Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

DMARC says SPF fail even with SPF record [closed]

Tags:

email

amazon-web-services

spf

I have the following SPF record under the pixelark.com domain:

v=spf1 ip4:70.164.0.71  include:amazonses.com include:_spf.google.com ~all

The ip4 address is the webserver, the amazonses.com is used for Amazon SES. It is the amazon SES that is giving me the issue.

This is one of many example DMARC results I get when sending email through amazon SES.

<record>
 <row>
  <source_ip>204.197.248.33</source_ip>
  <count>1</count>
  <policy_evaluated>
    <disposition>none</disposition>
    <dkim>pass</dkim>
    <spf>fail</spf>
  </policy_evaluated>
 </row>
 <identifiers>
  <header_from>pixelark.com</header_from>
 </identifiers>
 <auth_results>
  <dkim>
    <domain>pixelark.com</domain>
    <result>pass</result>
  </dkim>
  <spf>
    <domain>amazonses.com</domain>
    <result>fail</result>
  </spf>
 </auth_results>
</record>

I am sending an email from [email protected] through Amazon SES. I have amazonses.com as a valid sender in the SPF record but the DMARC is showing an SPF fail.

I cannot figure out why this is happening? I have not been able to figure this one out. Any help would be greatly appreciated.

like image 435
SpecialK Avatar asked Dec 19 '22 14:12

SpecialK

2 Answers

From first glance this could be related to DMARC requiring your Mail From (return-path) and From address domains to match. When you use an Email Service Provider they will usually have their own email address to capture bounces, which causes DMARC to fail with SPF.

We built a free labs project to track DMARC results. It might help you discover more sources. You can see it at http://dmarc.postmarkapp.com.

like image 96
user1214220 Avatar answered Jan 10 '23 01:01

user1214220

As mentioned in the comments, the email was sent from an IP address resolving to texas.adwebvertising.com. Often times you will find forwarded emails in your DMARC aggregate reports.

In this case the email seems to have been routed through AmazonSES and forwarded by the intended recipient. The receiving server of the forwarded message reports a failed SPF check, as expected for forwarded messages.

In the current configuration, the addition of AmazonSES to your domain's SPF record doesn't help, since the bounce address is set to the amazonses.com domain.

You can alter this configuration in AmazonSES to use a subdomain of your domain for the bounce address (return-path) on which SPF check is performed. That way it aligns with your domain and will PASS DMARC on SPF.

like image 36
Reinto Avatar answered Jan 10 '23 00:01

Reinto
Sign in to Comment

Related questions

I can't send emails on Ubuntu server [javax.net.ssl.SSLHandshakeException]
Is it possible to programmatically 'clean' emails?
How To Test Email Deliverability - % In Junk Folder
Gibberish spam - what does this mean?
Grails: Validation of string containing a delimited list of email addresses
Zend Framework: How to set default mail transport in configuration file?
iPhone: How to Close MFMailComposeViewController?
SMTP error with PHPMailer
How to set up email service with Heroku custom domain?
Problems using MFMailComposeViewController
Send email using PhoneGap on iphone Application
How to send an email with rails
Sending emails from local host - Play Framework
Show only from "name" not email address in JavaMailSender and client Outlook
AWS / SES Email sending... What's been your experience?
how do i send an email through joomla
PHP mail send to Multiple recipients
sending mail in asp.net-also using web config
How to move CSS inline with PreMailer.Net whilst using MvcMailer for sending HTML emails
Why are my Authentication Emails not working? I get an "AuthenticationError"

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!