Forum

Please or Register to create posts and topics.

Note: SPF mail authentication not set

Hello,

I noticed that SPF (Sender Policy Framework) email authentication is not set for Uncovery emails, excerpt from received email headers:

Authentication-Results: <my mail server>;
dkim=pass (1024-bit rsa key) header.d=uncovery.me header.i=@uncovery.me header.b=JjnecNJl;
dmarc=pass header.from=uncovery.me;
spf=none smtp.mailfrom=apache@uncovery.net smtp.helo=uncovery.net
Received-SPF: none (uncovery.net: No applicable sender policy available) receiver=<my mail server>; identity=mailfrom; envelope-from="apache@uncovery.net";

Perhaps the lack of SPF donates to cases when GMail and perhaps certain other providers mark Uncovery emails as possible spam.

I noticed that your Retrun-Path references domain uncovery.net:

Return-Path: <apache@uncovery.net>

So, you should either tell your Apache to use return address at @uncovery.me, and set up that default domain for SMTP gateway, or add SPF/DKIM/DMARC records for both domains.

Thanks for the notice, I will check that again. I thought I fixed the SPF properly some time ago.

Ok, so I checked this now again, and it seems to be ok. Can you tell me what email you checked this on and with what tool? Here are my results from http://dkimvalidator.com:

DKIM Information:

DKIM Signature

Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uncovery.me;
s=default; t=1462251347;
bh=H1ZQxZGAi/ER7izTUbYbzwk7dDEnB4GP9eoVrkSPDwM=;
h=Date:To:Subject:From:Reply-To;
b=0Ev825nqtxEp9VkG4bMPsMY0N7YBS3Jv7sYNvmuAcCUP76hPMS2Z7Tv2pl7OG2pIS
Anli6dNj0nvrQvLveS4ryf94RyCTyJ9jmARgjQVOiPkco6/UINeOyjfwg0cAjO8jWL
UDAwZ2jYQv0He7cy0RZx0PhJwFqc5sI0xlIq0Kdo=

Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/relaxed
d= Domain: uncovery.me
s= Selector: default
q= Protocol:
bh= H1ZQxZGAi/ER7izTUbYbzwk7dDEnB4GP9eoVrkSPDwM=
h= Signed Headers: Date:To:Subject:From:Reply-To
b= Data: 0Ev825nqtxEp9VkG4bMPsMY0N7YBS3Jv7sYNvmuAcCUP76hPMS2Z7Tv2pl7OG2pIS
Anli6dNj0nvrQvLveS4ryf94RyCTyJ9jmARgjQVOiPkco6/UINeOyjfwg0cAjO8jWL
UDAwZ2jYQv0He7cy0RZx0PhJwFqc5sI0xlIq0Kdo=
Public Key DNS Lookup

Building DNS Query for default._domainkey.uncovery.me
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWlgMCx4FsUf8dCFOanHMGucB5/kVkHMHjmtWBaaJN9rAq6twWTueG0Xy8QwQsHfHFlEtLWKXAGHXoy7LWbA9WDjHjRd8MoEiWJxgF9wmkn+htuEN4rFGcauevUeVWb1QMEVOUo9Q6v78dauFIicd7T+t7p67tMUJgTG+/Na5qCQIDAQAB
Validating Signature

result = pass
Details:

SPF Information:

Using this information that I obtained from the headers

Helo Address = uncovery.net
From Address = minecraft@uncovery.me
From IP = 74.208.45.77
SPF Record Lookup

Looking up TXT SPF record for uncovery.me
Found the following namesevers for uncovery.me: ns06.domaincontrol.com ns05.domaincontrol.com
Retrieved this SPF Record: zone updated 20160503 (TTL = 18860)
using authoritative server (ns06.domaincontrol.com) directly for SPF Check
Result: pass (Mechanism 'ip4:74.208.45.77' matched)

Result code: pass
Local Explanation: uncovery.me: 74.208.45.77 is authorized to use 'minecraft@uncovery.me' in 'mfrom' identity (mechanism 'ip4:74.208.45.77' matched)
spf_header = Received-SPF: pass (uncovery.me: 74.208.45.77 is authorized to use 'minecraft@uncovery.me' in 'mfrom' identity (mechanism 'ip4:74.208.45.77' matched)) receiver=ip-172-31-3-128.us-west-1.compute.internal; identity=mailfrom; envelope-from="minecraft@uncovery.me"; helo=uncovery.net; client-ip=74.208.45.77

SpamAssassin Score: -0.1
Message is NOT marked as spam
Points breakdown:
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

I am using Fastmail.com; the above checks are performed automatically and included into email headers.

You can send email to stayen at warpmail dot net and I will post the current headers.

Yeah I am working right now on installing DKIM/SPF on that domain as well.