Franck, The statement "a:" it is redundant, i will suppress this. thanks. Nevertheless, as you said, gmail should not fail on my SPF record.
Regards, Daniel Brito On Wed, Sep 17, 2014 at 4:57 PM, Franck Martin <fmar...@linkedin.com> wrote: > Check > https://dmarcian.com/spf-survey/prodest.es.gov.br > There is a warning and the a: is redundant anyhow, I would just suppress > it. No need to add an extra DNS query. > > your authoritative servers seems fine: > > http://www.digwebinterface.com/?hostnames=prodest.es.gov.br&type=TXT&showcommand=on&colorize=on&useresolver=8.8.4.4&ns=auth&nameservers= > > Otherwise, yes, Gmaill should not fail that often on this SPF record. > > On Sep 17, 2014, at 8:59 PM, Daniel Brito via dmarc-discuss < > dmarc-discuss@dmarc.org> wrote: > > Hi Jesper, > > The statement "a" accept this sintax : "a:<domain>/<prefix-length>". You > could check on the this page: http://www.openspf.org/SPF_Record_Syntax > > Also, it is possible to check the spf record on some internet tools. I > particularly use this: http://vamsoft.com/support/tools/spf-policy-tester > . > > I will continue analyzing the dmarc report until i feel confident to use > on 100% of the mesagens. > > > Regards, > Daniel Brito > > > On Wed, Sep 17, 2014 at 2:13 PM, Jesper Knudsen < > jesper.knud...@scanmailx.com> wrote: > >> Do not know whether its the reason but your SPF record looks a little odd >> to me. >> >> >> >> v=spf1 a:ironport.mail.es.gov.br/24 ip4:201.62.46.0/24 ip4:201.62.33.0/24 >> ~all >> >> >> >> The “a:” statement should not to my knowledge have a “/24” – maybe Google >> is just getting choked with that. >> >> >> >> Regards, >> >> Jesper >> >> >> >> *From:* dmarc-discuss [mailto:dmarc-discuss-boun...@dmarc.org] *On >> Behalf Of *Daniel Brito via dmarc-discuss >> *Sent:* 16. september 2014 15:56 >> *To:* João Oliveirinha >> *Cc:* dmarc-discuss@dmarc.org >> *Subject:* Re: [dmarc-discuss] SPF Check issue on Google Reports >> >> >> >> Hi, thanks for all. >> >> >> >> I verified all the suggestions, but everything is correctly. I don´t have >> IPV6 and the DNS servers return the same results. >> >> Today, i received this report from google: >> >> >> >> <record> >> >> <row> >> >> <source_ip>201.62.46.25</source_ip> >> >> <count>21</count> >> >> . >> >> . >> >> . >> >> <spf> >> >> <domain>prodest.es.gov.br</domain> >> >> <result>pass</result> >> >> </spf> >> >> </auth_results> >> >> </record> >> >> >> >> <record> >> >> <row> >> >> <source_ip>201.62.46.25</source_ip> >> >> <count>1</count> >> >> . >> >> . >> >> . >> >> <spf> >> >> <domain>prodest.es.gov.br</domain> >> >> <result>fail</result> >> >> </spf> >> >> </auth_results> >> >> </record> >> >> >> >> <record> >> >> <row> >> >> <source_ip>201.62.46.25</source_ip> >> >> <count>30</count> >> >> . >> >> . >> >> . >> >> <spf> >> >> <domain>prodest.es.gov.br</domain> >> >> <result>pass</result> >> >> </spf> >> >> </auth_results> >> >> </record> >> >> >> >> <record> >> >> <row> >> >> <source_ip>201.62.46.25</source_ip> >> >> <count>7</count> >> >> . >> >> . >> >> . >> >> <spf> >> >> <domain>prodest.es.gov.br</domain> >> >> <result>fail</result> >> >> </spf> >> >> </auth_results> >> >> </record> >> >> ... >> >> >> >> This information is in one report aggregate, all this messages have >> passed in DKIM verification, so this not impact me. But if it is not a >> error in Google servers, it could be some miss configuration here. >> >> The DMARC registes is : "v=DMARC1; p=reject; sp=none; pct=70; rua=mailto: >> dm...@prodest.es.gov.br" >> >> >> >> Like João Oliveirinha said, it is a minimum percentage of the email that >> fails on SPF and only happen on google report's. >> >> >> >> >> >> Best Regards, >> >> Daniel Brito >> >> >> >> On Mon, Sep 15, 2014 at 7:00 PM, João Oliveirinha < >> dmarc-discuss@dmarc.org> wrote: >> >> I am also seeing some problems with SPF verification by google servers >> recently. >> >> >> >> The majority of cases are "fail" spf responses, but some are >> "permerror"s. Which is strange. I haven't changed my dns records in some >> time, and my dns provider is Cloudflare. >> >> >> >> Either way, this is only ~3% of the emails in the least week, for >> instance. >> >> >> >> >> -- >> >> >> >> [image: Feedzai SA] <http://www.feedzai.com/> >> >> *João Oliveirinha* / Senior Data Scientist >> +351 91 322 43 52/ joao.oliveiri...@feedzai.com (PGP >> <http://pgp.mit.edu/pks/lookup?op=get&search=0xC0E505208B118765>) >> >> *Feedzai SA* Office: +351 211 985 635 >> Edifício Atlantis, Av. João II, Lote 1.06.2.2, 1990-095 Lisboa, Portugal >> http://www.feedzai.com >> >> [image: Linkedin] <http://pt.linkedin.com/in/joliveirinha> >> >> >> >> On Mon, Sep 15, 2014 at 10:13 PM, Dave Warren via dmarc-discuss < >> dmarc-discuss@dmarc.org> wrote: >> >> On 2014-09-15 13:55, Al Iverson via dmarc-discuss wrote: >> >> First thing I would look at is, do all of your DNS servers reliably >> return the same results? If you have 3-4 DNS servers and one of them >> doesn't return the right info, this could conceivably cause what you >> are seeing. >> >> >> One other thought, beyond what Al said... Any chance you've started >> delivering to Google via IPv6, but your SPF only covers your IPv4 IP space? >> >> -- >> Dave Warren >> http://www.hireahit.com/ >> http://ca.linkedin.com/in/davejwarren >> >> >> >> >> _______________________________________________ >> dmarc-discuss mailing list >> dmarc-discuss@dmarc.org >> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >> >> NOTE: Participating in this list means you agree to the DMARC Note Well >> terms (http://www.dmarc.org/note_well.html) >> >> >> >> >> _______________________________________________ >> dmarc-discuss mailing list >> dmarc-discuss@dmarc.org >> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >> >> NOTE: Participating in this list means you agree to the DMARC Note Well >> terms (http://www.dmarc.org/note_well.html) >> >> >> > > _______________________________________________ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) > > >
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
