On 8 February 2017 at 13:33, Glen Eustace <geustace@godzone.net.nz> wrote:

On 8/02/2017, at 1:24 PM, Peter Lambrechtsen <peter@crypt.nz> wrote:

The xtra.co.nz domain doesn't seem to have a DKIM or SPF record attached to it, in fact there isn't any txt record on the domain.

This isn��t a case of an SPF on xtra.co.nz��but SPFs from senders that end up with final delivery being an Xtra mailbox.

<xxxxxxxxxx@xtra.co.nz>��(expanded from��<admin@yyyyyyyyyy.nz>): host
�� mx.xtra.co.nz[210.55.143.33] said: 550 5.7.1 Message rejected due to SPF
�� policy (in reply to end of DATA command)

where senders domain has -all on its SPF record.

��

Certainly had at least one case recently with a customer who hosts with Mesh|net using SMTP via snap to an xtra address, that went via orcon and failed.��

They had the Snap MXs in SPF etc��(+include:snap.net.nz -all��)��but not orcon or xtra.�� It looked like Xtra was looking at the Orcon EHLO��and failing.

Changed their SPF to ~all and seems to work with the softfail - "Results - softfail domain owner discourages use of this host"��- but something is broken.

Jo Booth - Mesh|net
Connecting Communities
Jo@Mesh.net.nz | mob +64 21 526684