Hi, On Fri, Dec 11, 2015 at 10:33 AM, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: >> On 10.12.15 22:54, Alex wrote: >>> >>> I don't understand why a message from tripadvisor.com would have >>> SPF_FAIL, and as part of trying to understand how SPF works, I'd like >>> to figure out what's happening. >>> >>> Would someone be able to take a look at this message and figure out >>> why mail from tripadvisor.com fails SPF? >>> >>> http://pastebin.com/36hzGcTs > > > On 11.12.15 08:56, Matus UHLAR - fantomas wrote: >> >> the envelope sender seems to be >> bounce-15_html-74319930-51788793-10834732...@bounce.e.tripadvisor.com >> >> bounce.e.tripadvisor.com seems to have no SPF record, so I also don't >> understand why SPF tests should hit at all, maybe SPF HELO tests... > > disregard, please. I made an mistype when checking the SPF records. > > The main reason why the mail hits SPF_FAIL is that you don't trust even > servers > you receive mail from - first three hops: > > h02p01.smtp.routit.net (h02p01.smtp.routit.net [89.146.30.9]) > pop3.routit.net ([213.144.235.7]) > h03p02.smtp.routit.net (h03p02.smtp.routit.net [89.146.30.18])
Is it possible this message was forwarded, breaking the trust path? Reindal wrote: > who is that? > Received: from h03p02.smtp.routit.net (h03p02.smtp.routit.net [89.146.30.18]) > by pop3.routit.net (Postfix) > with ESMTP id D0A1B42463 >for <wytze.vandenb...@example.nl>; Fri, 11 Dec 2015 02:18:21 +0100 (CET) > > who is that? > Received: from pop3.routit.net ([213.144.235.7]) by h02p01.smtp.routit.net > with ESMTP; 11 > Dec 2015 02:18:26 +0100 > > who is that? > Received: from h02p01.smtp.routit.net (h02p01.smtp.routit.net [89.146.30.9]) > by bwimail02.example.com > (Postfix) with ESMTP id 0F8CA345F25 for <wytze.vandenb...@example.com>; Thu, > 10 Dec > 2015 20:18:38 -0500 (EST) We're not responsible for the example.nl domain, so I don't understand where that came from. Perhaps that account forwarded it to the wytze.vandenb...@example.com (our domain) without any other indications of that having occurred, breaking the trust path? > that are in X-Spam-RelaysUntrusted header. > > the next server in path is: > mta3.e.tripadvisor.com ([66.231.81.9]) > > that passes the SPF test. What did you need to do to test this? Thanks again, Alex
