[dmarc-discuss] SPF Check issue on Google Reports

Daniel Brito danielcobd at gmail.com
Wed Sep 17 11:59:25 PDT 2014


Hi Jesper,

The statement "a" accept this sintax : "a:<domain>/<prefix-length>". You
could check on the this page: http://www.openspf.org/SPF_Record_Syntax

Also, it is possible to check the spf record on some internet tools. I
particularly use this: http://vamsoft.com/support/tools/spf-policy-tester.

I will continue analyzing the dmarc report until i feel confident to use on
100% of the mesagens.


Regards,
Daniel Brito


On Wed, Sep 17, 2014 at 2:13 PM, Jesper Knudsen <
jesper.knudsen at scanmailx.com> wrote:

> Do not know whether its the reason but your SPF record looks a little odd
> to me.
>
>
>
> v=spf1 a:ironport.mail.es.gov.br/24 ip4:201.62.46.0/24 ip4:201.62.33.0/24
> ~all
>
>
>
> The “a:” statement should not to my knowledge have a “/24” – maybe Google
> is just getting choked with that.
>
>
>
> Regards,
>
> Jesper
>
>
>
> *From:* dmarc-discuss [mailto:dmarc-discuss-bounces at dmarc.org] *On Behalf
> Of *Daniel Brito via dmarc-discuss
> *Sent:* 16. september 2014 15:56
> *To:* João Oliveirinha
> *Cc:* dmarc-discuss at dmarc.org
> *Subject:* Re: [dmarc-discuss] SPF Check issue on Google Reports
>
>
>
> Hi, thanks for all.
>
>
>
> I verified all the suggestions, but everything is correctly. I don´t have
> IPV6 and the DNS servers return the same results.
>
> Today, i received this report from google:
>
>
>
> <record>
>
>     <row>
>
>       <source_ip>201.62.46.25</source_ip>
>
>       <count>21</count>
>
> .
>
> .
>
> .
>
>       <spf>
>
>         <domain>prodest.es.gov.br</domain>
>
>         <result>pass</result>
>
>       </spf>
>
>     </auth_results>
>
> </record>
>
>
>
> <record>
>
>     <row>
>
>       <source_ip>201.62.46.25</source_ip>
>
>       <count>1</count>
>
>     .
>
> .
>
> .
>
>       <spf>
>
>         <domain>prodest.es.gov.br</domain>
>
>         <result>fail</result>
>
>       </spf>
>
>     </auth_results>
>
> </record>
>
>
>
> <record>
>
>     <row>
>
>       <source_ip>201.62.46.25</source_ip>
>
>       <count>30</count>
>
>     .
>
> .
>
> .
>
>       <spf>
>
>         <domain>prodest.es.gov.br</domain>
>
>         <result>pass</result>
>
>       </spf>
>
>     </auth_results>
>
> </record>
>
>
>
> <record>
>
>     <row>
>
>       <source_ip>201.62.46.25</source_ip>
>
>       <count>7</count>
>
>     .
>
> .
>
> .
>
>       <spf>
>
>         <domain>prodest.es.gov.br</domain>
>
>         <result>fail</result>
>
>       </spf>
>
>     </auth_results>
>
> </record>
>
> ...
>
>
>
> This information is in one report aggregate, all this messages have passed
> in DKIM verification, so this not impact me. But if it is not a error in
> Google servers, it could be some miss configuration here.
>
> The DMARC registes is : "v=DMARC1; p=reject; sp=none; pct=70; rua=mailto:
> dmarc at prodest.es.gov.br"
>
>
>
> Like João Oliveirinha said, it is a minimum percentage of the email that
> fails on SPF and only happen on google report's.
>
>
>
>
>
> Best Regards,
>
> Daniel Brito
>
>
>
> On Mon, Sep 15, 2014 at 7:00 PM, João Oliveirinha <dmarc-discuss at dmarc.org>
> wrote:
>
> I am also seeing some problems with SPF verification by google servers
> recently.
>
>
>
> The majority of cases are "fail" spf responses, but some are "permerror"s.
> Which is strange. I haven't changed my dns records in some time, and my dns
> provider is Cloudflare.
>
>
>
> Either way, this is only ~3% of the emails in the least week, for instance.
>
>
>
>
> --
>
>
>
> [image: Feedzai SA] <http://www.feedzai.com/>
>
> *João Oliveirinha* / Senior Data Scientist
> +351 91 322 43 52/ joao.oliveirinha at feedzai.com (PGP
> <http://pgp.mit.edu/pks/lookup?op=get&search=0xC0E505208B118765>)
>
> *Feedzai SA* Office: +351 211 985 635
> Edifício Atlantis, Av. João II, Lote 1.06.2.2, 1990-095 Lisboa, Portugal
> http://www.feedzai.com
>
> [image: Linkedin] <http://pt.linkedin.com/in/joliveirinha>
>
>
>
> On Mon, Sep 15, 2014 at 10:13 PM, Dave Warren via dmarc-discuss <
> dmarc-discuss at dmarc.org> wrote:
>
> On 2014-09-15 13:55, Al Iverson via dmarc-discuss wrote:
>
> First thing I would look at is, do all of your DNS servers reliably
> return the same results? If you have 3-4 DNS servers and one of them
> doesn't return the right info, this could conceivably cause what you
> are seeing.
>
>
> One other thought, beyond what Al said... Any chance you've started
> delivering to Google via IPv6, but your SPF only covers your IPv4 IP space?
>
> --
> Dave Warren
> http://www.hireahit.com/
> http://ca.linkedin.com/in/davejwarren
>
>
>
>
> _______________________________________________
> dmarc-discuss mailing list
> dmarc-discuss at dmarc.org
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
> NOTE: Participating in this list means you agree to the DMARC Note Well
> terms (http://www.dmarc.org/note_well.html)
>
>
>
>
> _______________________________________________
> dmarc-discuss mailing list
> dmarc-discuss at dmarc.org
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
> NOTE: Participating in this list means you agree to the DMARC Note Well
> terms (http://www.dmarc.org/note_well.html)
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20140917/4f5210a2/attachment.html>


More information about the dmarc-discuss mailing list