Salesforce has published a SPF record for sending emails from Salesforce for years and with the Spring ’15 release, they will provide the option to sign with DKIM. The SPF record is straight forward, include:_spf.salesforce.com which includes _spf.google.com, _spfblock.salesforce.com, several IP address blocks, mx, and ends with a SoftFail ~all. Salesforce Knowledge Article Number: 000006347 […]
There are 3 types of authentication currently in use for email. DKIM SPF DMARC The different strategies do different things with email. DKIM cryptographically signs emails, preventing changes in transit, and designates a “responsible domain” through the d= value in the signature. SPF compare the sending IP and the envelope from (also known as the bounce string, return […]
According to a recent blog post, Office365 is starting to evaluate incoming messages for DMARC. I talked a little bit about DMARC in April when Yahoo started publishing a p=reject message. DMARC stands for Domain-based Message Authentication, Reporting and Conformance. What DMARC does is allow domain owners to publish policy statements in DNS telling receiver domains […]
Some mornings I check mail from my phone. This showed up this morning. My first thought was “oh, no, Pizza Hut is spamming, wonder who sold them my address.” Then I remembered that iOS is horrible and won’t show you anything other than the Friendly From and maybe it was some weird phishing scheme. When […]
What is SPF? Sender policy framework (SPF, RFC 7208) is an authentication process that ties the 5321.from (also known as the mail from, envelope from or return path) to authorized sending IP addresses. This authorization is published in a TXT record in DNS. Receivers can check SPF at the beginning of a SMTP transaction, compare […]
Last night I was cruising through our local news website. I see the headline New SPF guidelines coming our way. My first thought was, “Wow, SPF made the paper?” Now, I live in the SF Bay area so there are a lot of technology related stories that hit our paper which might not see the […]
I’ve had a couple folks come to me recently for help troubleshooting SPF failures. The error messages said the SPF record was invalid, but by all checks it was valid. Eventually, we tracked the issue down to how many include files were in the SPF record. The SPF specification specifically limits the number of lookups […]
There have been a number of comments on my post about Hotmail moving to SPF authentication having to do with troubleshooting authentication failures. I have been helping clients troubleshoot these issues, and am able to take on new clients to solve authentication problems. Contact me for more information. Of course, many of these issues can […]
Hotmail has recently stopped using Sender ID for email authentication and switched to authenticating with SPF. The protocol differences between SenderID and SPF were subtle and most senders who were getting a pass at Hotmail were already publishing SPF records. From an email in my inbox from September: Authentication-Results: hotmail.com; sender-id=pass (sender IP is 220.127.116.11) […]
Email – and email filtering – makes a lot of use of DNS, and it’s fairly easy to miss something. Here are a few checklists to help: Data you need before you start: What this looks like in email headers:
Return-Path: <verp-gobbledygook@<span style="color: green;">bounces.myesp.com</span>>
Received: from <span style="color: green;">mail4.myesp.com</span> (mail4.myesp.com [<span style="color: green;">192.0.2.4</span>]) by ...
DomainKey-Signature: d=<span style="color: green;">greatbigmarketer.com</span>; s=<span style="color: green;">oct2012.myesp</span>; b= ...
From: Happy Friendly Brand <replies@<span style="color: green;">greatbigbrand.com</span>>
How to check your DNS You can use the simple DNS lookup tools at […]