subject:"\[mailop\] Emailed notifications from facebook failing SPF checks"

Re: [mailop] Emailed notifications from facebook failing SPF checks

2019-07-25 Thread Udeme Ukutt via mailop

Frank, I forwarded this to someone there to ping you directly.

Udeme

On Thu, Jul 25, 2019 at 9:32 AM Frank Bulk via mailop 
wrote:

> Our spam filtering vendor recently upgraded their platform and has improved
> their SPF checking feature set.  We can now tag on Permanent Failures,
> which
> we couldn't do before.
>
> We also noticed that email from notificat...@facebookmail.com was having a
> Soft Failure.  Turns out that facebook issues "mx-out.facebook.com" on the
> HELO/EHLO, and that FQDN's SPF record doesn't include all the items that
> are
> listed in facebookmail.com's SPF record.
>
> root@nagios:/tmp# dig TXT mx-out.facebook.com +short | grep spf
> "v=spf1 a ~all"
> root@nagios:/tmp# dig TXT facebookmail.com +short | grep spf
> "v=spf1 ip4:66.220.144.128/25 ip4:66.220.155.0/24 ip4:66.220.157.0/25
> ip4:69.63.178.128/25 ip4:69.63.181.0/24 ip4:69.63.184.0/25" "
> ip4:69.171.232.0/24 ip4:69.171.244.0/23 -all"
> root@nagios:/tmp#
>
> Best I can understand from the IETF RFC, it is appropriate to check the
> HELO: https://tools.ietf.org/html/rfc7208#section-2.3
>
> Anyone from fb on this list, or is there someone who knows the email or DNS
> folk at facebook and can forward this to them for consideration?
>
> Regards,
>
> Frank
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Emailed notifications from facebook failing SPF checks

2019-07-25 Thread Michael Peddemors via mailop


Speaking about Facebook.. wish they standardized naming conventions ..
They seem to also have a real problem with sending to invalid email 
addresses, of course with their size it could simply be thousands of ppl 
with fat fingers but..


Would be nice to clearly know the behavioral differences between:

66.220.144.1701 
66-220-144-170.mail-campmail.facebook.com
   66.220.144.200 2 
66-220-144-200.mail-pages.facebook.com
   66.220.144.224 1 
66-220-144-224.mail-pages.facebook.com
66.220.155.1703 
66-220-155-170.mail-campmail.facebook.com
   66.220.155.172 7 
66-220-155-172.mail-campmail.facebook.com
   66.220.155.173 7 
66-220-155-173.mail-campmail.facebook.com


 .. and ..

66.220.144.143  (RS)  1   66-220-144-143.mail-mail.facebook.com
   66.220.144.14438   66-220-144-144.mail-mail.facebook.com
   66.220.144.14533   66-220-144-145.mail-mail.facebook.com
   66.220.144.14630   66-220-144-146.mail-mail.facebook.com
   66.220.144.14733   66-220-144-147.mail-mail.facebook.com
   66.220.144.14836   66-220-144-148.mail-mail.facebook.com
   66.220.144.14933   66-220-144-149.mail-mail.facebook.com
   66.220.144.15031   66-220-144-150.mail-mail.facebook.com
66.220.155.1359   66-220-155-135.mail-mail.facebook.com
   66.220.155.136 9   66-220-155-136.mail-mail.facebook.com
   66.220.155.137 8   66-220-155-137.mail-mail.facebook.com
   66.220.155.139 5   66-220-155-139.mail-mail.facebook.com
   66.220.155.140 7   66-220-155-140.mail-mail.facebook.com
   66.220.155.141 9   66-220-155-141.mail-mail.facebook.com
   66.220.155.14210   66-220-155-142.mail-mail.facebook.com
   66.220.155.143 8   66-220-155-143.mail-mail.facebook.com
   66.220.155.144 5   66-220-155-144.mail-mail.facebook.com
   66.220.155.145 8   66-220-155-145.mail-mail.facebook.com
   66.220.155.146 8   66-220-155-146.mail-mail.facebook.com
   66.220.155.147 9   66-220-155-147.mail-mail.facebook.com
   66.220.155.148 9   66-220-155-148.mail-mail.facebook.com
   66.220.155.149 8   66-220-155-149.mail-mail.facebook.com
   66.220.155.15011   66-220-155-150.mail-mail.facebook.com
   66.220.155.15138   66-220-155-151.mail-mail.facebook.com
   66.220.155.15235   66-220-155-152.mail-mail.facebook.com
   66.220.155.153   (RS)  2   66-220-155-153.mail-mail.facebook.com
   66.220.155.15435   66-220-155-154.mail-mail.facebook.com
   66.220.155.15543   66-220-155-155.mail-mail.facebook.com
   66.220.155.15639   66-220-155-156.mail-mail.facebook.com
   66.220.155.15744   66-220-155-157.mail-mail.facebook.com
   66.220.155.15841   66-220-155-158.mail-mail.facebook.com

 .. and ..

69.171.232.128   18   69-171-232-128.mail-mail.facebook.com
   69.171.232.12915   69-171-232-129.mail-mail.facebook.com
   69.171.232.13013   69-171-232-130.mail-mail.facebook.com
   69.171.232.13113   69-171-232-131.mail-mail.facebook.com
   69.171.232.13212   69-171-232-132.mail-mail.facebook.com
   69.171.232.13312   69-171-232-133.mail-mail.facebook.com
   69.171.232.13415   69-171-232-134.mail-mail.facebook.com
   69.171.232.13517   69-171-232-135.mail-mail.facebook.com
   69.171.232.13616   69-171-232-136.mail-mail.facebook.com
   69.171.232.13717   69-171-232-137.mail-mail.facebook.com
   69.171.232.13815   69-171-232-138.mail-mail.facebook.com
   69.171.232.13914   69-171-232-139.mail-mail.facebook.com
   69.171.232.14034   69-171-232-140.mail-mail.facebook.com
   69.171.232.14138   69-171-232-141.mail-mail.facebook.com
   69.171.232.14231   69-171-232-142.mail-mail.facebook.com
   69.171.232.14332   69-171-232-143.mail-mail.facebook.com
   69.171.232.14436   69-171-232-144.mail-mail.facebook.com
   69.171.232.14535   69-171-232-145.mail-mail.facebook.com
   69.171.232.14645   69-171-232-146.mail-mail.facebook.com
   69.171.232.14742   69-171-232-147.mail-mail.facebook.com
   69.171.232.14847   69-171-232-148.mail-mail.facebook.com
   69.171.232.14947   69-171-232-149.mail-mail.facebook.com
   69.171.232.15043   69-171-232-150.mail-mail.facebook.com
   69.171.232.15148   69-171-232-151.mail-mail.facebook.com

As you can see t

[mailop] Emailed notifications from facebook failing SPF checks

2019-07-25 Thread Frank Bulk via mailop

Our spam filtering vendor recently upgraded their platform and has improved
their SPF checking feature set.  We can now tag on Permanent Failures, which
we couldn't do before.

We also noticed that email from notificat...@facebookmail.com was having a
Soft Failure.  Turns out that facebook issues "mx-out.facebook.com" on the
HELO/EHLO, and that FQDN's SPF record doesn't include all the items that are
listed in facebookmail.com's SPF record.  

root@nagios:/tmp# dig TXT mx-out.facebook.com +short | grep spf
"v=spf1 a ~all"
root@nagios:/tmp# dig TXT facebookmail.com +short | grep spf
"v=spf1 ip4:66.220.144.128/25 ip4:66.220.155.0/24 ip4:66.220.157.0/25
ip4:69.63.178.128/25 ip4:69.63.181.0/24 ip4:69.63.184.0/25" "
ip4:69.171.232.0/24 ip4:69.171.244.0/23 -all"
root@nagios:/tmp#

Best I can understand from the IETF RFC, it is appropriate to check the
HELO: https://tools.ietf.org/html/rfc7208#section-2.3

Anyone from fb on this list, or is there someone who knows the email or DNS
folk at facebook and can forward this to them for consideration?

Regards,

Frank 


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Emailed notifications from facebook failing SPF checks

Re: [mailop] Emailed notifications from facebook failing SPF checks

[mailop] Emailed notifications from facebook failing SPF checks

3 matches

Site Navigation

Mail list logo

Footer information