Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




3132 posts

Uber Geek


#208574 17-Feb-2017 15:24
Send private message

We have had a couple NDRs over the last week or so based on Xtra's SPF policy.

 

We have an SPF record locked down to our mail servers IP address.

 

However, when we send an email to an address which is then redirected to an Xtra address we get an NDR - presumably because it is looking at the forwarding servers IP address rather than ours.

 

E.g. user@fakedomain.co.nz is forwarding to fakedomain@xtra.co.nz. If I send a message to user@fakedomain.co.nz it bounces back saying it was rejected by mx.xtra.co.nz based on SPF policy. Sending directly to fakedomain@xtra.co.nz is fine.

 

Mail forwarding of this nature is not uncommon, nor is having an SPF record. Surely this isn't expected behaviour by the Xtra servers?


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
/dev/null
9302 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #1721891 17-Feb-2017 15:47
Send private message

I had the same problem with my domain.

 

In the end I set SPF to Softfail (~all instead of -all) along with using DKIM and also DMARC set to strict mode. This means that whilst SPF may go through with Neutral or Fail as long as DKIM passes the email should go through fine without hitting spam. I often get the following with email being sent from my Google account:

 

SPF: NEUTRAL with IP 43.228.*.*
DKIM: PASS with domain murfy.nz
DMARC: PASS





1509 posts

Uber Geek


  #1721892 17-Feb-2017 15:49
Send private message

I'm seeing similar stuff...

 

Has your reply got this in the body?

 

 

 

 

...snip

 

MailEnable: Message could not be delivered to some recipients.

 

The following recipient(s) could not be reached:

 

 

 

                Recipient: [SMTP:someone@xtra.co.nz]

 

                Reason: 550 5.7.1 Message rejected due to SPF policy

 

 

 

 

 

Message contents follow:

 

.../snip

 


 
 
 
 




3132 posts

Uber Geek


  #1721900 17-Feb-2017 16:02
Send private message

Dairyxox:

 

I'm seeing similar stuff...

 

Has your reply got this in the body?

 

 

 

 

...snip

 

MailEnable: Message could not be delivered to some recipients.

 

The following recipient(s) could not be reached:

 

 

 

                Recipient: [SMTP:someone@xtra.co.nz]

 

                Reason: 550 5.7.1 Message rejected due to SPF policy

 

 

 

 

 

Message contents follow:

 

.../snip

 

 

 

Yep, that's the one.

 

EDIT: Not exactly the same as that, but they have the same important part 550 5.7.1 Message rejected due to SPF policy. And on the ones I have the headers clearly show that the rejecting server is mx.xtra.co.nz.




3132 posts

Uber Geek


  #1721904 17-Feb-2017 16:10
Send private message

michaelmurfy:

 

I had the same problem with my domain.

 

In the end I set SPF to Softfail (~all instead of -all) along with using DKIM and also DMARC set to strict mode. This means that whilst SPF may go through with Neutral or Fail as long as DKIM passes the email should go through fine without hitting spam. I often get the following with email being sent from my Google account:

 

SPF: NEUTRAL with IP 43.228.*.*
DKIM: PASS with domain murfy.nz
DMARC: PASS

 

 

Maybe I'm being ignorant, but what is the point of having an SPF at all if it is set to softfail?

 

EDIT: I guess to stop it being flagged as spam because it doesn't have an SPF at all?


/dev/null
9302 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #1721933 17-Feb-2017 16:44
Send private message

Paul1977:

 

 

 

Maybe I'm being ignorant, but what is the point of having an SPF at all if it is set to softfail?

 

EDIT: I guess to stop it being flagged as spam because it doesn't have an SPF at all?

 

 

Prevents email from being flagged as spam mainly. Google and some other providers also refuses to work correctly with SPF even if you "allow" it so having strict SPF will cause most emails to bounce (had that issue - was terrible). Having DKIM and DMARC helps prevent unauthorized senders further even if SPF is set to softfail.

 

SPF accept + DKIM accept = Email accepted.
SPF Neutral + DKIM accept = Email accepted.
SPF Neutral / Fail + DKIM fail = DMARC fail, email bounced (assuming email server knows about DMARC) and report sent to my domain.







3132 posts

Uber Geek


  #1721939 17-Feb-2017 17:04
Send private message

michaelmurfy:

 

Paul1977:

 

 Maybe I'm being ignorant, but what is the point of having an SPF at all if it is set to softfail?

 

EDIT: I guess to stop it being flagged as spam because it doesn't have an SPF at all?

 

 

Prevents email from being flagged as spam mainly. Google and some other providers also refuses to work correctly with SPF even if you "allow" it so having strict SPF will cause most emails to bounce (had that issue - was terrible). Having DKIM and DMARC helps prevent unauthorized senders further even if SPF is set to softfail.

 

SPF accept + DKIM accept = Email accepted.
SPF Neutral + DKIM accept = Email accepted.
SPF Neutral / Fail + DKIM fail = DMARC fail, email bounced (assuming email server knows about DMARC) and report sent to my domain.

 

 

We currently don't have DKIM setup because, while the vast bulk of our emails are sent from our own Exchange server, we have some emails sent from a third party cloud provider that we have no control over (they are sent with our domain name and we have added their IP to the SPF).

 

If we changed SPF to softfail and setup DKIM and DEMARC then any emails from the third party provider would have SPF accept + DKIM fail. Would that be DEMARC accept or DEMARC fail? What would SPF accept + DKIM fail mean for a recipient server that doesn't understand DEMARC?

 

EDIT: Corrected error (typed DKIM when I meant DEMARC)


'That VDSL Cat'
12151 posts

Uber Geek

Trusted
Spark
Subscriber

  #1721940 17-Feb-2017 17:06
Send private message

Please contact Bussines broadband (126 / 0800 Business) to have this logged.

 

 

 

That is the only way this will be resolved.

 

for those few of you technically capable, PM me and i could possibly follow up directly to make less of a effort to get to resolution.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


 
 
 
 


1423 posts

Uber Geek
Inactive user


  #1725865 24-Feb-2017 19:45
Send private message

hio77:

 

Please contact Bussines broadband (126 / 0800 Business) to have this logged.

 

 

 

That is the only way this will be resolved.

 

for those few of you technically capable, PM me and i could possibly follow up directly to make less of a effort to get to resolution.

 

 

 

 

Ha ha ha he he he bonk!!!!!

 

 

 

We have one client who is getting hit in so many ways and getting the run around. I could easily rack up 20 hours plus per week dealing with this on the phone. The best option is to use yahoo directly using the "wrong" settings. This works and maybe will fail when smx / xtra  / spark finally get this mess completed but up until now is the best way to get consistent mail working.

 

 

 

SPF Record failed: http://www.geekzone.co.nz/forums.asp?forumid=39&topicid=208517

 

Now getting bounced by yahoo.co.uk as a spam sender , despite going through xtra email system and they have a clean black list.

 

Also the new mail portal failing: https://www.spark.co.nz/myspark/   doesn't take legit email address and password.

 

SMX's draconian regime for dumping spam is ridiculously hard on people who have "road warriors" or really anyone who wants to send email. One 23 page PDf was dumped as there was a link to a legitimate article on a website that had a page( one out of thousands)  that was once used in a mail out campaign for some medical product - yet the page linked had none of that and again, 120 plus black lists didn't think their reputation was an issue.  We had to encrypt the content to get it sent to the publisher / printer.

 

 

 

 


23281 posts

Uber Geek

Trusted
Subscriber

  #1725872 24-Feb-2017 19:51
Send private message

If people are going to bounce mails on to another provider than this is the expected behaviour.

 

Forward it instead so that it is coming from the correct sender for the server that is connecting to xtra.

 

I have had this with other providers in the past when I have had to deal with PITA self hosting idiots that decided that sending the company mail on to their staffs ISP address was a good idea. Some of them used an ISP in aussie that had proper rejection of SPF fails rather than dumping them in the spam folder and this happened.

 

Expected me to change the SPF record for a domain that daily mail outs were sent from inorder to accomodate their absurd configuration on their server. I told them just to subscribe the peoples ISP addresses instead.





Richard rich.ms

'That VDSL Cat'
12151 posts

Uber Geek

Trusted
Spark
Subscriber

  #1725884 24-Feb-2017 20:12
Send private message

nunz:

 

 

 

Ha ha ha he he he bonk!!!!!

 

 

 

We have one client who is getting hit in so many ways and getting the run around. I could easily rack up 20 hours plus per week dealing with this on the phone. The best option is to use yahoo directly using the "wrong" settings. This works and maybe will fail when smx / xtra  / spark finally get this mess completed but up until now is the best way to get consistent mail working.

 

 

 

 

 

If the client has already raised this case, i'd certainly love to follow up it and get to the bottom without the run around going on any further.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


1423 posts

Uber Geek
Inactive user


  #1726167 25-Feb-2017 16:35
Send private message

michaelmurfy:

 

I had the same problem with my domain.

 

In the end I set SPF to Softfail (~all instead of -all) along with using DKIM and also DMARC set to strict mode. This means that whilst SPF may go through with Neutral or Fail as long as DKIM passes the email should go through fine without hitting spam. I often get the following with email being sent from my Google account:

 

SPF: NEUTRAL with IP 43.228.*.*
DKIM: PASS with domain murfy.nz
DMARC: PASS

 

 

+1

 

Same with us. Less secure now.


1423 posts

Uber Geek
Inactive user


  #1726175 25-Feb-2017 16:47
Send private message

hio77:

 

nunz:

 

 

 

Ha ha ha he he he bonk!!!!!

 

 

 

We have one client who is getting hit in so many ways and getting the run around. I could easily rack up 20 hours plus per week dealing with this on the phone. The best option is to use yahoo directly using the "wrong" settings. This works and maybe will fail when smx / xtra  / spark finally get this mess completed but up until now is the best way to get consistent mail working.

 

 

 

 

 

If the client has already raised this case, i'd certainly love to follow up it and get to the bottom without the run around going on any further.

 

 

 

 

it has been escalated multiple times. it has been escalated to yahoo.

 

it has been escalated to SMX.

 

it has been raised with yahoo  / spark.

 

After 2 hours , zero minutes and zero seconds , on phone waiting in queue, yesterday I got dumped - methinks they are now dumping calls in their queues.

 

We've set them up a new mail server, set up new records and am popping ( when it doesn't get borked up again,)  mail from xtra into the new mail server. we mostly pop and imap exisiting mail using the wrong settings (ie yahoo mail settings direct) except yesteraday they couldn't even log onto the webmail as again some nerf herding frack artist had stuffed things up even for webmail.

 

anyone else enjoying logging in 3 or 4 times and getting multiple redirects around the block after going to the official web mail log in URL for xtra - webmail.xtra.co.nz  - bloody shambles.

 

Just when I thought there was nothing more they could do to make me think less of their technical expertise(sic)

 

 

 

 

 

 

 

 


440 posts

Ultimate Geek


  #1726220 25-Feb-2017 19:00
Send private message

there is a problem i saw the other day

 

https://list.waikato.ac.nz/pipermail/nznog/2017-February/date.html


20506 posts

Uber Geek

Trusted
Lifetime subscriber

  #1726225 25-Feb-2017 19:14
Send private message

nunz:

 

hio77:

 

nunz:

 

 

 

Ha ha ha he he he bonk!!!!!

 

 

 

We have one client who is getting hit in so many ways and getting the run around. I could easily rack up 20 hours plus per week dealing with this on the phone. The best option is to use yahoo directly using the "wrong" settings. This works and maybe will fail when smx / xtra  / spark finally get this mess completed but up until now is the best way to get consistent mail working.

 

 

 

 

 

If the client has already raised this case, i'd certainly love to follow up it and get to the bottom without the run around going on any further.

 

 

 

 

it has been escalated multiple times. it has been escalated to yahoo.

 

it has been escalated to SMX.

 

it has been raised with yahoo  / spark.

 

After 2 hours , zero minutes and zero seconds , on phone waiting in queue, yesterday I got dumped - methinks they are now dumping calls in their queues.

 

We've set them up a new mail server, set up new records and am popping ( when it doesn't get borked up again,)  mail from xtra into the new mail server. we mostly pop and imap exisiting mail using the wrong settings (ie yahoo mail settings direct) except yesteraday they couldn't even log onto the webmail as again some nerf herding frack artist had stuffed things up even for webmail.

 

anyone else enjoying logging in 3 or 4 times and getting multiple redirects around the block after going to the official web mail log in URL for xtra - webmail.xtra.co.nz  - bloody shambles.

 

Just when I thought there was nothing more they could do to make me think less of their technical expertise(sic)

 

 

 

 

 

 

 

 

 

 

I'm sure if you PM'ed Hio77 with the ticket numbers for each of escalations to Yahoo, SMX and Spark, they can be looked into


'That VDSL Cat'
12151 posts

Uber Geek

Trusted
Spark
Subscriber

  #1726656 26-Feb-2017 20:17
Send private message

tdgeek:

 

 

 

I'm sure if you PM'ed Hio77 with the ticket numbers for each of escalations to Yahoo, SMX and Spark, they can be looked into

 

 

Soapboxing seems more important here.. have offered this multiple times :/

 

 

 

Personally I have seen one case of SPF issues pass my desk, and it was followed up directly with someone to look into it instantly. A response was back to the client within the day.

 

biggal:

 

there is a problem i saw the other day

 

https://list.waikato.ac.nz/pipermail/nznog/2017-February/date.html

 

 

This nznog post died down pretty fast when i responded reminding people to report it so it can actually be looked at.

 

 

 

 





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Sony introduces the digital camera ZV-1 for content creators
Posted 27-May-2020 12:47


Samsung Announces 2020 QLED TV Range
Posted 20-May-2020 16:29


D-Link A/NZ launches AI-Powered body temperature measuring system
Posted 20-May-2020 16:22


NortonLifeLock Online Banking Protection now available for New Zealand banks
Posted 20-May-2020 16:14


SD Express delivers new gigabyte speeds for SD memory cards
Posted 20-May-2020 15:00


D-Link A/NZ launches Nuclias cloud managed network solution hosted in Australia
Posted 11-May-2020 17:53


Logitech introduces new video streaming solution for home studios
Posted 11-May-2020 17:48


Next generation Volvo cars to be powered by Luminar LiDAR technology
Posted 7-May-2020 13:56


D-Link A/NZ launches Wi-Fi Certified EasyMesh system
Posted 7-May-2020 13:51


Spark teams up with Microsoft to bring Xbox All Access to New Zealand
Posted 7-May-2020 13:01


Microsoft plans to establish its first datacenter region in New Zealand
Posted 6-May-2020 11:35


Genesis School-gen has joined forces with Mind Lab Kids
Posted 1-May-2020 12:53


Malwarebytes expands into privacy with fast, frictionless VPN
Posted 30-Apr-2020 16:06


Kordia to donate TV airtime on Channel 200 to community groups
Posted 30-Apr-2020 16:00


OPPO A91 is a high specs mid-range smartphone
Posted 23-Apr-2020 16:44



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.