I like to use https://dmarcian.com/spf-survey/sigiowa.com for checking SPF (and DMARC)
On Fri, Apr 29, 2016 at 9:52 AM, Frank Bulk <frnk...@iname.com> wrote: > We're helping a customer (sigiowa.com) who's having issues sending emails > to > the USDA. Our email server logs this: > Site usda.gov (2a01:111:f400:7c10::10) said after data sent: 450 > 4.7.26 Service does not accept messages sent over IPv6 > [2607:fe28:0:4000::20] unless they pass either SPF or DKIM validation > (message not signed) > > Just this morning I changed their SPF record from this: > "v=spf1 mx ip4:96.31.0.0/24 ip6:2607:fe28:0:1000::/64 > ip6:2607:fe28:0:4000::/64 ~all" > to this: > "v=spf1 ip4:96.31.0.0/24 ip6:2607:fe28:0:4000::20 > ip6:2607:fe28:0:1000::/64 ip6:2607:fe28:0:4000::/64 ~all" > > I added in ip6:2607:fe28:0:4000::20 because I'm wondering if the USDA's > system doesn't properly identify the sending IP of 2607:fe28:0:4000::20 as > part of 2607:fe28:0:4000::/64. I also removed 'mx' because this tool > (http://vamsoft.com/support/tools/spf-policy-tester) was failing on > pulling > the AAAA for each of the domain's four MX records. Try the vamsoft site > with 2607:fe28:0:4000::20 and fb...@premieronline.net to see how > sigiowa.com > used to fail. > > Is Vamsoft's check too stringent? Does it seriously matter that it can't > find the AAAA for the domain's four MX records? Shouldn't an SPF check for > the domain's MX records just look for an A or AAAA? > > Regards, > > Frank > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop