Mailing List Archive: SPF: Help

Google app SPF test keep failing

Index | Next | Previous | View Threaded

michael at epoch

Jun 28, 2009, 2:11 AM

Post #1 of 5 (1244 views)
Permalink

Google app SPF test keep failing

Hi,

I am trying to setup an SPF record for the domain canaan.net.il So comments
from a web form will pass the SPF test.

The details are:

Sender: dontreplay [at] canaan
Server: 212.150.236.132

I added SPF & TXT records, both the same:
"v=spf1 ip4:212.150.236.0/24 a mx a:cs1.canaan.net.il a:
mail100.canaan.net.il ~all"
( This is only one of the variation I tested )

I passed the test successfully using: http://www.vamsoft.com/spfcheck.asp

But when the destination is a domain under Google app, I get the following
error:

Received-SPF: neutral (google.com: 212.150.236.132 is neither permitted nor
denied by best guess record for domain of www-data [at] mail100)
client-ip=212.150.236.132;
Authentication-Results: mx.google.com; spf=neutral (google.com:
212.150.236.132 is neither permitted nor denied by best guess record for
domain of www-data [at] mail100) smtp.mail=
www-data [at] mail100

I am actually clueless, any tip will be mostly appreciated?

Thanks,
Michael

--------------------------------------------------
Michael Ben-Nes - Internet Consultant and Director.
http://www.epoch.co.il - weaving the Net.
Cellular: 054-4848113
--------------------------------------------------

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

rob.macgregor at gmail

Jun 28, 2009, 8:49 AM

Post #2 of 5 (1157 views)
Permalink

Re: Google app SPF test keep failing [In reply to]

On Sun, Jun 28, 2009 at 10:11, Michael Ben-Nes<michael [at] epoch> wrote:
> Hi,
>
> I am trying to setup an SPF record for the domain canaan.net.il So comments
> from a web form will pass the SPF test.
>
> The details are:
>
> Sender: dontreplay [at] canaan
> Server: 212.150.236.132
>
> I added SPF & TXT records, both the same:
> "v=spf1 ip4:212.150.236.0/24 a mx a:cs1.canaan.net.il a:
> mail100.canaan.net.il ~all"
> ( This is only one of the variation I tested )
>
> I passed the test successfully using: http://www.vamsoft.com/spfcheck.asp
>
> But when the destination is a domain under Google app, I get the following
> error:
>
> Received-SPF: neutral (google.com: 212.150.236.132 is neither permitted nor
> denied by best guess record for domain of www-data [at] mail100)
> client-ip=212.150.236.132;
> Authentication-Results: mx.google.com; spf=neutral (google.com:
> 212.150.236.132 is neither permitted nor denied by best guess record for
> domain of www-data [at] mail100) smtp.mail=
> www-data [at] mail100

Did your read that error message? The domain being checked is
mail100.canaan.net.il, not canaan.net.il. This is because the mail is
from www-data [at] mail100, not dontreplay [at] canaan

Beyond that, your SPF record has redundancies. You can drop
everything after the /24 subnet as all hosts that follow are within
that /24.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

edi at thinktwice

Jun 28, 2009, 9:45 AM

Post #3 of 5 (1157 views)
Permalink

Re: Google app SPF test keep failing [In reply to]

Rob MacGregor wrote:
> On Sun, Jun 28, 2009 at 10:11, Michael Ben-Nes<michael [at] epoch> wrote:
>
>> Hi,
>>
>> I am trying to setup an SPF record for the domain canaan.net.il So comments
>> from a web form will pass the SPF test.
>>
>> The details are:
>>
>> Sender: dontreplay [at] canaan
>> Server: 212.150.236.132
>>
>> I added SPF & TXT records, both the same:
>> "v=spf1 ip4:212.150.236.0/24 a mx a:cs1.canaan.net.il a:
>> mail100.canaan.net.il ~all"
>> ( This is only one of the variation I tested )
>>
>> I passed the test successfully using: http://www.vamsoft.com/spfcheck.asp
>>
>> But when the destination is a domain under Google app, I get the following
>> error:
>>
>> Received-SPF: neutral (google.com: 212.150.236.132 is neither permitted nor
>> denied by best guess record for domain of www-data [at] mail100)
>> client-ip=212.150.236.132;
>> Authentication-Results: mx.google.com; spf=neutral (google.com:
>> 212.150.236.132 is neither permitted nor denied by best guess record for
>> domain of www-data [at] mail100) smtp.mail=
>> www-data [at] mail100
>>
>
> Did your read that error message? The domain being checked is
> mail100.canaan.net.il, not canaan.net.il. This is because the mail is
> from www-data [at] mail100, not dontreplay [at] canaan
>
> Beyond that, your SPF record has redundancies. You can drop
> everything after the /24 subnet as all hosts that follow are within
> that /24.
>
>
are you hosting by yourself this domain ? i mean do you have your own
server in which runs DNS server / E-mail server software ?
assuming you do in ip4 directive under SPF records you should put the ip
of the server which runs dns or/and
e-mail server software.
if record zone mail100.canaan.net.il is on the isp server then there
are few hopes
meaning that if your isp do not want to add spf record for your
mail100.canaan.net.il or at least to have
made a PTR record pointing to your public ip of your dns server there is
nothing that you can do about it.

you could try: "v=spf1 ip4:212.150.236.132/32 a mx
include:canaan.net.il ~all"

first of all you should run some test from www.howismydns.com ; you'll observe
that there are some issues with your /etc/bind/named.conf and your domain zone.
if need help i could help you in this matter

second, here is what an e-mail check zone returns:

*Email Server*

*Reverse Resource Records*

mail.canaan.net.il

cs2.canaan.net.il

mail100.canaan.net.il

212-150-236-130.barak.net.il

so when you send mail from your ISP Config (i dare to guess) google is
checking mail100.canaan.net.il which returns an PTR record from your ISP
212-150-236-130.barak.net.il where there is no SPF record.
ask politly your ISP to change PTR record for 132.236.150.212.in-addr.arpa zone
in which to add mail100.canaan.net.il to PTR record and not as it is :

*Name*

*Type*

*TTL*

*Record data*

132.236.150.212.in-addr.arpa

PTR

86400

*212-150-236-132.barak.net.il*

sincerly yours,

--
Mitrea Eduard
network admin & web developer
edi [at] thinktwice
www.thinktwice.ro
Tel.: +(40)-745.997.451
Fax: +(40)-348.434.566

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

michael at epoch

Jun 28, 2009, 11:44 AM

Post #4 of 5 (1144 views)
Permalink

Re: Google app SPF test keep failing [In reply to]

Thanks, I noticed my error and fixed it.

I added:
mail100.canaan.net.il TXT "v=spf1 ip4:212.150.236.0/24 ~all"

--------------------------------------------------
Michael Ben-Nes - Internet Consultant and Director.
http://www.epoch.co.il - weaving the Net.
Cellular: 054-4848113
--------------------------------------------------

On Sun, Jun 28, 2009 at 6:49 PM, Rob MacGregor <rob.macgregor [at] gmail>wrote:

> On Sun, Jun 28, 2009 at 10:11, Michael Ben-Nes<michael [at] epoch> wrote:
> > Hi,
> >
> > I am trying to setup an SPF record for the domain canaan.net.il So
> comments
> > from a web form will pass the SPF test.
> >
> > The details are:
> >
> > Sender: dontreplay [at] canaan
> > Server: 212.150.236.132
> >
> > I added SPF & TXT records, both the same:
> > "v=spf1 ip4:212.150.236.0/24 a mx a:cs1.canaan.net.il a:
> > mail100.canaan.net.il ~all"
> > ( This is only one of the variation I tested )
> >
> > I passed the test successfully using:
> http://www.vamsoft.com/spfcheck.asp
> >
> > But when the destination is a domain under Google app, I get the
> following
> > error:
> >
> > Received-SPF: neutral (google.com: 212.150.236.132 is neither permitted
> nor
> > denied by best guess record for domain of www-data [at] mail100
> )
> > client-ip=212.150.236.132;
> > Authentication-Results: mx.google.com; spf=neutral (google.com:
> > 212.150.236.132 is neither permitted nor denied by best guess record for
> > domain of www-data [at] mail100) smtp.mail=
> > www-data [at] mail100
>
> Did your read that error message? The domain being checked is
> mail100.canaan.net.il, not canaan.net.il. This is because the mail is
> from www-data [at] mail100, not dontreplay [at] canaan
>
> Beyond that, your SPF record has redundancies. You can drop
> everything after the /24 subnet as all hosts that follow are within
> that /24.
>
> --
> Please keep list traffic on the list.
>
> Rob MacGregor
> Whoever fights monsters should see to it that in the process he
> doesn't become a monster. Friedrich Nietzsche
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

michael at epoch

Jun 28, 2009, 11:46 AM

Post #5 of 5 (1146 views)
Permalink

Re: Google app SPF test keep failing [In reply to]

Thanks,

Yes, I manage this DNS, though the server is that old that its about time to
reinstall :)
Thanks for the useful link.

--------------------------------------------------
Michael Ben-Nes - Internet Consultant and Director.
http://www.epoch.co.il - weaving the Net.
Cellular: 054-4848113
--------------------------------------------------

On Sun, Jun 28, 2009 at 7:45 PM, Edi Mitrea <edi [at] thinktwice> wrote:

> Rob MacGregor wrote:
>
>> On Sun, Jun 28, 2009 at 10:11, Michael Ben-Nes<michael [at] epoch>
>> wrote:
>>
>>
>>> Hi,
>>>
>>> I am trying to setup an SPF record for the domain canaan.net.il So
>>> comments
>>> from a web form will pass the SPF test.
>>>
>>> The details are:
>>>
>>> Sender: dontreplay [at] canaan
>>> Server: 212.150.236.132
>>>
>>> I added SPF & TXT records, both the same:
>>> "v=spf1 ip4:212.150.236.0/24 a mx a:cs1.canaan.net.il a:
>>> mail100.canaan.net.il ~all"
>>> ( This is only one of the variation I tested )
>>>
>>> I passed the test successfully using:
>>> http://www.vamsoft.com/spfcheck.asp
>>>
>>> But when the destination is a domain under Google app, I get the
>>> following
>>> error:
>>>
>>> Received-SPF: neutral (google.com: 212.150.236.132 is neither permitted
>>> nor
>>> denied by best guess record for domain of www-data [at] mail100
>>> )
>>> client-ip=212.150.236.132;
>>> Authentication-Results: mx.google.com; spf=neutral (google.com:
>>> 212.150.236.132 is neither permitted nor denied by best guess record for
>>> domain of www-data [at] mail100) smtp.mail=
>>> www-data [at] mail100
>>>
>>>
>>
>> Did your read that error message? The domain being checked is
>> mail100.canaan.net.il, not canaan.net.il. This is because the mail is
>> from www-data [at] mail100, not dontreplay [at] canaan
>>
>> Beyond that, your SPF record has redundancies. You can drop
>> everything after the /24 subnet as all hosts that follow are within
>> that /24.
>>
>>
>>
> are you hosting by yourself this domain ? i mean do you have your own
> server in which runs DNS server / E-mail server software ?
> assuming you do in ip4 directive under SPF records you should put the ip of
> the server which runs dns or/and
> e-mail server software.
> if record zone mail100.canaan.net.il is on the isp server then there are
> few hopes
> meaning that if your isp do not want to add spf record for your
> mail100.canaan.net.il or at least to have
> made a PTR record pointing to your public ip of your dns server there is
> nothing that you can do about it.
>
> you could try: "v=spf1 ip4:212.150.236.132/32 a mx include:
> canaan.net.il ~all"
>
> first of all you should run some test from www.howismydns.com ; you'll
> observe
> that there are some issues with your /etc/bind/named.conf and your domain
> zone.
> if need help i could help you in this matter
>
> second, here is what an e-mail check zone returns:
>
> *Email Server*
>
>
>
> *Reverse Resource Records*
>
> mail.canaan.net.il
>
>
> cs2.canaan.net.il
> mail100.canaan.net.il
>
>
> 212-150-236-130.barak.net.il
> so when you send mail from your ISP Config (i dare to guess) google is
> checking mail100.canaan.net.il which returns an PTR record from your ISP
> 212-150-236-130.barak.net.il where there is no SPF record. ask politly
> your ISP to change PTR record for 132.236.150.212.in-addr.arpa zone in which
> to add mail100.canaan.net.il to PTR record and not as it is :
>
> *Name*
>
>
>
> *Type*
>
>
>
> *TTL*
>
>
>
> *Record data*
>
> 132.236.150.212.in-addr.arpa
>
>
>
> PTR
>
>
>
> 86400
>
>
>
> *212-150-236-132.barak.net.il*
>
> sincerly yours,
>
>
> --
> Mitrea Eduard
> network admin & web developer
> edi [at] thinktwice
> www.thinktwice.ro
> Tel.: +(40)-745.997.451
> Fax: +(40)-348.434.566
>
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads