Re: [mailop] Mystery SPF softfail at gmail.

Derek Diget Wed, 18 Nov 2015 15:11:50 -0800

On Wed, 18 Nov 2015 at 15:33 -0700, Luke Martinez wrote:
=>Hey team,
=>
=>I've got an interesting SPF softfail occurring for one of our senders.
=>
=>This softfail is readily repeatable and seems to be isolated to this single
=>sender.
=>
=>All necessary records are in place, and their mail passes SPF at all major
=>inbox providers other than gmail.
=>
=>Last resort seems to be a DNS lookup failure on Gmail's side. Can anyone
=>see if I'm missing something silly?


With SPF records there is no need to obfuscate the sending domain 
since it makes troubleshooting harder to impossible.  (See many posts on 
SPF-Help.)

Here is what I see right now[1].

Running SPF query with:
   IP address: 167.89.67.186
       Domain: email.thehubpeople.com
       Sender: 
bounces+2035510-7255-luke.martinez=sendgrid....@email.thehubpeople.com 
(local-part: bounces+2035510-7255-luke.martinez=sendgrid.com)
  HELO Domain: o1.mail_sg1.thehubpeople.com

17:50:16.94: 
----------------------------------------------------------------
17:50:16.94: SPFcheck_host called:
17:50:16.94:       source ip = 167.89.67.186
17:50:16.94:          domain = email.thehubpeople.com
17:50:16.94:          sender = 
bounces+2035510-7255-luke.martinez=sendgrid....@email.thehubpeople.com
17:50:16.94:      local_part = bounces+2035510-7255-luke.martinez=sendgrid.com
17:50:16.94:     helo_domain = o1.mail_sg1.thehubpeople.com
17:50:16.94: 
17:50:16.94:   Looking up "v=spf1" records for email.thehubpeople.com
17:50:16.94:     DNS query status: Pass
17:50:16.94:       "v=spf1 ip4:167.89.67.186 include:sendgrid.net ~all"
17:50:16.94: 
17:50:16.94:   Parsing mechanism: "  ip4 : 167.89.67.186"
17:50:16.94:     Assuming a Pass prefix
17:50:16.94:     Comparing against 167.89.67.186
17:50:16.94:       Matched; returning Pass
17:50:16.95:   Mechanism matched; returning Pass
17:50:16.95: 
17:50:16.95:   Parsing mechanism: "  include : sendgrid.net" (not evaluated)
17:50:16.95: 
17:50:16.95:   Parsing mechanism: "~ all : " (not evaluated)
17:50:16.95: 
17:50:16.95: SPFcheck_host is returning Pass
17:50:16.95: 
----------------------------------------------------------------

So, a SPF MailFrom check would pass.


1: Who knows what DNS looked like earlier (and what Google might have 
cached.)  If I am reading the SOA record the serial number is "23" which 
doesn't leak any info on when a change was made. :(

-- 
***********************************************************************
Derek Diget                            Office of Information Technology
Western Michigan University - Kalamazoo  Michigan  USA - www.wmich.edu/
***********************************************************************




=>Below is a full header:
=>
=>> Delivered-To: luke.marti...@sendgrid.com
=>> Received: by 10.37.10.5 with SMTP id 5csp545399ybk;
=>>         Tue, 17 Nov 2015 06:47:00 -0800 (PST)
=>> X-Received: by 10.107.10.233 with SMTP id
=>> 102mr38147900iok.31.1447771620037;
=>>         Tue, 17 Nov 2015 06:47:00 -0800 (PST)
=>> Return-Path: <bounces+2035510-7255-luke.martinez=
=>> sendgrid....@email.domain.com>
=>> Received: from o1.mail_sg1.DOMAIN.com (o1.mail_sg1.DOMAIN.com.
=>> [167.89.67.186])
=>>         by mx.google.com with ESMTPS id
=>> f11si24972237ioj.131.2015.11.17.06.46.59
=>>         for <luke.marti...@sendgrid.com>
=>>         (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
=>>         Tue, 17 Nov 2015 06:46:59 -0800 (PST)
=>> Received-SPF: softfail (google.com: best guess record for domain of
=>> transitioning bounces+2035510-7255-luke.martinez=
=>> sendgrid....@email.domain.com does not designate 167.89.67.186 as
=>> permitted sender) client-ip=167.89.67.186;
=>> Authentication-Results: mx.google.com;
=>>        spf=softfail (google.com: best guess record for domain of
=>> transitioning bounces+2035510-7255-luke.martinez=
=>> sendgrid....@email.domain.com does not designate 167.89.67.186 as
=>> permitted sender) smtp.mailfrom=bounces+2035510-7255-luke.martinez=
=>> sendgrid....@email.domain.com;
=>>        dkim=pass header.i=@DOMAIN.com;
=>>        dmarc=pass (p=NONE dis=NONE) header.from=DOMAIN.com
=>> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=DOMAIN.com;
=>>   h=content-type:from:mime-version:subject:to; s=m1;
=>>   bh=9pEwAB7wqoG5R88T7P/hW0cn0vg=; b=nU5wIVQOhrCw9obvdFNePBXYVtVRZ
=>>   w4ZRkebUzg+gPmeOPPPVY97NnYUJvg0wSX4nxgoBZCeORxpfQgPGlurZbL4cbNDH
=>>   kVZJ85hrHCCNxe2mgqSj6WPES1BppblBwLeeCi3I4/YVMrZInckQ+EoBX/JtV+H8
=>>   f1E8xty32c/sSQ=
=>> Received: by filter0494p1mdw1.sendgrid.net with SMTP id
=>> filter0494p1mdw1.32759.564B3DCA2A
=>>         2015-11-17 14:46:34.302768619 +0000 UTC
=>> Received: from MjAzNTUxMA (o16789125x222.outbound-mail.sendgrid.net
=>> [167.89.125.222])
=>>   by ismtpd0006p1iad1.sendgrid.net (SG) with HTTP id
=>> Qc2SQ2SmT1GH_bTla6DiMg
=>>   for <luke.marti...@sendgrid.com>; Tue, 17 Nov 2015 14:46:34.248 +0000
=>> (UTC)
=>> Content-Type: multipart/alternative;
=>> boundary=3a3da2a7878431dd1b945889881ae3216018141f8c0222fd3cf0d5daa3b3

_______________________________________________
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Mystery SPF softfail at gmail.

Reply via email to