[dmarc-discuss] SPF Check issue on Gmail

Olga Gavrylyako olgag at google.com
Thu Jul 25 09:40:03 PDT 2013


Hi Anshul,
We had a bug, where in
<spf>
        <domain>pm.mtasv.net</domain>
        <result>pass</result>
 </spf>

 we reported result of spf pass for DMARC authentication (spf pass +
alignment), instead of just raw SPF pass. We fixed it this week and rolling
to production.  You are lucky, you hit the day where both reporting version
were alive at some moment of time :)
Starting tomorrow, there will be no such discrepancy.
Olga


On Wed, Jul 24, 2013 at 10:31 AM, Anshul Agrawal <anshulagrawal at gmail.com>wrote:

> Attaching the Aggregate Report received today from Google. The SPF
> 'auth_results' are marked as 'fail' for all the IPs however it should pass.
> Yahoo and Hotmail reports it fine.
>
> For auth_results, RFC says "This element contains DKIM and SPF results,
> uninterpreted with respect to DMARC."
>
> Can someone help identify the issue? Attaching the aggregated report from
> google and hotmail.
>
> Thanks,
> Anshul
>
>
> On Tue, Jul 23, 2013 at 10:17 PM, Anshul Agrawal <anshulagrawal at gmail.com>wrote:
>
>> Hi,
>> I have turned on the DMARC in monitor mode and started receiving the
>> reports from Yahoo, Google, and Hotmail. The third party ESP we use has
>> proper SPF records in place and uses our DKIM ket to sign the mail.
>>
>> Google seems to report, for the same IP and 'Return-Path' domain, SPF
>> fail and pass in the same report. Moreover, one day, all the IPs were
>> reported to fail the SPF check.
>>
>>  Note that in the below messages, SPF checks fail for far more number of
>> times than it is regarded as pass. However, all the test mails that I have
>> sent to Gmail, all of them show SPF pass so far when I check headers and
>> have never failed.
>>
>>   <record>
>>     <row>
>>       <source_ip>50.31.156.116</source_ip>
>>       <count>15</count>
>> ...
>> ...
>>       <spf>
>>         <domain>pm.mtasv.net</domain>
>>         <result>fail</result>
>>       </spf>
>>     </auth_results>
>>    </record>
>>
>> And
>>
>>   <record>
>>     <row>
>>       <source_ip>50.31.156.116</source_ip>
>>       <count>2</count>
>> ...
>> ...
>>       <spf>
>>         <domain>pm.mtasv.net</domain>
>>         <result>pass</result>
>>       </spf>
>>     </auth_results>
>>   </record>
>>
>> IMHO given the same IP and domain, SPF check should not fail for some
>> pass for other requests (given the DNS records are not updated)
>>
>> Am I missing something?
>>
>> Thanks,
>> Anshul
>>
>
>
> _______________________________________________
> dmarc-discuss mailing list
> dmarc-discuss at dmarc.org
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
> NOTE: Participating in this list means you agree to the DMARC Note Well
> terms (http://www.dmarc.org/note_well.html)
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.dmarc.org/pipermail/dmarc-discuss/attachments/20130725/bb6be926/attachment.htm>


More information about the dmarc-discuss mailing list