subject:"\[mailop\] gmail rejecting for invalid SPF\/DKIM when there isn't any\?"

Re: [mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

2022-08-29 Thread Brandon Long via mailop

I mean, SPF can't pass if there is no SPF record, so the error message is
correct... but a more specific one for the reason SPF failed could be
useful, I guess.

And it's not 100% required yet, but it's been trending that way for a while.

Brandon

On Sat, Aug 27, 2022 at 10:05 PM Jarland Donnell via mailop <
mailop@mailop.org> wrote:

> It was purely observational, I thought others had already noticed it. It
> consumed a lot of support time on our side. Maybe I'll try to pull the
> data to get a better idea of how it looked by the numbers.
>
> On 2022-08-27 22:28, Darrell Budic via mailop wrote:
> > Was there any published notification about this? Not that there’s a
> > good place for it, but between mailop and nanog, I’d have thought I’d
> > have seen it…
> >
> > At any rate, this error message seems like it would be better as
> > “Gmail now requires senders to have SPF and/or DKIM enabled to send
> > mail to Gmail” instead of saying it failed checks. Less misleading
> > that way, and I’m not saying to my customer “I don’t know why it says
> > that, you don’t seem to have SPF setup…”
> >
> > I mean, yay for more correct SPF, but boo for bad error messages.
> >
> >> On Aug 27, 2022, at 5:28 PM, Jarland Donnell via mailop
> >>  wrote:
> >>
> >> Google has recent started requiring SPF. I don't know if they require
> >> it 100% of the time but they do now reject emails from domains that
> >> either don't have it, or have it improperly configured, and they won't
> >> accept it from those domains until it's fixed. It has helped me a good
> >> bit, making it easier to identify my customers that are violating my
> >> policy and sending without valid SPF.
> >>
> >> At least, by this point, we should be able to say that everyone has
> >> had an opportunity to at least adopt SPF. Anyone who doesn't, by now,
> >> generally doesn't care about their delivery quality.
> >>
> >> On 2022-08-27 17:09, Darrell Budic via mailop wrote:
> >>> Anyone else seeing this? Customer of mine just got some bounces from
> >>> gmail for invalid SPF/DKIM. He doesn’t have either, so I’m not
> >>> sure what this is about?
> >>> Mind you, I did send him to setup a valid SPF entry, and
> >>> authentication is good, but this seems like a misleading error
> >>> message...
>  The mail system
>  <@gmail.com>: host gmail-smtp-in.l.google.com
>  [1][142.251.4.27] said:
>  550-5.7.26 This message does not pass authentication checks (SPF
>  and DKIM
>  both 550-5.7.26 do not pass). SPF check for [musichael.com [2]]
>  does not pass
>  with ip: 550-5.7.26 [204.130.133.20].To best protect our users
>  from spam,
>  the message 550-5.7.26 has been blocked. Please visit 550-5.7.26
>  https://support.google.com/mail/answer/81126#authentication for
>  more 550
>  5.7.26 information.
>  b185-20020a2567c200b006953ea7fad6si1842767ybc.571 -
>  gsmtp (in reply to end of DATA command)
>  Reporting-MTA: dns; smtp.ohgnetworks.com [3]
>  X-Postfix-Queue-ID: 358D21F4D4
>  X-Postfix-Sender: rfc822; mich...@musichael.com
>  Arrival-Date: Sat, 27 Aug 2022 13:10:52 + (UTC)
> >>> Links:
> >>> --
> >>> [1] http://gmail-smtp-in.l.google.com
> >>> [2] http://musichael.com
> >>> [3] http://smtp.ohgnetworks.com
> >>> ___
> >>> mailop mailing list
> >>> mailop@mailop.org
> >>> https://list.mailop.org/listinfo/mailop
> >> ___
> >> mailop mailing list
> >> mailop@mailop.org
> >> https://list.mailop.org/listinfo/mailop
> >
> > ___
> > mailop mailing list
> > mailop@mailop.org
> > https://list.mailop.org/listinfo/mailop
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

2022-08-27 Thread Jarland Donnell via mailop

It was purely observational, I thought others had already noticed it. It 
consumed a lot of support time on our side. Maybe I'll try to pull the 
data to get a better idea of how it looked by the numbers.


On 2022-08-27 22:28, Darrell Budic via mailop wrote:

Was there any published notification about this? Not that there’s a
good place for it, but between mailop and nanog, I’d have thought I’d
have seen it…

At any rate, this error message seems like it would be better as
“Gmail now requires senders to have SPF and/or DKIM enabled to send
mail to Gmail” instead of saying it failed checks. Less misleading
that way, and I’m not saying to my customer “I don’t know why it says
that, you don’t seem to have SPF setup…”

I mean, yay for more correct SPF, but boo for bad error messages.

On Aug 27, 2022, at 5:28 PM, Jarland Donnell via mailop 
 wrote:


Google has recent started requiring SPF. I don't know if they require 
it 100% of the time but they do now reject emails from domains that 
either don't have it, or have it improperly configured, and they won't 
accept it from those domains until it's fixed. It has helped me a good 
bit, making it easier to identify my customers that are violating my 
policy and sending without valid SPF.


At least, by this point, we should be able to say that everyone has 
had an opportunity to at least adopt SPF. Anyone who doesn't, by now, 
generally doesn't care about their delivery quality.


On 2022-08-27 17:09, Darrell Budic via mailop wrote:

Anyone else seeing this? Customer of mine just got some bounces from
gmail for invalid SPF/DKIM. He doesn’t have either, so I’m not
sure what this is about?
Mind you, I did send him to setup a valid SPF entry, and
authentication is good, but this seems like a misleading error
message...

The mail system
<@gmail.com>: host gmail-smtp-in.l.google.com
[1][142.251.4.27] said:
550-5.7.26 This message does not pass authentication checks (SPF
and DKIM
both 550-5.7.26 do not pass). SPF check for [musichael.com [2]]
does not pass
with ip: 550-5.7.26 [204.130.133.20].To best protect our users
from spam,
the message 550-5.7.26 has been blocked. Please visit 550-5.7.26
https://support.google.com/mail/answer/81126#authentication for
more 550
5.7.26 information.
b185-20020a2567c200b006953ea7fad6si1842767ybc.571 -
gsmtp (in reply to end of DATA command)
Reporting-MTA: dns; smtp.ohgnetworks.com [3]
X-Postfix-Queue-ID: 358D21F4D4
X-Postfix-Sender: rfc822; mich...@musichael.com
Arrival-Date: Sat, 27 Aug 2022 13:10:52 + (UTC)

Links:
--
[1] http://gmail-smtp-in.l.google.com
[2] http://musichael.com
[3] http://smtp.ohgnetworks.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

2022-08-27 Thread Darrell Budic via mailop

Was there any published notification about this? Not that there’s a good place 
for it, but between mailop and nanog, I’d have thought I’d have seen it…

At any rate, this error message seems like it would be better as “Gmail now 
requires senders to have SPF and/or DKIM enabled to send mail to Gmail” instead 
of saying it failed checks. Less misleading that way, and I’m not saying to my 
customer “I don’t know why it says that, you don’t seem to have SPF setup…”

I mean, yay for more correct SPF, but boo for bad error messages.

> On Aug 27, 2022, at 5:28 PM, Jarland Donnell via mailop  
> wrote:
> 
> Google has recent started requiring SPF. I don't know if they require it 100% 
> of the time but they do now reject emails from domains that either don't have 
> it, or have it improperly configured, and they won't accept it from those 
> domains until it's fixed. It has helped me a good bit, making it easier to 
> identify my customers that are violating my policy and sending without valid 
> SPF.
> 
> At least, by this point, we should be able to say that everyone has had an 
> opportunity to at least adopt SPF. Anyone who doesn't, by now, generally 
> doesn't care about their delivery quality.
> 
> On 2022-08-27 17:09, Darrell Budic via mailop wrote:
>> Anyone else seeing this? Customer of mine just got some bounces from
>> gmail for invalid SPF/DKIM. He doesn’t have either, so I’m not
>> sure what this is about?
>> Mind you, I did send him to setup a valid SPF entry, and
>> authentication is good, but this seems like a misleading error
>> message...
>>> The mail system
>>> <@gmail.com>: host gmail-smtp-in.l.google.com
>>> [1][142.251.4.27] said:
>>> 550-5.7.26 This message does not pass authentication checks (SPF
>>> and DKIM
>>> both 550-5.7.26 do not pass). SPF check for [musichael.com [2]]
>>> does not pass
>>> with ip: 550-5.7.26 [204.130.133.20].To best protect our users
>>> from spam,
>>> the message 550-5.7.26 has been blocked. Please visit 550-5.7.26
>>> https://support.google.com/mail/answer/81126#authentication for
>>> more 550
>>> 5.7.26 information.
>>> b185-20020a2567c200b006953ea7fad6si1842767ybc.571 -
>>> gsmtp (in reply to end of DATA command)
>>> Reporting-MTA: dns; smtp.ohgnetworks.com [3]
>>> X-Postfix-Queue-ID: 358D21F4D4
>>> X-Postfix-Sender: rfc822; mich...@musichael.com
>>> Arrival-Date: Sat, 27 Aug 2022 13:10:52 + (UTC)
>> Links:
>> --
>> [1] http://gmail-smtp-in.l.google.com
>> [2] http://musichael.com
>> [3] http://smtp.ohgnetworks.com
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://list.mailop.org/listinfo/mailop
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

2022-08-27 Thread Darrell Budic via mailop

It was just added about the time I was sending that email, so it wasn’t there 
when my customer got the bounces. I imagine you are seeing caching and it 
should be solid soon.

> On Aug 27, 2022, at 6:04 PM, Ángel via mailop  wrote:
> 
> On 2022-08-27 at 17:09 -0500, Darrell Budic wrote:
>> Anyone else seeing this? Customer of mine just got some bounces from
>> gmail for invalid SPF/DKIM. He doesn’t have either, so I’m not sure
>> what this is about?
>> 
>> Mind you, I did send him to setup a valid SPF entry, and
>> authentication is good, but this seems like a misleading error
>> message...
> 
> When querying the SPF record, I only get it about 50% of times:
> 
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 637
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1460
> ;; QUESTION SECTION:
> ;musichael.com.   IN  TXT
> 
> ;; ANSWER SECTION:
> musichael.com.3600IN  TXT "v=spf1 
> ip4:204.130.133.0/26 -all"
> 
> vs
> 
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3637
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;musichael.com.   IN  TXT
> 
> ;; AUTHORITY SECTION:
> musichael.com.600 IN  SOA 
> ns1.yourhostingaccount.com. admin.yourhostingaccount.com. 2012080973 10800 
> 3600 604800 3600
> 
> 
> I'm not sure what's going on, since I get the record both from
> ns1.mydomain.com and ns2.mydomain.com when pointing directly to them, It 
> could be some dns caching somewhere.
> 
> But there are definitely some shenanigans going on with your SPF
> record, it's not Google.
> 
> 
> 
> Regards
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

2022-08-27 Thread Ángel via mailop

On 2022-08-27 at 17:09 -0500, Darrell Budic wrote:
> Anyone else seeing this? Customer of mine just got some bounces from
> gmail for invalid SPF/DKIM. He doesn’t have either, so I’m not sure
> what this is about?
> 
> Mind you, I did send him to setup a valid SPF entry, and
> authentication is good, but this seems like a misleading error
> message...

When querying the SPF record, I only get it about 50% of times:

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 637
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1460
;; QUESTION SECTION:
;musichael.com. IN  TXT

;; ANSWER SECTION:
musichael.com.  3600IN  TXT "v=spf1 ip4:204.130.133.0/26 
-all"

vs

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3637
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;musichael.com. IN  TXT

;; AUTHORITY SECTION:
musichael.com.  600 IN  SOA ns1.yourhostingaccount.com. 
admin.yourhostingaccount.com. 2012080973 10800 3600 604800 3600


I'm not sure what's going on, since I get the record both from
ns1.mydomain.com and ns2.mydomain.com when pointing directly to them, It could 
be some dns caching somewhere.

But there are definitely some shenanigans going on with your SPF
record, it's not Google.



Regards


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

2022-08-27 Thread Jarland Donnell via mailop

Google has recent started requiring SPF. I don't know if they require it 
100% of the time but they do now reject emails from domains that either 
don't have it, or have it improperly configured, and they won't accept 
it from those domains until it's fixed. It has helped me a good bit, 
making it easier to identify my customers that are violating my policy 
and sending without valid SPF.


At least, by this point, we should be able to say that everyone has had 
an opportunity to at least adopt SPF. Anyone who doesn't, by now, 
generally doesn't care about their delivery quality.


On 2022-08-27 17:09, Darrell Budic via mailop wrote:

Anyone else seeing this? Customer of mine just got some bounces from
gmail for invalid SPF/DKIM. He doesn’t have either, so I’m not
sure what this is about?

Mind you, I did send him to setup a valid SPF entry, and
authentication is good, but this seems like a misleading error
message...


The mail system

<@gmail.com>: host gmail-smtp-in.l.google.com
[1][142.251.4.27] said:
550-5.7.26 This message does not pass authentication checks (SPF
and DKIM
both 550-5.7.26 do not pass). SPF check for [musichael.com [2]]
does not pass
with ip: 550-5.7.26 [204.130.133.20].To best protect our users
from spam,
the message 550-5.7.26 has been blocked. Please visit 550-5.7.26
https://support.google.com/mail/answer/81126#authentication for
more 550
5.7.26 information.
b185-20020a2567c200b006953ea7fad6si1842767ybc.571 -
gsmtp (in reply to end of DATA command)
Reporting-MTA: dns; smtp.ohgnetworks.com [3]
X-Postfix-Queue-ID: 358D21F4D4
X-Postfix-Sender: rfc822; mich...@musichael.com
Arrival-Date: Sat, 27 Aug 2022 13:10:52 + (UTC)



Links:
--
[1] http://gmail-smtp-in.l.google.com
[2] http://musichael.com
[3] http://smtp.ohgnetworks.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

2022-08-27 Thread Darrell Budic via mailop

Anyone else seeing this? Customer of mine just got some bounces from gmail for 
invalid SPF/DKIM. He doesn’t have either, so I’m not sure what this is about?

Mind you, I did send him to setup a valid SPF entry, and authentication is 
good, but this seems like a misleading error message...

> 
>   The mail system
> 
> <@gmail.com >: host 
> gmail-smtp-in.l.google.com [142.251.4.27] 
> said:
>550-5.7.26 This message does not pass authentication checks (SPF and DKIM
>both 550-5.7.26 do not pass). SPF check for [musichael.com 
> ] does not pass
>with ip: 550-5.7.26 [204.130.133.20].To best protect our users from spam,
>the message 550-5.7.26 has been blocked. Please visit 550-5.7.26
>https://support.google.com/mail/answer/81126#authentication 
>  for more 550
>5.7.26 information. b185-20020a2567c200b006953ea7fad6si1842767ybc.571 -
>gsmtp (in reply to end of DATA command)
> Reporting-MTA: dns; smtp.ohgnetworks.com 
> X-Postfix-Queue-ID: 358D21F4D4
> X-Postfix-Sender: rfc822; mich...@musichael.com 
> Arrival-Date: Sat, 27 Aug 2022 13:10:52 + (UTC)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

Re: [mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

Re: [mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

Re: [mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

Re: [mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

Re: [mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

[mailop] gmail rejecting for invalid SPF/DKIM when there isn't any?

7 matches

Site Navigation

Mail list logo

Footer information