We're helping a customer (sigiowa.com) who's having issues sending emails to
the USDA. Our email server logs this:
Site usda.gov (2a01:111:f400:7c10::10) said after data sent: 450
4.7.26 Service does not accept messages sent over IPv6
[2607:fe28:0:4000::20] unless they pass either SPF or DKIM validation
(message not signed)
Just this morning I changed their SPF record from this:
"v=spf1 mx ip4:96.31.0.0/24 ip6:2607:fe28:0:1000::/64
ip6:2607:fe28:0:4000::/64 ~all"
to this:
"v=spf1 ip4:96.31.0.0/24 ip6:2607:fe28:0:4000::20
ip6:2607:fe28:0:1000::/64 ip6:2607:fe28:0:4000::/64 ~all"
I added in ip6:2607:fe28:0:4000::20 because I'm wondering if the USDA's
system doesn't properly identify the sending IP of 2607:fe28:0:4000::20 as
part of 2607:fe28:0:4000::/64. I also removed 'mx' because this tool
(http://vamsoft.com/support/tools/spf-policy-tester) was failing on pulling
the AAAA for each of the domain's four MX records. Try the vamsoft site
with 2607:fe28:0:4000::20 and fb...@premieronline.net to see how sigiowa.com
used to fail.
Is Vamsoft's check too stringent? Does it seriously matter that it can't
find the AAAA for the domain's four MX records? Shouldn't an SPF check for
the domain's MX records just look for an A or AAAA?
Regards,
Frank
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
