SPF hardfail and DKIM failure when recipient has e-mail forwarding

spf dkim domainkeys mail-forwarding email-server
8,391

The forwarding server needs to setup SRS in order not to break your SPF http://www.open-spf.org/srs/

Share:
8,391

Related videos on Youtube

NukaRakuForgotEmail
Author by

NukaRakuForgotEmail

Learning and helping.

Updated on September 17, 2022

Comments

  • NukaRakuForgotEmail
    NukaRakuForgotEmail almost 2 years

    I configured hardfail SPF for my domain and DKIM message signing on my SMTP server. Since this is the only SMTP server that should be used for outgoing mail from my domain, I didn't foresee any complications.

    However, consider the following situation: I sent an e-mail message via my SMTP server to my colleague's university e-mail. The problem is that my colleague forwards his university e-mail to his GMail account. These are the headers of the message after it reaches his GMail mailbox:

    Received-SPF: fail (google.com: domain of [email protected] does not designate 192.168.128.100 as permitted sender) client-ip=192.168.128.100;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of [email protected] does not designate 192.168.128.100 as permitted sender) [email protected]; dkim=hardfail (test mode) [email protected]

    (Headers have been sanitized to protect the domains and IP addresses of the non-Google parties)

    GMail checks the last SMTP server in the delivery chain against my SPF and DKIM records (rightfully so). Since the last STMP server in the delivery chain was the university's server and not my server, the check results in an SPF hardfail and DKIM failure. Fortunately, GMail did not mark the message as spam but I'm concerned that this might cause a problem in the future.

    Is my implementation of SPF hardfail perhaps too strict? Any other recommendations or potential issues that I should be aware of? Or maybe there is a more ideal configuration for the university's e-mail forwarding procedure? I know that the forwarding server could possibly change the envelope sender but I see that getting messy.

  • NukaRakuForgotEmail
    NukaRakuForgotEmail over 13 years
    +1 I was reading about it right before I received the SF notification for your answer. Unfortunately, I see that the university's mail (Mirapoint) does not support SRS. Wondering if the implementation rate of SRS is just very low.
  • topdog
    topdog over 13 years
    Most providers who forward mail do implement it, blackberry for example uses it to rewrite your address when you send from your device

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What is wrong in my DKIM setup? I'm getting all fails
How to correctly configure postfix and opendkim and let receiving server know all details mailed-by signed-by?
What exactly is a X-YMailISG header?
Sent emails pass SPF and DKIM, but fail DMARC when received by Gmail
Do SPF and DKIM TXT records require quotes?
cPanel Server Email to Gmail marked as Spam, SPF, DKIM, and rDNS pass
Mail rejected because of SPF lookup - can a MX record be a CNAME?
SPF and DKIM help: Do the FAIL reports from DMARC indicate an issue?
Forward Mails to Gmail
Improve Spam Confidence Level (SCL) for outgoing emails