Re: [nznog] SPF Mail rejection

On 22/07/2010, at 6:10 PM, SIMON WALKDEN wrote:

I've seen a lot of clients' outbound mail rejected in the last 12 months due to SPF issues; particularly mail being delivered to secureMX, or Xtra. The plan of attack was usually:

1. do they appear on any RBL's? (self explanatory, I know, just thought I'd list it) 2. does the HELO ID of their server match the MX record for the domain? 3. does the MX record (and HELO ID) contain the terms 'smtp' or 'mail'? (strange I know, but it's made a difference)

In what way does it make a difference?

4. does a PTR record exist for the mail server's FQDN? 5. does the domain have a valid SPF record?

If all these criteria are met, you really shouldn't have any problems passing go & collecting $200.

I would love to be able to use HELO/EHLO when deciding what to accept but my own testing shows far too many false positives. A few years ago and in another role I saw: http://blog.nominet.org.uk/tech/2005/08/06/incorrect-heloehlo-information-is... but I've seen similar problems recently when I last looked. I suspect we need a "Strict HELO/EHLO Day" where enough of the world's sysadmins unite to put strict settings on what they accept to force those with crap in their HELO/EHLO to do something about it. Jay

Love, Simon W

On 22 July 2010 17:22, Mark Wakefield wrote:

...

On 22/07/10 16:36, Regan Murphy wrote:

...

It appears that safegas.co.nz have their mail configured to come via hosts.net.nz, and their on-premise mail server is enforcing SPF which should break for anyone sending them email.

...

...

MX records for domain safegas.co.nz Your 1 MX records are: 10 mta.hosts.net.nz ip=210.48.108.65

mail.safegas.co.nz is W3's server (rua.w3host.co.nz) so they're going to be the ones to sort it out.

W3 should also look at putting a firewall in front of that server...

Mark _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

-- "Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam." _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

-- Jay Daley Chief Executive .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 931 6977 mobile: +64 21 678840