Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New ZealandMail Redirection To Xtra and SPF


2648 posts

Uber Geek
+1 received by user: 759


# 208574 17-Feb-2017 15:24
Send private message

We have had a couple NDRs over the last week or so based on Xtra's SPF policy.

 

We have an SPF record locked down to our mail servers IP address.

 

However, when we send an email to an address which is then redirected to an Xtra address we get an NDR - presumably because it is looking at the forwarding servers IP address rather than ours.

 

E.g. user@fakedomain.co.nz is forwarding to fakedomain@xtra.co.nz. If I send a message to user@fakedomain.co.nz it bounces back saying it was rejected by mx.xtra.co.nz based on SPF policy. Sending directly to fakedomain@xtra.co.nz is fine.

 

Mail forwarding of this nature is not uncommon, nor is having an SPF record. Surely this isn't expected behaviour by the Xtra servers?

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
Mr Snotty
8594 posts

Uber Geek
+1 received by user: 4493

Moderator
Trusted
Lifetime subscriber

  # 1721891 17-Feb-2017 15:47
Send private message

I had the same problem with my domain.

 

In the end I set SPF to Softfail (~all instead of -all) along with using DKIM and also DMARC set to strict mode. This means that whilst SPF may go through with Neutral or Fail as long as DKIM passes the email should go through fine without hitting spam. I often get the following with email being sent from my Google account:

 

SPF: NEUTRAL with IP 43.228.*.*
DKIM: PASS with domain murfy.nz
DMARC: PASS




Michael Murphy | https://murfy.nz
A quick guide to picking the right ISP | The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial

1459 posts

Uber Geek
+1 received by user: 382


  # 1721892 17-Feb-2017 15:49
Send private message

I'm seeing similar stuff...

 

Has your reply got this in the body?

 

 

 

 

...snip

 

MailEnable: Message could not be delivered to some recipients.

 

The following recipient(s) could not be reached:

 

 

 

                Recipient: [SMTP:someone@xtra.co.nz]

 

                Reason: 550 5.7.1 Message rejected due to SPF policy

 

 

 

 

 

Message contents follow:

 

.../snip

 

 
 
 
 




2648 posts

Uber Geek
+1 received by user: 759


  # 1721900 17-Feb-2017 16:02
Send private message

Dairyxox:

 

I'm seeing similar stuff...

 

Has your reply got this in the body?

 

 

 

 

...snip

 

MailEnable: Message could not be delivered to some recipients.

 

The following recipient(s) could not be reached:

 

 

 

                Recipient: [SMTP:someone@xtra.co.nz]

 

                Reason: 550 5.7.1 Message rejected due to SPF policy

 

 

 

 

 

Message contents follow:

 

.../snip

 

 

 

Yep, that's the one.

 

EDIT: Not exactly the same as that, but they have the same important part 550 5.7.1 Message rejected due to SPF policy. And on the ones I have the headers clearly show that the rejecting server is mx.xtra.co.nz.



2648 posts

Uber Geek
+1 received by user: 759


  # 1721904 17-Feb-2017 16:10
One person supports this post
Send private message

michaelmurfy:

 

I had the same problem with my domain.

 

In the end I set SPF to Softfail (~all instead of -all) along with using DKIM and also DMARC set to strict mode. This means that whilst SPF may go through with Neutral or Fail as long as DKIM passes the email should go through fine without hitting spam. I often get the following with email being sent from my Google account:

 

SPF: NEUTRAL with IP 43.228.*.*
DKIM: PASS with domain murfy.nz
DMARC: PASS

 

 

Maybe I'm being ignorant, but what is the point of having an SPF at all if it is set to softfail?

 

EDIT: I guess to stop it being flagged as spam because it doesn't have an SPF at all?

Mr Snotty
8594 posts

Uber Geek
+1 received by user: 4493

Moderator
Trusted
Lifetime subscriber

  # 1721933 17-Feb-2017 16:44
Send private message

Paul1977:

 

 

 

Maybe I'm being ignorant, but what is the point of having an SPF at all if it is set to softfail?

 

EDIT: I guess to stop it being flagged as spam because it doesn't have an SPF at all?

 

 

Prevents email from being flagged as spam mainly. Google and some other providers also refuses to work correctly with SPF even if you "allow" it so having strict SPF will cause most emails to bounce (had that issue - was terrible). Having DKIM and DMARC helps prevent unauthorized senders further even if SPF is set to softfail.

 

SPF accept + DKIM accept = Email accepted.
SPF Neutral + DKIM accept = Email accepted.
SPF Neutral / Fail + DKIM fail = DMARC fail, email bounced (assuming email server knows about DMARC) and report sent to my domain.




Michael Murphy | https://murfy.nz
A quick guide to picking the right ISP | The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial



2648 posts

Uber Geek
+1 received by user: 759


  # 1721939 17-Feb-2017 17:04
Send private message

michaelmurfy:

 

Paul1977:

 

 Maybe I'm being ignorant, but what is the point of having an SPF at all if it is set to softfail?

 

EDIT: I guess to stop it being flagged as spam because it doesn't have an SPF at all?

 

 

Prevents email from being flagged as spam mainly. Google and some other providers also refuses to work correctly with SPF even if you "allow" it so having strict SPF will cause most emails to bounce (had that issue - was terrible). Having DKIM and DMARC helps prevent unauthorized senders further even if SPF is set to softfail.

 

SPF accept + DKIM accept = Email accepted.
SPF Neutral + DKIM accept = Email accepted.
SPF Neutral / Fail + DKIM fail = DMARC fail, email bounced (assuming email server knows about DMARC) and report sent to my domain.

 

 

We currently don't have DKIM setup because, while the vast bulk of our emails are sent from our own Exchange server, we have some emails sent from a third party cloud provider that we have no control over (they are sent with our domain name and we have added their IP to the SPF).

 

If we changed SPF to softfail and setup DKIM and DEMARC then any emails from the third party provider would have SPF accept + DKIM fail. Would that be DEMARC accept or DEMARC fail? What would SPF accept + DKIM fail mean for a recipient server that doesn't understand DEMARC?

 

EDIT: Corrected error (typed DKIM when I meant DEMARC)

'That VDSL Cat'
10186 posts

Uber Geek
+1 received by user: 2443

Trusted
Spark
Subscriber

  # 1721940 17-Feb-2017 17:06
Send private message

Please contact Bussines broadband (126 / 0800 Business) to have this logged.

 

 

 

That is the only way this will be resolved.

 

for those few of you technically capable, PM me and i could possibly follow up directly to make less of a effort to get to resolution.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

1353 posts

Uber Geek
+1 received by user: 281

Subscriber

  # 1725865 24-Feb-2017 19:45
Send private message

hio77:

 

Please contact Bussines broadband (126 / 0800 Business) to have this logged.

 

 

 

That is the only way this will be resolved.

 

for those few of you technically capable, PM me and i could possibly follow up directly to make less of a effort to get to resolution.

 

 

 

 

Ha ha ha he he he bonk!!!!!

 

 

 

We have one client who is getting hit in so many ways and getting the run around. I could easily rack up 20 hours plus per week dealing with this on the phone. The best option is to use yahoo directly using the "wrong" settings. This works and maybe will fail when smx / xtra  / spark finally get this mess completed but up until now is the best way to get consistent mail working.

 

 

 

SPF Record failed: http://www.geekzone.co.nz/forums.asp?forumid=39&topicid=208517

 

Now getting bounced by yahoo.co.uk as a spam sender , despite going through xtra email system and they have a clean black list.

 

Also the new mail portal failing: https://www.spark.co.nz/myspark/   doesn't take legit email address and password.

 

SMX's draconian regime for dumping spam is ridiculously hard on people who have "road warriors" or really anyone who wants to send email. One 23 page PDf was dumped as there was a link to a legitimate article on a website that had a page( one out of thousands)  that was once used in a mail out campaign for some medical product - yet the page linked had none of that and again, 120 plus black lists didn't think their reputation was an issue.  We had to encrypt the content to get it sent to the publisher / printer.

 

 

 

 




nunz

22057 posts

Uber Geek
+1 received by user: 4680

Trusted
Subscriber

  # 1725872 24-Feb-2017 19:51
2 people support this post
Send private message

If people are going to bounce mails on to another provider than this is the expected behaviour.

 

Forward it instead so that it is coming from the correct sender for the server that is connecting to xtra.

 

I have had this with other providers in the past when I have had to deal with PITA self hosting idiots that decided that sending the company mail on to their staffs ISP address was a good idea. Some of them used an ISP in aussie that had proper rejection of SPF fails rather than dumping them in the spam folder and this happened.

 

Expected me to change the SPF record for a domain that daily mail outs were sent from inorder to accomodate their absurd configuration on their server. I told them just to subscribe the peoples ISP addresses instead.




Richard rich.ms

'That VDSL Cat'
10186 posts

Uber Geek
+1 received by user: 2443

Trusted
Spark
Subscriber

  # 1725884 24-Feb-2017 20:12
Send private message

nunz:

 

 

 

Ha ha ha he he he bonk!!!!!

 

 

 

We have one client who is getting hit in so many ways and getting the run around. I could easily rack up 20 hours plus per week dealing with this on the phone. The best option is to use yahoo directly using the "wrong" settings. This works and maybe will fail when smx / xtra  / spark finally get this mess completed but up until now is the best way to get consistent mail working.

 

 

 

 

 

If the client has already raised this case, i'd certainly love to follow up it and get to the bottom without the run around going on any further.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

1353 posts

Uber Geek
+1 received by user: 281

Subscriber

  # 1726167 25-Feb-2017 16:35
Send private message

michaelmurfy:

 

I had the same problem with my domain.

 

In the end I set SPF to Softfail (~all instead of -all) along with using DKIM and also DMARC set to strict mode. This means that whilst SPF may go through with Neutral or Fail as long as DKIM passes the email should go through fine without hitting spam. I often get the following with email being sent from my Google account:

 

SPF: NEUTRAL with IP 43.228.*.*
DKIM: PASS with domain murfy.nz
DMARC: PASS

 

 

+1

 

Same with us. Less secure now.




nunz

1353 posts

Uber Geek
+1 received by user: 281

Subscriber

  # 1726175 25-Feb-2017 16:47
Send private message

hio77:

 

nunz:

 

 

 

Ha ha ha he he he bonk!!!!!

 

 

 

We have one client who is getting hit in so many ways and getting the run around. I could easily rack up 20 hours plus per week dealing with this on the phone. The best option is to use yahoo directly using the "wrong" settings. This works and maybe will fail when smx / xtra  / spark finally get this mess completed but up until now is the best way to get consistent mail working.

 

 

 

 

 

If the client has already raised this case, i'd certainly love to follow up it and get to the bottom without the run around going on any further.

 

 

 

 

it has been escalated multiple times. it has been escalated to yahoo.

 

it has been escalated to SMX.

 

it has been raised with yahoo  / spark.

 

After 2 hours , zero minutes and zero seconds , on phone waiting in queue, yesterday I got dumped - methinks they are now dumping calls in their queues.

 

We've set them up a new mail server, set up new records and am popping ( when it doesn't get borked up again,)  mail from xtra into the new mail server. we mostly pop and imap exisiting mail using the wrong settings (ie yahoo mail settings direct) except yesteraday they couldn't even log onto the webmail as again some nerf herding frack artist had stuffed things up even for webmail.

 

anyone else enjoying logging in 3 or 4 times and getting multiple redirects around the block after going to the official web mail log in URL for xtra - webmail.xtra.co.nz  - bloody shambles.

 

Just when I thought there was nothing more they could do to make me think less of their technical expertise(sic)

 

 

 

 

 

 

 

 




nunz

352 posts

Ultimate Geek
+1 received by user: 55


  # 1726220 25-Feb-2017 19:00
Send private message

there is a problem i saw the other day

 

https://list.waikato.ac.nz/pipermail/nznog/2017-February/date.html

15907 posts

Uber Geek
+1 received by user: 3130

Trusted

  # 1726225 25-Feb-2017 19:14
One person supports this post
Send private message

nunz:

 

hio77:

 

nunz:

 

 

 

Ha ha ha he he he bonk!!!!!

 

 

 

We have one client who is getting hit in so many ways and getting the run around. I could easily rack up 20 hours plus per week dealing with this on the phone. The best option is to use yahoo directly using the "wrong" settings. This works and maybe will fail when smx / xtra  / spark finally get this mess completed but up until now is the best way to get consistent mail working.

 

 

 

 

 

If the client has already raised this case, i'd certainly love to follow up it and get to the bottom without the run around going on any further.

 

 

 

 

it has been escalated multiple times. it has been escalated to yahoo.

 

it has been escalated to SMX.

 

it has been raised with yahoo  / spark.

 

After 2 hours , zero minutes and zero seconds , on phone waiting in queue, yesterday I got dumped - methinks they are now dumping calls in their queues.

 

We've set them up a new mail server, set up new records and am popping ( when it doesn't get borked up again,)  mail from xtra into the new mail server. we mostly pop and imap exisiting mail using the wrong settings (ie yahoo mail settings direct) except yesteraday they couldn't even log onto the webmail as again some nerf herding frack artist had stuffed things up even for webmail.

 

anyone else enjoying logging in 3 or 4 times and getting multiple redirects around the block after going to the official web mail log in URL for xtra - webmail.xtra.co.nz  - bloody shambles.

 

Just when I thought there was nothing more they could do to make me think less of their technical expertise(sic)

 

 

 

 

 

 

 

 

 

 

I'm sure if you PM'ed Hio77 with the ticket numbers for each of escalations to Yahoo, SMX and Spark, they can be looked into

'That VDSL Cat'
10186 posts

Uber Geek
+1 received by user: 2443

Trusted
Spark
Subscriber

  # 1726656 26-Feb-2017 20:17
2 people support this post
Send private message

tdgeek:

 

 

 

I'm sure if you PM'ed Hio77 with the ticket numbers for each of escalations to Yahoo, SMX and Spark, they can be looked into

 

 

Soapboxing seems more important here.. have offered this multiple times :/

 

 

 

Personally I have seen one case of SPF issues pass my desk, and it was followed up directly with someone to look into it instantly. A response was back to the client within the day.

 

biggal:

 

there is a problem i saw the other day

 

https://list.waikato.ac.nz/pipermail/nznog/2017-February/date.html

 

 

This nznog post died down pretty fast when i responded reminding people to report it so it can actually be looked at.

 

 

 

 




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

WLG-X festival to celebrate creativity and innovation
Posted 22-May-2019 17:53

HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07

Techweek starting around NZ today
Posted 20-May-2019 09:52

Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00

New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30

Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11

Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23

Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11

Vodafone New Zealand sold
Posted 14-May-2019 07:25

Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25

Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39

Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25

Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13

The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41

Nokia 9 PureView available in New Zealand
Posted 6-May-2019 09:06


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.