: 0

----- End of message -----
0
 
meduziAuthor Commented:
That seems fair enough, I guess. The SPF seems to protect the recipient, but not whoever has had their domain spoofed. SPF could do with refining. It just seems to redirect the problem.

Thanks Mike.
0
 
mikebernhardtCommented:
It protects your reputation because others have an opportunity to see that you are trying to be a responsible "netizen" by at least making it possible to identify whether it's spam or not. That might help prevent putting your domain on a blacklist.
0
 
meduziAuthor Commented:
Thanks Mike
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.