[dmarc-discuss] SPF Check issue on Google Reports

Franck Martin fmartin at linkedin.com
Wed Sep 17 12:57:57 PDT 2014


Check
https://dmarcian.com/spf-survey/prodest.es.gov.br
There is a warning and the a: is redundant anyhow, I would just suppress it. No need to add an extra DNS query.

your authoritative servers seems fine:
http://www.digwebinterface.com/?hostnames=prodest.es.gov.br&type=TXT&showcommand=on&colorize=on&useresolver=8.8.4.4&ns=auth&nameservers=

Otherwise, yes, Gmaill should not fail that often on this SPF record. 

On Sep 17, 2014, at 8:59 PM, Daniel Brito via dmarc-discuss <dmarc-discuss at dmarc.org> wrote:

> Hi Jesper,
> 
> The statement "a" accept this sintax : "a:<domain>/<prefix-length>". You could check on the this page: http://www.openspf.org/SPF_Record_Syntax
> 
> Also, it is possible to check the spf record on some internet tools. I particularly use this: http://vamsoft.com/support/tools/spf-policy-tester. 
> 
> I will continue analyzing the dmarc report until i feel confident to use on 100% of the mesagens.
> 
> 
> Regards,
> Daniel Brito
> 
> 
> On Wed, Sep 17, 2014 at 2:13 PM, Jesper Knudsen <jesper.knudsen at scanmailx.com> wrote:
> Do not know whether its the reason but your SPF record looks a little odd to me.
> 
>  
> 
> v=spf1 a:ironport.mail.es.gov.br/24 ip4:201.62.46.0/24 ip4:201.62.33.0/24 ~all
> 
>  
> 
> The “a:” statement should not to my knowledge have a “/24” – maybe Google is just getting choked with that.
> 
>  
> 
> Regards,
> 
> Jesper
> 
>  
> 
> From: dmarc-discuss [mailto:dmarc-discuss-bounces at dmarc.org] On Behalf Of Daniel Brito via dmarc-discuss
> Sent: 16. september 2014 15:56
> To: João Oliveirinha
> Cc: dmarc-discuss at dmarc.org
> Subject: Re: [dmarc-discuss] SPF Check issue on Google Reports
> 
>  
> 
> Hi, thanks for all.
> 
>  
> 
> I verified all the suggestions, but everything is correctly. I don´t have IPV6 and the DNS servers return the same results.
> 
> Today, i received this report from google:
> 
>  
> 
> <record>
> 
>     <row>
> 
>       <source_ip>201.62.46.25</source_ip>
> 
>       <count>21</count>
> 
> .
> 
> .
> 
> .
> 
>       <spf>
> 
>         <domain>prodest.es.gov.br</domain>
> 
>         <result>pass</result>
> 
>       </spf>
> 
>     </auth_results>
> 
> </record>
> 
>   
> 
> <record>
> 
>     <row>
> 
>       <source_ip>201.62.46.25</source_ip>
> 
>       <count>1</count>
> 
>     .
> 
> .
> 
> .
> 
>       <spf>
> 
>         <domain>prodest.es.gov.br</domain>
> 
>         <result>fail</result>
> 
>       </spf>
> 
>     </auth_results>
> 
> </record>
> 
>   
> 
> <record>
> 
>     <row>
> 
>       <source_ip>201.62.46.25</source_ip>
> 
>       <count>30</count>
> 
>     .
> 
> .
> 
> .
> 
>       <spf>
> 
>         <domain>prodest.es.gov.br</domain>
> 
>         <result>pass</result>
> 
>       </spf>
> 
>     </auth_results>
> 
> </record>
> 
>  
> 
> <record>
> 
>     <row>
> 
>       <source_ip>201.62.46.25</source_ip>
> 
>       <count>7</count>
> 
>     .
> 
> .
> 
> .
> 
>       <spf>
> 
>         <domain>prodest.es.gov.br</domain>
> 
>         <result>fail</result>
> 
>       </spf>
> 
>     </auth_results>
> 
> </record>
> 
> ...
> 
>  
> 
> This information is in one report aggregate, all this messages have passed in DKIM verification, so this not impact me. But if it is not a error in Google servers, it could be some miss configuration here.
> 
> The DMARC registes is : "v=DMARC1; p=reject; sp=none; pct=70; rua=mailto:dmarc at prodest.es.gov.br"
> 
>  
> 
> Like João Oliveirinha said, it is a minimum percentage of the email that fails on SPF and only happen on google report's.
> 
>  
> 
>  
> 
> Best Regards,
> 
> Daniel Brito
> 
>  
> 
> On Mon, Sep 15, 2014 at 7:00 PM, João Oliveirinha <dmarc-discuss at dmarc.org> wrote:
> 
> I am also seeing some problems with SPF verification by google servers recently.
> 
>  
> 
> The majority of cases are "fail" spf responses, but some are "permerror"s. Which is strange. I haven't changed my dns records in some time, and my dns provider is Cloudflare. 
> 
>  
> 
> Either way, this is only ~3% of the emails in the least week, for instance.
> 
>  
> 
> 
> 
> -- 
> 
>  
> 
> 
> 
> João Oliveirinha / Senior Data Scientist
> +351 91 322 43 52/ joao.oliveirinha at feedzai.com (PGP)
> 
> Feedzai SA Office: +351 211 985 635
> Edifício Atlantis, Av. João II, Lote 1.06.2.2, 1990-095 Lisboa, Portugal
> http://www.feedzai.com
> 
>  
> 
>  
> 
> On Mon, Sep 15, 2014 at 10:13 PM, Dave Warren via dmarc-discuss <dmarc-discuss at dmarc.org> wrote:
> 
> On 2014-09-15 13:55, Al Iverson via dmarc-discuss wrote:
> 
> First thing I would look at is, do all of your DNS servers reliably
> return the same results? If you have 3-4 DNS servers and one of them
> doesn't return the right info, this could conceivably cause what you
> are seeing.
> 
> 
> One other thought, beyond what Al said... Any chance you've started delivering to Google via IPv6, but your SPF only covers your IPv4 IP space?
> 
> -- 
> Dave Warren
> http://www.hireahit.com/
> http://ca.linkedin.com/in/davejwarren
> 
> 
> 
> 
> _______________________________________________
> dmarc-discuss mailing list
> dmarc-discuss at dmarc.org
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
> 
> NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
> 
>  
> 
> 
> _______________________________________________
> dmarc-discuss mailing list
> dmarc-discuss at dmarc.org
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
> 
> NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
> 
>  
> 
> 
> _______________________________________________
> dmarc-discuss mailing list
> dmarc-discuss at dmarc.org
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
> 
> NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20140917/ddfc37c2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20140917/ddfc37c2/attachment.bin>


More information about the dmarc-discuss mailing list