104.47.37.131 is not covered under spf.protection.outlook.com <http://spf.protection.outlook.com/>:
dig spf.protection.outlook.com TXT > ;; QUESTION SECTION: > ;spf.protection.outlook.com. IN TXT > > ;; ANSWER SECTION: > spf.protection.outlook.com. 500 IN TXT "v=spf1 > ip4:207.46.101.128/26 ip4:207.46.100.0/24 ip4:207.46.163.0/24 > ip4:65.55.169.0/24 ip4:157.56.110.0/23 ip4:157.55.234.0/24 > ip4:213.199.154.0/24 ip4:213.199.180.0/24 include:spfa.protection.outlook.com > -all” Essentially, Ned’s SPF TXT record is saying that emails are valid only if they come from 107.22.254.64, or any of the addresses/records specified in the SPF TXT record for spf.protection.outlook.com <http://spf.protection.outlook.com/>, which as you can see above, doesn’t include the 104. Whois’ing that 104 address shows the entire Class A (for the pedants: yes its classless and I called it a class A anyway; really, i promise, nobody cares) belongs to Microsoft, so if you are sending those messages through Outlook.com <http://outlook.com/> or through an outlook.com <http://outlook.com/> relay, they seemingly haven’t updated their SPF protection ranges to include a new range of servers. -nick — Nick Peelman n...@peelman.us > On Dec 7, 2016, at 11:29 AM, cpol...@surewest.net wrote: > > Edward Ned Harvey (lopser) wrote: >>> From: tech-boun...@lists.lopsa.org [mailto:tech-boun...@lists.lopsa.org] >>> On Behalf Of Edward Ned Harvey (lopser) >>> >>> This sender failed our fraud detection checks and may not be who they appe >>> ar to be. Learn about http://aka.ms/LearnAboutSpoofing >> >> I pasted the headers of this message into the o365 Message Analyzer at >> https://testconnectivity.microsoft.com/ >> It confirms that the message is flagged as spam, but nothing jumps out at me >> to explain *why*. > > I looked up your SPF record: > > $ dig TXT +short nedharvey.com > "v=spf1 ip4:107.22.254.64 include:spf.protection.outlook.com -all" > ^^^^^^^^^^^^^ > > From your headers as I received them it seems your email emits from > a different IP address (104.47.37.131). Not that familiar with SPF, > but could that be an issue? > > * received-spf: None (protection.outlook.com: nedharvey.com > ^^^^^^^^^^^^^ > * does not designate permitted sender hosts) > ^^^^ ^^^ ^^^^^^^^^ ^^^^^^^^^ ^^^^^^ ^^^^^ > > <snip /> > X-Original-Sender: lop...@nedharvey.com > * ^^^^^^^^^^^^^^ > X-Original-Authentication-Results: mx.google.com; dkim=pass > header.i=@nedharvey.onmicrosoft.com; spf=pass (google.com: domain > of > * ^^^^^^^^ > lop...@nedharvey.com designates 104.47.37.131 as permitted sender) > * ^^^^^^^^^^^^^^ ^^^^^^^^^^^^^ ^^^^^^^^^ ^^^^^^ > smtp.mailfrom=lop...@nedharvey.com > * ^^^^^^^^^^^^^^ > > > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
