On Tue, Sep 30, 2025 at 1:27 PM Royce Williams via mailop <[email protected]> wrote:
> > Today, Yahoo is explicitly erroring with "SPF failed" when it did not. > From my testing, the actual rejections were happening because the DMARC > "p=" was set to "none" > Your assumption is incorrect. > I have at least one example (alpca.org > <https://urldefense.com/v3/__http://alpca.org__;!!Op6eflyXZCqGR5I!GlNZ5HjfVg_FI1FpANbqJMeYWNLlE-xFpAeQm5eiNyGJCUTftEHBAuIVKfwzlKBU_mxKxdPL8SOa_lI378uq$>) > where SPF was valid (though messy): > > alpca.org > <https://urldefense.com/v3/__http://alpca.org__;!!Op6eflyXZCqGR5I!GlNZ5HjfVg_FI1FpANbqJMeYWNLlE-xFpAeQm5eiNyGJCUTftEHBAuIVKfwzlKBU_mxKxdPL8SOa_lI378uq$> > descriptive text "v=spf1 +a +mx +ip4:207.58.131.169 +ip4:207.58.131.172 > +ip4:207.58.131.168/29 > <https://urldefense.com/v3/__http://207.58.131.168/29__;!!Op6eflyXZCqGR5I!GlNZ5HjfVg_FI1FpANbqJMeYWNLlE-xFpAeQm5eiNyGJCUTftEHBAuIVKfwzlKBU_mxKxdPL8SOa_nAak9-D$> > +include:_spf.google.com > <https://urldefense.com/v3/__http://spf.google.com__;!!Op6eflyXZCqGR5I!GlNZ5HjfVg_FI1FpANbqJMeYWNLlE-xFpAeQm5eiNyGJCUTftEHBAuIVKfwzlKBU_mxKxdPL8SOa_prjKhEp$> > ~all" > I guess you are using this domain as a "send as" alias on a Gmail set up. If you do that, Gmail will use "gmail.com" as the SPF From, not your domain. So that SPF record is not even consulted. Gmail.coms record is consulted. We require (most) senders to authenticate their traffic with either SPF or DKIM and either the SPF or DKIM domain need to align with the "header from" domain. I further guess that your emails are missing a DKIM signature and SPF is probably not aligned if I am right about how you send those emails (via gmail). Btw: That link in the smtp bounce messages leads to a page which explains this to you and the steps you can take to fix this. -- Marcel
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
