spf

3 Topics

Rely solely on DKIM, remove spf.protection.outlook.com from SPF record?
Question: Is there anyone that already has removed the spf.protection.outlook.com entry for their Office 365 hosted mail domain, and how has this impacted deliverability? Situation: In order to protect our email from being spoofed, we have a DMARC policy in place that recipient email servers respect to filter out unauthenticated emails sent from our mail domain. As we all know, DMARC authentication can take place either by publishing the autorized sending servers IP's/netblocks in the domains SPF record, by publishing DKIM keys, or both. One of the mechanisms has to align, two is fine as well of course For our mail domain, both the SPF mechanism as well as the DKIM mechanism are used at this moment. Two assumptions: 1. The SPF record's entry for Office 365 (include:spf.protection.outlook.com) is used by ALL Office 365 tenatnt/customers and contains all the possible IP's that Office 365 uses to send outgoing email. 2. The DKIM key used by Office 365 to cryptogarphically sign mails that are sent out from our mail domain is unique for our tenant. When inspecting the DMARC reporting, i noticed that some emails were not signed with the correct DKIM keys, but are labeled as 'aligned'. Quite possibly, these emails were sent from within some Office 365 tenant, but not from our tenant and thus, quite possibly, malicious. Statement: On hosted email platforms such as O365 and gmail, SPF isn't good enough because all their good customers and all their abusive customers use spf.protection.outlook.com (or spf.gmail.com for that matter) for spf lookups. The spf record is only a simple txt lookup with no logic or cryptographic keys involved. By removing the SPF element from the equasion our email domain, we rely solely on the DKIM signing, which is unique and cryptographically sound. Email deliverability should not be impacted for DMARC compatible mailservices, but will be lower for email services that are not DMARC-compliant.
ronalddolfsma
Nov 13, 2022 Place Exchange
3.1KViews
2likes
2Comments
SPF Record fail
Hello Community, I'm plaining to change my DMARC record from none to Quarantine, when I checked my aggregate report I saw SPF failures from Microsoft IP address, I already checked my record and I can see the IP address. The IP in my record is 52.100.0.0/14 the IP address that failing the SPF is 52.100.14.216,52.100.175.203,52.100.9.237,52.100.19.9. any idea why the SPF failing with these IP address? Regards,
Mohammad_Elayyan
Sep 19, 2022 Place Exchange
1.3KViews
0likes
0Comments
SPF lookup Failed and i dont know why
Hi Guys. So my SPF Records looks like the following: v=spf1 mx ip4:91.198.79.139 ip4:217.26.51.230 include:spf.surveymonkey.com include:_spf.salesforce.com include:spf.protection.outlook.com include:et._spf.pardot.com include:aspmx.pardot.com include:spf.mail.hostpoint.ch include:spf.abacuscity.ch ~all I know its a lot. So when one of the server on hostpoint.ch (217.26.49.146) tries to send an email to Office 365 i get the following result: Authentication-Results: spf=none (sender IP is 217.26.49.146) smtp.mailfrom=p12.server.hostpoint.ch; noser.com; dkim=none (message not signed) header.d=none;noser.com; dmarc=fail action=quarantine header.from=noser.com;compauth=fail reason=000 Received-SPF: None (protection.outlook.com: p12.server.hostpoint.ch does not designate permitted sender hosts) Can anyone explain to me why this is happening? The sender IP should be included in the record of hostpoint.ch....
Solved
Lephas
Apr 20, 2020 Place Exchange
2.4KViews
0likes
2Comments