Yeah, the Kitterman SPF checker barfs on this: Mail sent from this IP address: 118.27.72.15 Mail from (Sender): bou...@amazon.co.jp Mail checked using this SPF policy: v=spf1 include:amazon.com include:spf-bma.mpme.jp include:amazon-spf.mrs.mpub.ne.jp -all Results - Permanent Error SPF Permanent Error: No valid SPF record for included domain: amazon-spf.mrs.mpub.ne.jp: include:amazon-spf.mrs.mpub.ne.jp
Incidentally, my XNND SPF tool links to the Kitterman SPF lookup and will fill out the form for you. If you wanted to see this yourself, you could go to https://xnnd.com/dns.cgi?t=spf&d=amazon.co.jp then put 118.27.72.15 in the IP address field and click the test SPF button and it hands off to the Kitterman tester for the magic to happen. Cheers, Al On Tue, Jun 30, 2020 at 5:58 PM Michael Peddemors via mailop <mailop@mailop.org> wrote: > > Should point out.. they have a messy SPF record right now.. > > host -t TXT amazon.co.jp > amazon.co.jp descriptive text "v=spf1 include:amazon.com > include:spf-bma.mpme.jp include:amazon-spf.mrs.mpub.ne.jp -all" > > host amazon-spf.mrs.mpub.ne.jp > Host amazon-spf.mrs.mpub.ne.jp not found: 3(NXDOMAIN) > > But no reason to go to all the length of DMARC, when it is a lot easier > to stop this outbreak before that level.. > > Anyone can make a policy at SMTP level earlier for this outbreak. > If it doesn't come from an IP in the SPF record.. Or, you can simply > test the MAIL FROM and the PTR record.. > > On 2020-06-30 3:41 p.m., Brian Toresdahl wrote: > > Not trying to be an apologist for Amazon (EC2?), but the domain has a > > DMARC policy, so you could treat it at that level. Are your samples > > failing authentication? > > > > $ dig +short txt _dmarc.amazon.co.jp <http://dmarc.amazon.co.jp> > > "v=DMARC1; p=quarantine; pct=100; > > rua=mailto:dmarc-repo...@bounces.amazon.com > > <mailto:dmarc-repo...@bounces.amazon.com>; > > ruf=mailto:dmarc-repo...@bounces.amazon.com > > <mailto:dmarc-repo...@bounces.amazon.com>" > > > > On Tue, Jun 30, 2020 at 12:25 PM Michael Peddemors via mailop > > <mailop@mailop.org <mailto:mailop@mailop.org>> wrote: > > > > Just a friendly point out.. > > > > Return-Path: <q...@amazon.co.jp <mailto:q...@amazon.co.jp>> > > Received: from v118-27-72-15.thcj.static.cnode.io > > <http://v118-27-72-15.thcj.static.cnode.io> (HELO amazon.co.jp > > <http://amazon.co.jp>) > > (118.27.72.15) > > From: Amazon <q...@amazon.co.jp <mailto:q...@amazon.co.jp>> > > > > If you see a similar combination, you might just want to block it in > > the > > SMTP layer.. > > > > We added it (amazon.co.jp <http://amazon.co.jp>) to our known sender > > forgery list(s), not > > worth worrying about it TOO much, since it is already being tagged as > > Spam, but the size of it is a bit startling.. > > > > Shows as.. > > > > X-Mailer: Microsoft Outlook 16.0 > > X-MagicMail-OS: Windows NT kernel > > > > .. so it could simply be simply a widespread Windows infection, but > > something seems unusual about this outbreak.. > > > > > > > > -- > > "Catch the Magic of Linux..." > > ------------------------------------------------------------------------ > > Michael Peddemors, President/CEO LinuxMagic Inc. > > Visit us at http://www.linuxmagic.com @linuxmagic > > A Wizard IT Company - For More Info http://www.wizard.ca > > "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. > > ------------------------------------------------------------------------ > > 604-682-0300 Beautiful British Columbia, Canada > > > > This email and any electronic data contained are confidential and > > intended > > solely for the use of the individual or entity to which they are > > addressed. > > Please note that any views or opinions presented in this email are > > solely > > those of the author and are not intended to represent those of the > > company. > > > > _______________________________________________ > > mailop mailing list > > mailop@mailop.org <mailto:mailop@mailop.org> > > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > > > > > > > -- > > > > Brian Toresdahl > > > > Product Management > > > > brian.toresd...@nextroll.com <mailto:brian.toresd...@gmail.com> > > > > > > > > > > -- > "Catch the Magic of Linux..." > ------------------------------------------------------------------------ > Michael Peddemors, President/CEO LinuxMagic Inc. > Visit us at http://www.linuxmagic.com @linuxmagic > A Wizard IT Company - For More Info http://www.wizard.ca > "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. > ------------------------------------------------------------------------ > 604-682-0300 Beautiful British Columbia, Canada > > This email and any electronic data contained are confidential and intended > solely for the use of the individual or entity to which they are addressed. > Please note that any views or opinions presented in this email are solely > those of the author and are not intended to represent those of the company. > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Al Iverson // Wombatmail // Chicago Song a day! https://www.wombatmail.com Deliverability! https://spamresource.com And DNS Tools too! https://xnnd.com _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
