[spf-help] Setting SPF Record for a hosted situation

Discussion:

KQJ

2016-11-20 15:33:02 UTC

Hello,

I have a website (domain: pebblesmart.com) hosted at a hosting service. The
website's contact form generates emails to my company's customer support
email address. (I use WordPress plugin Contact Form 7). However, the emails
are marked as spam by Microsoft Outlook servers. I set up a SPF record for
my domain and the hosting service said a DKIM record was created for my
domain. But the email message header indicated no SPF or DKIM was found. I
also directed the generated email to Gmail. It used "best guess" to let the
message pass, but didn't indicate SPF record found or the message was DKIM
signed.

I wonder in this situation where the SPF record should be stored. Perhaps
the receiving server is not querying my domain's DNS record at all because
the email was generated by the mail agent on the hosting server. Please see
the enclosed message header. The hosting company doesn't seem to know this
subject very well. So I am hoping you can give me some pointers.

Thank you very much.
Keith

========= Message Header =============
Received: from BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) by
MWHPR06MB2767.namprd06.prod.outlook.com (10.175.137.136) with Microsoft
SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384)
id
15.1.734.8 via Mailbox Transport; Sat, 19 Nov 2016 02:38:53 +0000
Received: from BY2PR06CA0002.namprd06.prod.outlook.com (10.166.106.140) by
BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384)
id
15.1.721.10; Sat, 19 Nov 2016 02:38:52 +0000
Received: from SN1NAM02FT026.eop-nam02.prod.protection.outlook.com
(2a01:111:f400:7e44::208) by BY2PR06CA0002.outlook.office365.com
(2a01:111:e400:7bfe::12) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.734.8 via
Frontend
Transport; Sat, 19 Nov 2016 02:38:52 +0000
Authentication-Results: spf=none (sender IP is 162.244.253.254)
smtp.mailfrom=s3.supportedns.com; pebblesmart.com; dkim=none (message not
signed) header.d=none;pebblesmart.com; dmarc=none action=none
header.from=pebblesmart.com;pebblesmart.com; dkim=none (message not signed)
header.d=none;
Received-SPF: None (protection.outlook.com: s3.supportedns.com does not
designate permitted sender hosts)
Received: from scanner01.mail.supportedns.com (162.244.253.254) by
SN1NAM02FT026.mail.protection.outlook.com (10.152.72.97) with Microsoft
SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384)
id
15.1.734.4 via Frontend Transport; Sat, 19 Nov 2016 02:38:50 +0000
X-IncomingTopHeaderMarker:
OriginalChecksum:;UpperCasedChecksum:;SizeAsReceived:2327;Count:26
Received: from s3.supportedns.com ([173.248.191.183])
by scanner01.mail.supportedns.com with esmtps
(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.86)
(envelope-from <***@s3.supportedns.com>)
id 1c7vYH-0002Zc-Gd; Fri, 18 Nov 2016 21:38:50 -0500
Received: from pebblebe by s3.supportedns.com with local (Exim 4.87)
(envelope-from <***@s3.supportedns.com>)
id 1c7vYG-002gOT-Av; Fri, 18 Nov 2016 21:38:48 -0500
To: <***@pebblesmart.com>
Subject: Pebble Smart Contact: "Test New Contact Form #5"
X-PHP-Script: pebblesmart.com/index.php for 75.170.66.196
X-PHP-Filename: /home/pebblebe/public_html/index.php REMOTE_ADDR:
75.170.66.196
Date: Sat, 19 Nov 2016 02:38:48 +0000
From: James Gooney <[company_email******]@pebblesmart.com>
CC: <[support_email*******]@gmail.com>
Reply-To: <[customer_email******]@gmail.com>
Message-ID: <***@pebblesmart.com>
X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer)
X-WPCF7-Content-Type: text/plain
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Filter-ID: -- snip -- snip ---
X-Report-Abuse-To: ***@scanner01.mail.supportedns.com
X-Originating-IP: 173.248.191.183
X-SpamExperts-Domain: s3.supportedns.com
X-SpamExperts-Username: 173.248.191.183
Authentication-Results: mail.supportedns.com; auth=pass smtp.auth=
***@s3.supportedns.com
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.20)
X-Classification: not-spam/combined
X-Recommended-Action: accept
X-IncomingHeaderCount: 26
Return-Path: ***@s3.supportedns.com
X-MS-Exchange-Organization-Network-Message-Id:
9c81000f-3762-4960-1e4b-08d410253294
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: e5a10804-94c5-46a9-9149-411eb7e24477:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: -- snip -- snip ----- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Office365-Filtering-Correlation-Id:
9c81000f-3762-4960-1e4b-08d410253294
X-Microsoft-Antispam:
UriScan:;BCL:0;PCL:0;RULEID:(22001)(81800161)(71701004)(71702002);SRVR:BN6PR06MB2755;
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics:-- snip -- snip ---
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: -- snip -- snip ---
X-MS-Exchange-Organization-SCL: 5
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
SpamDiagnosticOutput: 1:22
SpamDiagnosticMetadata: Default
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Nov 2016 02:38:50.9484
(UTC)
X-MS-Exchange-CrossTenant-Id: e5a10804-94c5-46a9-9149-411eb7e24477
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2755
X-MS-Exchange-Organization-AuthSource:
SN1NAM02FT026.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0519413
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---

-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/26474686-1da6c477
Modify Your Subscription: https://www.listbox.com/member/?member_id=26474686&id_secret=26474686-2ac0b651
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26474686&id_secret=26474686-b919b075&post_id=20161120103310:A1DEAB10-AF36-11E6-9A98-8E119C2294C7
Powered by Listbox: http://www.listbox.com

John Comfort via spf-help

2016-11-20 16:48:05 UTC

Permalink

The RFC5321.From address is s3.supportedns.com. Make sure you have an SPF
record for that domain. Secondly, your RFC5322 from address '
supportedns.com' is unaligned with the above address.

Post by KQJ
Hello,
I have a website (domain: pebblesmart.com) hosted at a hosting service.
The website's contact form generates emails to my company's customer
support email address. (I use WordPress plugin Contact Form 7). However,
the emails are marked as spam by Microsoft Outlook servers. I set up a SPF
record for my domain and the hosting service said a DKIM record was created
for my domain. But the email message header indicated no SPF or DKIM was
found. I also directed the generated email to Gmail. It used "best guess"
to let the message pass, but didn't indicate SPF record found or the
message was DKIM signed.
I wonder in this situation where the SPF record should be stored. Perhaps
the receiving server is not querying my domain's DNS record at all because
the email was generated by the mail agent on the hosting server. Please see
the enclosed message header. The hosting company doesn't seem to know this
subject very well. So I am hoping you can give me some pointers.
Thank you very much.
Keith
========= Message Header =============
Received: from BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) by
MWHPR06MB2767.namprd06.prod.outlook.com (10.175.137.136) with Microsoft
SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384)
id
15.1.734.8 via Mailbox Transport; Sat, 19 Nov 2016 02:38:53 +0000
Received: from BY2PR06CA0002.namprd06.prod.outlook.com (10.166.106.140) by
BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384)
id
15.1.721.10; Sat, 19 Nov 2016 02:38:52 +0000
Received: from SN1NAM02FT026.eop-nam02.prod.protection.outlook.com
(2a01:111:f400:7e44::208) by BY2PR06CA0002.outlook.office365.com
(2a01:111:e400:7bfe::12) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.734.8 via
Frontend
Transport; Sat, 19 Nov 2016 02:38:52 +0000
Authentication-Results: spf=none (sender IP is 162.244.253.254)
smtp.mailfrom=s3.supportedns.com; pebblesmart.com; dkim=none (message not
signed) header.d=none;pebblesmart.com; dmarc=none action=none
header.from=pebblesmart.com;pebblesmart.com; dkim=none (message not signed)
header.d=none;
Received-SPF: None (protection.outlook.com: s3.supportedns.com does not
designate permitted sender hosts)
Received: from scanner01.mail.supportedns.com (162.244.253.254) by
SN1NAM02FT026.mail.protection.outlook.com (10.152.72.97) with Microsoft
SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384)
id
15.1.734.4 via Frontend Transport; Sat, 19 Nov 2016 02:38:50 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:;UpperCasedChecksum:;
SizeAsReceived:2327;Count:26
Received: from s3.supportedns.com ([173.248.191.183])
by scanner01.mail.supportedns.com with esmtps
(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.86)
id 1c7vYH-0002Zc-Gd; Fri, 18 Nov 2016 21:38:50 -0500
Received: from pebblebe by s3.supportedns.com with local (Exim 4.87)
id 1c7vYG-002gOT-Av; Fri, 18 Nov 2016 21:38:48 -0500
Subject: Pebble Smart Contact: "Test New Contact Form #5"
X-PHP-Script: pebblesmart.com/index.php for 75.170.66.196
75.170.66.196
Date: Sat, 19 Nov 2016 02:38:48 +0000
X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer)
X-WPCF7-Content-Type: text/plain
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Filter-ID: -- snip -- snip ---
X-Originating-IP: 173.248.191.183
X-SpamExperts-Domain: s3.supportedns.com
X-SpamExperts-Username: 173.248.191.183
Authentication-Results: mail.supportedns.com; auth=pass smtp.auth=
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.20)
X-Classification: not-spam/combined
X-Recommended-Action: accept
X-IncomingHeaderCount: 26
X-MS-Exchange-Organization-Network-Message-Id: 9c81000f-3762-4960-1e4b-
08d410253294
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: e5a10804-94c5-46a9-9149-411eb7e24477:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: -- snip -- snip ----- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Office365-Filtering-Correlation-Id: 9c81000f-3762-4960-1e4b-
08d410253294
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(
22001)(81800161)(71701004)(71702002);SRVR:BN6PR06MB2755;
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics:-- snip -- snip ---
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: -- snip -- snip ---
X-MS-Exchange-Organization-SCL: 5
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
SpamDiagnosticOutput: 1:22
SpamDiagnosticMetadata: Default
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Nov 2016 02:38:50.9484
(UTC)
X-MS-Exchange-CrossTenant-Id: e5a10804-94c5-46a9-9149-411eb7e24477
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2755
X-MS-Exchange-Organization-AuthSource: SN1NAM02FT026.eop-nam02.prod.
protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0519413
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
Sender Policy Framework: http://www.openspf.net
Modify Your Subscription: http://www.listbox.com/member/
Archives <https://www.listbox.com/member/archive/1020/=now>
<https://www.listbox.com/member/archive/rss/1020/28340258-6030af0d> |
Modify
<https://www.listbox.com/member/?&>
Your Subscription | Unsubscribe Now
<https://www.listbox.com/unsubscribe/?&&post_id=20161120103310:A1DEAB10-AF36-11E6-9A98-8E119C2294C7>
<http://www.listbox.com>

-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/26474686-1da6c477
Modify Your Subscription: https://www.listbox.com/member/?member_id=26474686&id_secret=26474686-2ac0b651
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26474686&id_secret=26474686-b919b075&post_id=20161120114812:1DA05BE0-AF41-11E6-8AD8-AD09524FCFA1
Powered by Listbox: http://www.listbox.com

John Comfort via spf-help

2016-11-20 17:06:36 UTC

Permalink

Please cancel my last transmission, it was sent before editing was
completed...

Post by John Comfort via spf-help
The RFC5321.From address is s3.supportedns.com. Make sure you have an
SPF record for that domain. Secondly, your RFC5322 from address '
supportedns.com' is unaligned with the above address.

Post by KQJ
Hello,
I have a website (domain: pebblesmart.com) hosted at a hosting service.
The website's contact form generates emails to my company's customer
support email address. (I use WordPress plugin Contact Form 7). However,
the emails are marked as spam by Microsoft Outlook servers. I set up a SPF
record for my domain and the hosting service said a DKIM record was created
for my domain. But the email message header indicated no SPF or DKIM was
found. I also directed the generated email to Gmail. It used "best guess"
to let the message pass, but didn't indicate SPF record found or the
message was DKIM signed.
I wonder in this situation where the SPF record should be stored. Perhaps
the receiving server is not querying my domain's DNS record at all because
the email was generated by the mail agent on the hosting server. Please see
the enclosed message header. The hosting company doesn't seem to know this
subject very well. So I am hoping you can give me some pointers.
Thank you very much.
Keith
========= Message Header =============
Received: from BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) by
MWHPR06MB2767.namprd06.prod.outlook.com (10.175.137.136) with Microsoft
SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384)
id
15.1.734.8 via Mailbox Transport; Sat, 19 Nov 2016 02:38:53 +0000
Received: from BY2PR06CA0002.namprd06.prod.outlook.com (10.166.106.140) by
BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384)
id
15.1.721.10; Sat, 19 Nov 2016 02:38:52 +0000
Received: from SN1NAM02FT026.eop-nam02.prod.protection.outlook.com
(2a01:111:f400:7e44::208) by BY2PR06CA0002.outlook.office365.com
(2a01:111:e400:7bfe::12) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.734.8 via
Frontend
Transport; Sat, 19 Nov 2016 02:38:52 +0000
Authentication-Results: spf=none (sender IP is 162.244.253.254)
smtp.mailfrom=s3.supportedns.com; pebblesmart.com; dkim=none (message not
signed) header.d=none;pebblesmart.com; dmarc=none action=none
header.from=pebblesmart.com;pebblesmart.com; dkim=none (message not signed)
header.d=none;
Received-SPF: None (protection.outlook.com: s3.supportedns.com does not
designate permitted sender hosts)
Received: from scanner01.mail.supportedns.com (162.244.253.254) by
SN1NAM02FT026.mail.protection.outlook.com (10.152.72.97) with Microsoft
SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384)
id
15.1.734.4 via Frontend Transport; Sat, 19 Nov 2016 02:38:50 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:;UpperCasedCh
ecksum:;SizeAsReceived:2327;Count:26
Received: from s3.supportedns.com ([173.248.191.183])
by scanner01.mail.supportedns.com with esmtps
(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.86)
id 1c7vYH-0002Zc-Gd; Fri, 18 Nov 2016 21:38:50 -0500
Received: from pebblebe by s3.supportedns.com with local (Exim 4.87)
id 1c7vYG-002gOT-Av; Fri, 18 Nov 2016 21:38:48 -0500
Subject: Pebble Smart Contact: "Test New Contact Form #5"
X-PHP-Script: pebblesmart.com/index.php for 75.170.66.196
75.170.66.196
Date: Sat, 19 Nov 2016 02:38:48 +0000
X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer)
X-WPCF7-Content-Type: text/plain
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Filter-ID: -- snip -- snip ---
X-Originating-IP: 173.248.191.183
X-SpamExperts-Domain: s3.supportedns.com
X-SpamExperts-Username: 173.248.191.183
Authentication-Results: mail.supportedns.com; auth=pass smtp.auth=
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.20)
X-Classification: not-spam/combined
X-Recommended-Action: accept
X-IncomingHeaderCount: 26
9c81000f-3762-4960-1e4b-08d410253294
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: e5a10804-94c5-46a9-9149-411eb7e24477:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: -- snip -- snip ----- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Office365-Filtering-Correlation-Id: 9c81000f-3762-4960-1e4b-08d410
253294
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(2
2001)(81800161)(71701004)(71702002);SRVR:BN6PR06MB2755;
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics:-- snip -- snip ---
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: -- snip -- snip ---
X-MS-Exchange-Organization-SCL: 5
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
SpamDiagnosticOutput: 1:22
SpamDiagnosticMetadata: Default
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Nov 2016 02:38:50.9484
(UTC)
X-MS-Exchange-CrossTenant-Id: e5a10804-94c5-46a9-9149-411eb7e24477
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2755
X-MS-Exchange-Organization-AuthSource: SN1NAM02FT026.eop-nam02.prod.p
rotection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0519413
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
Sender Policy Framework: http://www.openspf.net
Modify Your Subscription: http://www.listbox.com/member/
Archives <https://www.listbox.com/member/archive/1020/=now>
<https://www.listbox.com/member/archive/rss/1020/28340258-6030af0d> |
Modify
<https://www.listbox.com/member/?&>
Your Subscription | Unsubscribe Now
<https://www.listbox.com/unsubscribe/?&&post_id=20161120103310:A1DEAB10-AF36-11E6-9A98-8E119C2294C7>
<http://www.listbox.com>

-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/26474686-1da6c477
Modify Your Subscription: https://www.listbox.com/member/?member_id=26474686&id_secret=26474686-2ac0b651
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26474686&id_secret=26474686-b919b075&post_id=20161120120644:B45CD11A-AF43-11E6-BAC6-C03A8F6CE36D
Powered by Listbox: http://www.listbox.com

G.W. Haywood

2016-11-20 17:18:05 UTC

Permalink

Hi there,

I have a website (domain: pebblesmart.com) ...

You have a SPF record for pebblesmart.com, as I confirmed using 'dig'
on my laptop just now:

8<----------------------------------------------------------------------
laptop3:~$ >>> dig -t txt pebblesmart.com

; <<>> DiG 9.9.5-9+deb8u8-Debian <<>> -t txt pebblesmart.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31506
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
[...]
;; QUESTION SECTION:
;pebblesmart.com. IN TXT

;; ANSWER SECTION:
pebblesmart.com. 14177 IN TXT "v=spf1 a +include:_spf.mddservices.com +ip4:162.244.253.254 -all"

;; AUTHORITY SECTION:
pebblesmart.com. 83932 IN NS ns1.mddservices.com.
pebblesmart.com. 83932 IN NS ns3.mddservices.com.
pebblesmart.com. 83932 IN NS ns2.mddservices.com.
[...]
8<----------------------------------------------------------------------

The website's contact form generates emails to my company's customer
support email address. ... the emails are marked as spam by
Microsoft Outlook servers.

In general Microsoft screws around with Internet Standards to suit
itself, but in this case that's irrelevant. Firstly pebblesmart.com
is RECEIVING the mail, not sending it; secondly SPF is SENDER Policy
Framework, not Recipient Policy Framework; thirdly the sender of the
example message in your mail was 's3.supportedns.com' which has no SPF
record; fourthly even the SPF record for 'supportedns.com':

v=spf1 ip4:173.248.187.2 ip4:74.86.48.34 ip4:208.43.29.148 ip4:208.43.29.146 a mx ~all

does not mention the IP (162.244.253.254) which sent your example mail.
It also contains the widely-ridiculed 'a mx' mechanisms which likely
means that whoever created the record didn't know what they were doing.

Authentication-Results: spf=none (sender IP is 162.244.253.254)

(oh - sixthly, SPF is an anti-forgery system not an anti-spam system
but never mind that for now... :)

I set up a SPF record for my domain ...

Your SPF record is technically correct, but it could be improved.
However I have no idea if there's any point in setting it up since it
is not clear to me how (or if) mail is sent from the domain. There's
no point adding the IP '162.244.253.254' to your own SPF record if
some other domain (in your example s3.supportedns.com) will be sending
the messages from that IP, because in that case your SPF record will
not be consulted at any stage. There is no point using a provider
like supportedns.com to send mail on your behalf if they're going to
send mail from servers which they don't list in their SPF records (and
also apparently from domains which have no SPF records).

Incidentally I see that supportedns.com have IPv6 addresses for at
least some of their nameservers, and as mail starts to move to IPv6
servers too, large ESPs like Google may reject it outright if it does
not pass either of the SPF or DKIM tests. So getting this right now
might save a bit of pain later on.

the hosting service said a DKIM record was created for my domain.

There's nothing in DNS at the moment. Maybe there was confusion over
which domain. Maybe they exaggerated. Maybe they plan to put it in
there later. Maybe they don't know what they're doing, or they lied.

But the email message header indicated no SPF [was found]

That's because in this case pebblesmart.com didn't send the message,
so its SPF record was not consulted. The SPF software will only look
for SPF records for the domains given in the SMTP conversation 'HELO'
and 'MAIL FROM:' exchanges.

[no] DKIM was found.

There isn't one, anywhere that I looked, that's relevant.

I also directed the generated email to Gmail. It used "best guess"
to let the message pass, but didn't indicate SPF record found or the
message was DKIM signed.

Unsurprisingly it was correct in every detail.

I wonder in this situation where the SPF record should be stored.

In the DNS records of the sending domain.

The hosting company doesn't seem to know this subject very well.

That's normal. Most of them are utterly incompetent. It's common to
see mail sent from servers which aren't mentioned in the SPF records
for the sending domains/zones. It often takes YEARS to get it fixed,
even when you're dealing with multi-billion-currency-unit corporations
with IT departments bigger than my entire company. In fact I think it
smetimes makes it worse if the company is bigger - everyone then seems
to live in fear of making a mistake, so they do nothing instead.

To be clear, if mail from the IP 162.244.253.254 is to be sent on your
behalf by a supportedns.com server then you probably want to get them to
add that IP address to their SPF record(s). The SPF record needs to be
for the sender given in the SMTP 'envelope from' address. Alternatively
you could get mail sent from a server listed in the existing SPF record
using an envelope address '***@supportedns.com' instead of what is
used in your example ('***@s3.supportedns.com').

Alternatively you could find a supplier which gets this stuff right.

Good luck.
--
73,
Ged.

-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/26474686-1da6c477
Modify Your Subscription: https://www.listbox.com/member/?member_id=26474686&id_secret=26474686-2ac0b651
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26474686&id_secret=26474686-b919b075&post_id=20161120121817:4F332FB2-AF45-11E6-8A27-D50ED4695EB5
Powered by Listbox: http://www.listbox.com

Alan Doherty

2016-11-20 17:25:12 UTC

Permalink

without seeing the emails in question i cant be sure but if your software sends them

from the submitters email address then obviously they will fail the submitters domains spf and or dkim checks
(as obviously they were sent/forged from your servers ip not the submitters allowed ips/systems

if your software sends them from one of your own address's on the other hand (as it must) then the sending ip must be listed in the spf record for the senders domain

if your server sends from account-on-***@servername then either it needs to be fixed to send from one of your own addresses as servername is unlikely to have an spf record, or setup an appropriate spf record for the domain of servername

either way an example of a received message with full headers will easilly show us which/what the server is doing(and where the errors are coming from)

as for your spf record
"v=spf1 a +include:_spf.mddservices.com +ip4:162.244.253.254 -all"

first remove the unneccissary +
next the waste of others resources 'a'
as you know your own ip so dont make others look it up for every email you send
a == a:pebblesmart.com == ip4:173.248.188.5

thus a cleaner fixed up spf would be
"v=spf1 ip4:162.244.253.254 ip4:173.248.188.5 include:_spf.mddservices.com -all"

Post by KQJ
Hello,
I have a website (domain: <http://pebblesmart.com>pebblesmart.com) hosted at a hosting service. The website's contact form generates emails to my company's customer support email address. (I use WordPress plugin Contact Form 7). However, the emails are marked as spam by Microsoft Outlook servers. I set up a SPF record for my domain and the hosting service said a DKIM record was created for my domain. But the email message header indicated no SPF or DKIM was found. I also directed the generated email to Gmail. It used "best guess" to let the message pass, but didn't indicate SPF record found or the message was DKIM signed.
I wonder in this situation where the SPF record should be stored. Perhaps the receiving server is not querying my domain's DNS record at all because the email was generated by the mail agent on the hosting server. Please see the enclosed message header. The hosting company doesn't seem to know this subject very well. So I am hoping you can give me some pointers.
Thank you very much.
Keith
========= Message Header =============
Received: from <http://BN6PR06MB2755.namprd06.prod.outlook.com>BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) by
<http://MWHPR06MB2767.namprd06.prod.outlook.com>MWHPR06MB2767.namprd06.prod.outlook.com (10.175.137.136) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.734.8 via Mailbox Transport; Sat, 19 Nov 2016 02:38:53 +0000
Received: from <http://BY2PR06CA0002.namprd06.prod.outlook.com>BY2PR06CA0002.namprd06.prod.outlook.com (10.166.106.140) by
<http://BN6PR06MB2755.namprd06.prod.outlook.com>BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.721.10; Sat, 19 Nov 2016 02:38:52 +0000
Received: from <http://SN1NAM02FT026.eop-nam02.prod.protection.outlook.com>SN1NAM02FT026.eop-nam02.prod.protection.outlook.com
(2a01:111:f400:7e44::208) by <http://BY2PR06CA0002.outlook.office365.com>BY2PR06CA0002.outlook.office365.com
(2a01:111:e400:7bfe::12) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.734.8 via Frontend
Transport; Sat, 19 Nov 2016 02:38:52 +0000
Authentication-Results: spf=none (sender IP is 162.244.253.254)
smtp.mailfrom=<http://s3.supportedns.com>s3.supportedns.com; <http://pebblesmart.com>pebblesmart.com; dkim=none (message not
signed) header.d=none;<http://pebblesmart.com>pebblesmart.com; dmarc=none action=none
header.from=<http://pebblesmart.com>pebblesmart.com;<http://pebblesmart.com>pebblesmart.com; dkim=none (message not signed)
header.d=none;
Received-SPF: None (<http://protection.outlook.com>protection.outlook.com: <http://s3.supportedns.com>s3.supportedns.com does not
designate permitted sender hosts)
Received: from <http://scanner01.mail.supportedns.com>scanner01.mail.supportedns.com (162.244.253.254) by
<http://SN1NAM02FT026.mail.protection.outlook.com>SN1NAM02FT026.mail.protection.outlook.com (10.152.72.97) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.734.4 via Frontend Transport; Sat, 19 Nov 2016 02:38:50 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:;UpperCasedChecksum:;SizeAsReceived:2327;Count:26
Received: from <http://s3.supportedns.com>s3.supportedns.com ([173.248.191.183])
by <http://scanner01.mail.supportedns.com>scanner01.mail.supportedns.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.86)
id 1c7vYH-0002Zc-Gd; Fri, 18 Nov 2016 21:38:50 -0500
Received: from pebblebe by <http://s3.supportedns.com>s3.supportedns.com with local (Exim 4.87)
id 1c7vYG-002gOT-Av; Fri, 18 Nov 2016 21:38:48 -0500
Subject: Pebble Smart Contact: "Test New Contact Form #5"
X-PHP-Script: <http://pebblesmart.com/index.php>pebblesmart.com/index.php for 75.170.66.196
X-PHP-Filename: /home/pebblebe/public_html/index.php REMOTE_ADDR: 75.170.66.196
Date: Sat, 19 Nov 2016 02:38:48 +0000
X-Mailer: PHPMailer 5.2.14 (<https://github.com/PHPMailer/PHPMailer>https://github.com/PHPMailer/PHPMailer)
X-WPCF7-Content-Type: text/plain
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Filter-ID: -- snip -- snip ---
X-Originating-IP: 173.248.191.183
X-SpamExperts-Domain: <http://s3.supportedns.com>s3.supportedns.com
X-SpamExperts-Username: 173.248.191.183
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.20)
X-Classification: not-spam/combined
X-Recommended-Action: accept
X-IncomingHeaderCount: 26
X-MS-Exchange-Organization-Network-Message-Id: 9c81000f-3762-4960-1e4b-08d410253294
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: e5a10804-94c5-46a9-9149-411eb7e24477:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: -- snip -- snip ----- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Office365-Filtering-Correlation-Id: 9c81000f-3762-4960-1e4b-08d410253294
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(81800161)(71701004)(71702002);SRVR:BN6PR06MB2755;
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics:-- snip -- snip ---
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: -- snip -- snip ---
X-MS-Exchange-Organization-SCL: 5
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
SpamDiagnosticOutput: 1:22
SpamDiagnosticMetadata: Default
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Nov 2016 02:38:50.9484
(UTC)
X-MS-Exchange-CrossTenant-Id: e5a10804-94c5-46a9-9149-411eb7e24477
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2755
X-MS-Exchange-Organization-AuthSource: <http://SN1NAM02FT026.eop-nam02.prod.protection.outlook.com>SN1NAM02FT026.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0519413
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
Sender Policy Framework: <http://www.openspf.net>http://www.openspf.net
Modify Your Subscription: <http://www.listbox.com/member/>http://www.listbox.com/member/
<https://www.listbox.com/member/archive/1020/=now>Archives<https://www.listbox.com/member/archive/rss/1020/15739084-ee0a6cb2> | <https://www.listbox.com/member/?&>Modify Your Subscription | <https://www.listbox.com/unsubscribe/?&&post_id=20161120103310:A1DEAB10-AF36-11E6-9A98-8E119C2294C7>Unsubscribe Now<http://www.listbox.com>

-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/26474686-1da6c477
Modify Your Subscription: https://www.listbox.com/member/?member_id=26474686&id_secret=26474686-2ac0b651
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26474686&id_secret=26474686-b919b075&post_id=20161120122525:50D26E9A-AF46-11E6-8EC9-F150DD061B16
Powered by Listbox: http://www.listbox.com

alan

2016-11-20 17:57:51 UTC

Permalink

oops i see the mail was included(my bad) (ignore previous bits marked ####)

####without seeing the emails in question i cant be sure but if your software sends them

###from the submitters email address then obviously they will fail the submitters domains spf and or dkim checks
(as obviously they were sent/forged from your servers ip not the submitters allowed ips/systems

###if your software sends them from one of your own address's on the other hand (as it must) then the sending ip must be listed in the spf record for the senders domain

if your server sends from account-on-***@servername then either it needs to be fixed to send from one of your own addresses as servername is unlikely to have an spf record, or setup an appropriate spf record for the domain of servername
(ok confirmed your software send the emails from <mailto:***@s3.supportedns.com>***@s3.supportedns.com thus this is the issue)

so you need to rewrite the script at /home/pebblebe/public_html/index.php
to send from ***@pebblesmart.com rather than <mailto:***@s3.supportedns.com>***@s3.supportedns.com

for example its likely doing this
mail($to, $mail_subject, $mail_message, $mail_header);
when it should be
mail($to, $mail_subject, $mail_message, $mail_header, "-f $mail_err_email");

the -f "mail_err_email sets the envelope sender (the address transmission errors are returned to) if unset it defaults to ***@servername as yours is doing

#########either way an example of a received message with full headers will easilly show us which/what the server is doing(and where the errors are coming from)

as for your spf record
"v=spf1 a +include:_spf.mddservices.com +ip4:162.244.253.254 -all"

first remove the unneccissary +
next the waste of others resources 'a'
as you know your own ip so dont make others look it up for every email you send
a == a:pebblesmart.com == ip4:173.248.188.5

thus a cleaner fixed up spf would be
"v=spf1 ip4:162.244.253.254 ip4:173.248.188.5 include:_spf.mddservices.com -all"

all my collected advice on spf in general
http://www.alandoherty.net/info/mailservers/spf/

--
Alan Doherty: http://www.alandoherty.net/
all-contact: http://www.alandoherty.net/contact/ : cell +353-87-907-8286
Anyone giving my address to 3rd parties without my explicit consent will be reviled,
If you cannot respect your contacts privacy, DO NOT ADD ME to YOUR ADDRESS-BOOK.
http://alan-ie.livejournal.com/tag/idiocy

-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/26474686-1da6c477
Modify Your Subscription: https://www.listbox.com/member/?member_id=26474686&id_secret=26474686-2ac0b651
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26474686&id_secret=26474686-b919b075&post_id=20161120125805:E054D2AC-AF4A-11E6-8B98-A2DFEFD21E64
Powered by Listbox: http://www.listbox.com

KQJ

2016-11-21 21:28:39 UTC

Permalink

Thank you all for your input. I read all your responses carefully. I also
received further input from the ISP. It looks like with either code
modification or a plugin I can make the contact form to send with the
proper settings so that my domain's record is consulted for SPF by the
receiving server.

I do need help on a little more clarification. From the receiving server's
point of view, which piece of data (as shown in the header) does it use to
determine the domain to check SPF on? Is it the Return Path? Is that the
same as the Envelop From or "envelop sender" (per Alan's response)?

Thanks again.
Keith

Post by alan
oops i see the mail was included(my bad) (ignore previous bits marked ####)
####without seeing the emails in question i cant be sure but if your software sends them
###from the submitters email address then obviously they will fail the
submitters domains spf and or dkim checks
(as obviously they were sent/forged from your servers ip not the
submitters allowed ips/systems
###if your software sends them from one of your own address's on the other
hand (as it must) then the sending ip must be listed in the spf record for
the senders domain
needs to be fixed to send from one of your own addresses as servername is
unlikely to have an spf record, or setup an appropriate spf record for the
domain of servername
so you need to rewrite the script at /home/pebblebe/public_html/index.php
for example its likely doing this
mail($to, $mail_subject, $mail_message, $mail_header);
when it should be
mail($to, $mail_subject, $mail_message, $mail_header, "-f
$mail_err_email");
the -f "mail_err_email sets the envelope sender (the address transmission
yours is doing
#########either way an example of a received message with full headers
will easilly show us which/what the server is doing(and where the errors
are coming from)
as for your spf record
"v=spf1 a +include:_spf.mddservices.com +ip4:162.244.253.254 -all"
first remove the unneccissary +
next the waste of others resources 'a'
as you know your own ip so dont make others look it up for every email you send
a == a:pebblesmart.com == ip4:173.248.188.5
thus a cleaner fixed up spf would be
"v=spf1 ip4:162.244.253.254 ip4:173.248.188.5 include:_spf.mddservices.com -all"

Post by KQJ
Hello,
I have a website (domain: <http://pebblesmart.com>pebblesmart.com)

hosted at a hosting service. The website's contact form generates emails to
my company's customer support email address. (I use WordPress plugin
Contact Form 7). However, the emails are marked as spam by Microsoft
Outlook servers. I set up a SPF record for my domain and the hosting
service said a DKIM record was created for my domain. But the email message
header indicated no SPF or DKIM was found. I also directed the generated
email to Gmail. It used "best guess" to let the message pass, but didn't
indicate SPF record found or the message was DKIM signed.

Post by KQJ
I wonder in this situation where the SPF record should be stored. Perhaps

the receiving server is not querying my domain's DNS record at all because
the email was generated by the mail agent on the hosting server. Please see
the enclosed message header. The hosting company doesn't seem to know this
subject very well. So I am hoping you can give me some pointers.

Post by KQJ
Thank you very much.
Keith
========= Message Header =============
Received: from <http://BN6PR06MB2755.namprd06.prod.outlook.com>BN6P

R06MB2755.namprd06.prod.outlook.com (10.175.127.9) by

Post by KQJ
<http://MWHPR06MB2767.namprd06.prod.outlook.com>MWHP

R06MB2767.namprd06.prod.outlook.com (10.175.137.136) with Microsoft SMTP

Post by KQJ
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384)

Post by KQJ
15.1.734.8 via Mailbox Transport; Sat, 19 Nov 2016 02:38:53 +0000
Received: from <http://BY2PR06CA0002.namprd06.prod.outlook.com>BY2P

R06CA0002.namprd06.prod.outlook.com (10.166.106.140) by

Post by KQJ
<http://BN6PR06MB2755.namprd06.prod.outlook.com>BN6P

R06MB2755.namprd06.prod.outlook.com (10.175.127.9) with Microsoft SMTP

Post by KQJ
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384)

Post by KQJ
15.1.721.10; Sat, 19 Nov 2016 02:38:52 +0000
Received: from <http://SN1NAM02FT026.eop-nam02.prod.protection.outlook.

com>SN1NAM02FT026.eop-nam02.prod.protection.outlook.com

Post by KQJ
(2a01:111:f400:7e44::208) by <http://BY2PR06CA0002.outlook.office365.com
BY2PR06CA0002.outlook.office365.com
(2a01:111:e400:7bfe::12) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.734.8 via

Frontend

Post by KQJ
Transport; Sat, 19 Nov 2016 02:38:52 +0000
Authentication-Results: spf=none (sender IP is 162.244.253.254)
smtp.mailfrom=<http://s3.supportedns.com>s3.supportedns.com; <

http://pebblesmart.com>pebblesmart.com; dkim=none (message not

Post by KQJ
signed) header.d=none;<http://pebblesmart.com>pebblesmart.com;

dmarc=none action=none

Post by KQJ
header.from=<http://pebblesmart.com>pebblesmart.com;<

http://pebblesmart.com>pebblesmart.com; dkim=none (message not signed)

Post by KQJ
header.d=none;

<http://s3.supportedns.com>s3.supportedns.com does not

Post by KQJ
designate permitted sender hosts)
Received: from <http://scanner01.mail.supportedns.com>scanner01.

mail.supportedns.com (162.244.253.254) by

Post by KQJ
<http://SN1NAM02FT026.mail.protection.outlook.com>SN1NAM0

2FT026.mail.protection.outlook.com (10.152.72.97) with Microsoft SMTP

Post by KQJ
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384)

Post by KQJ
15.1.734.4 via Frontend Transport; Sat, 19 Nov 2016 02:38:50 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:;UpperCasedChecksum:;

SizeAsReceived:2327;Count:26

Post by KQJ
Received: from <http://s3.supportedns.com>s3.supportedns.com

([173.248.191.183])

Post by KQJ
by <http://scanner01.mail.supportedns.com>scanner01.mail.supportedns.com

with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)

Post by KQJ
(Exim 4.86)

supportedns.com>)

Post by KQJ
id 1c7vYH-0002Zc-Gd; Fri, 18 Nov 2016 21:38:50 -0500
Received: from pebblebe by <http://s3.supportedns.com>s3.supportedns.com

with local (Exim 4.87)
supportedns.com>)

Post by KQJ
id 1c7vYG-002gOT-Av; Fri, 18 Nov 2016 21:38:48 -0500
Subject: Pebble Smart Contact: "Test New Contact Form #5"
X-PHP-Script: <http://pebblesmart.com/index.php>pebblesmart.com/index.php

for 75.170.66.196
75.170.66.196

Post by KQJ
Date: Sat, 19 Nov 2016 02:38:48 +0000

pebblesmart.com>

Post by KQJ
X-Mailer: PHPMailer 5.2.14 (<https://github.com/PHPMailer/PHPMailer>

https://github.com/PHPMailer/PHPMailer)

Post by KQJ
X-WPCF7-Content-Type: text/plain
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Filter-ID: -- snip -- snip ---

scanner01.mail.supportedns.com

Post by KQJ
X-Originating-IP: 173.248.191.183
X-SpamExperts-Domain: <http://s3.supportedns.com>s3.supportedns.com
X-SpamExperts-Username: 173.248.191.183
Authentication-Results: <http://mail.supportedns.com>mail.supportedns.com;
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.20)
X-Classification: not-spam/combined
X-Recommended-Action: accept
X-IncomingHeaderCount: 26

supportedns.com

Post by KQJ
X-MS-Exchange-Organization-Network-Message-Id: 9c81000f-3762-4960-1e4b-

08d410253294

Post by KQJ
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: e5a10804-94c5-46a9-9149-411eb7e24477:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: -- snip -- snip ----- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Office365-Filtering-Correlation-Id: 9c81000f-3762-4960-1e4b-

08d410253294

Post by KQJ
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(

22001)(81800161)(71701004)(71702002);SRVR:BN6PR06MB2755;

Post by KQJ
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics:-- snip -- snip ---
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: -- snip -- snip ---
X-MS-Exchange-Organization-SCL: 5
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
SpamDiagnosticOutput: 1:22
SpamDiagnosticMetadata: Default
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Nov 2016 02:38:50.9484
(UTC)
X-MS-Exchange-CrossTenant-Id: e5a10804-94c5-46a9-9149-411eb7e24477
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2755
X-MS-Exchange-Organization-AuthSource: <http://SN1NAM02FT026.eop-

nam02.prod.protection.outlook.com>SN1NAM02FT026.eop-nam02.
prod.protection.outlook.com

Post by KQJ
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0519413
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
Sender Policy Framework: <http://www.openspf.net>http://www.openspf.net
Modify Your Subscription: <http://www.listbox.com/member/>

http://www.listbox.com/member/

Post by KQJ
<https://www.listbox.com/member/archive/1020/=now>Archives<

https://www.listbox.com/member/archive/rss/1020/15739084-ee0a6cb2> | <
https://www.listbox.com/member/?&>Modify Your Subscription | <
https://www.listbox.com/unsubscribe/?&&post_id=
20161120103310:A1DEAB10-AF36-11E6-9A98-8E119C2294C7>Unsubscribe Now<
http://www.listbox.com>
all my collected advice on spf in general
http://www.alandoherty.net/info/mailservers/spf/
--
Alan Doherty: http://www.alandoherty.net/
all-contact: http://www.alandoherty.net/contact/ : cell +353-87-907-8286
Anyone giving my address to 3rd parties without my explicit consent will be reviled,
If you cannot respect your contacts privacy, DO NOT ADD ME to YOUR ADDRESS-BOOK.
http://alan-ie.livejournal.com/tag/idiocy

-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/26474686-1da6c477
Modify Your Subscription: https://www.listbox.com/member/?member_id=26474686&id_secret=26474686-2ac0b651
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26474686&id_secret=26474686-b919b075&post_id=20161121162850:7A05F994-B031-11E6-B8AC-F1ACD28C53A1
Powered by Listbox: http://www.listbox.com

G.W. Haywood

2016-11-21 22:58:43 UTC

Permalink

Hello again,

... From the receiving server's point of view, which piece of data
(as shown in the header) does it use to determine the domain to
check SPF on? Is it the Return Path? Is that the same as the Envelop
From or "envelop sender" (per Alan's response)?

You won't normally see the data unless you're looking at the SMTP
conversation at the time the message is transferred, or at a verbose
mail server log.

Here's a typical conversation, in fact the one that brought your mail
to me via the (digest) list server. I've trimmed the log a bit:

8<----------------------------------------------------------------------
Nov 21 21:29:11 mail6 sm-mta[17146]: NOQUEUE: connect from lb-ob2.listbox.com [64.147.108.116]
Nov 21 21:29:11 mail6 sm-mta[17146]: uALLTAB1017146: --- 220-mail6.jubileegroup.co.uk
Nov 21 21:29:11 mail6 sm-mta[17146]: uALLTAB1017146: --- 220 server ready
Nov 21 21:29:11 mail6 sm-mta[17146]: uALLTAB1017146: <-- EHLO lb-ob2.listbox.com
Nov 21 21:29:11 mail6 sm-mta[17146]: uALLTAB1017146: --- 250-mail6.jubileegroup.co.uk Hello lb-ob2.listbox.com [64.147.108.116], pleased to meet you
Nov 21 21:29:11 mail6 sm-mta[17146]: uALLTAB1017146: <-- MAIL FROM:<listbox+trampoline+P8+Xw2y+lPkFejGw5hG4rPGs0oxToQ+***@jeeves.archives.listbox.com> SIZE=42864
Nov 21 21:29:11 mail6 sm-mta[17146]: uALLTAB1017146: --- 250 2.1.0 <listbox+trampoline+P8+Xw2y+lPkFejGw5hG4rPGs0oxToQ+***@jeeves.archives.listbox.com>... Sender ok
Nov 21 21:29:11 mail6 sm-mta[17146]: uALLTAB1017146: <-- RCPT TO:<***@jubileegroup.co.uk>
Nov 21 21:29:12 mail6 sm-mta[17146]: uALLTAB1017146: --- 250 2.1.5 <***@jubileegroup.co.uk>... Recipient ok
Nov 21 21:29:12 mail6 sm-mta[17146]: uALLTAB1017146: <-- DATA
Nov 21 21:29:12 mail6 sm-mta[17146]: uALLTAB1017146: --- 354 Enter mail, end with "." on a line by itself
8<----------------------------------------------------------------------

The two interesting parts from the SPF point of view are the 'EHLO'
greeting and the 'MAIL FROM:' command which come from the sending
server. The address in the 'MAIL FROM:' command is as you surmised
the 'envelope sender' and may be given in the 'Return-path' header
which can be added by the receiving server just before the message is
delivered to the recipient's mailbox - assuming it gets that far.

Both 'EHLO' and 'MAIL FROM' are checked by the SPF software.

The name in the EHLO greeting isn't necessarily the same as the name
seen in the log 'connect from' string, but it is in my example as the
list server has been set up with care. The first 'Received' header in
a message after delivery will normally have been added by the mail
server which finally received it and will identify the sending server.
The message may pass through several servers on its way from sender to
recipient, each server adding its own 'Received' header, so the final
mesaage headers may have several such headers in it. Many 'Received'
headers from spammers and other miscreants are forged, they cannot be
relied on nor used for forgery detection by SPF.

73,
Ged.

-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/26474686-1da6c477
Modify Your Subscription: https://www.listbox.com/member/?member_id=26474686&id_secret=26474686-2ac0b651
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26474686&id_secret=26474686-b919b075&post_id=20161121175856:101F2110-B03E-11E6-9F44-ADAE9908CA3F
Powered by Listbox: http://www.listbox.com

alan

2016-11-21 23:48:49 UTC

Permalink

Thank you all for your input. I read all your responses carefully. I also received further input from the ISP. It looks like with either code modification or a plugin I can make the contact form to send with the proper settings so that my domain's record is consulted for SPF by the receiving server.
I do need help on a little more clarification. From the receiving server's point of view, which piece of data (as shown in the header) does it use to determine the domain to check SPF on? Is it the Return Path? Is that the same as the Envelop From or "envelop sender" (per Alan's response)?

yes but return path is a pseudo-header
(only added by the last server it arrives on before converting it to whatever format the users mailbox uses)
servers/spf read it from the envelope which is not part of the mail and discarded (converted to return-path when it gets to final destination)

the headers it was visible in on your sample are these and likely the only ones to entirely trust

simply adding the "-f ***@from-address" to the php mail function in your php code should do what you need
it works with exim (the system your isp uses) sendmail and most others ,as i do a lot of php and exim on my own servers

Received: from <<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.supportedns.com>s3.supportedns.com ([173.248.191.183])

by <<http://scanner01.mail.supportedns.com>http://scanner01.mail.supportedns.com><http://scanner01.mail.supportedns.com>scanner01.mail.supportedns.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.86)
id 1c7vYH-0002Zc-Gd; Fri, 18 Nov 2016 21:38:50 -0500
Received: from pebblebe by <<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.supportedns.com>s3.supportedns.com with local (Exim 4.87)
id 1c7vYG-002gOT-Av; Fri, 18 Nov 2016 21:38:48 -0500
Thanks again.
Keith
oops i see the mail was included(my bad) (ignore previous bits marked ####)
####without seeing the emails in question i cant be sure but if your software sends them
###from the submitters email address then obviously they will fail the submitters domains spf and or dkim checks
(as obviously they were sent/forged from your servers ip not the submitters allowed ips/systems
###if your software sends them from one of your own address's on the other hand (as it must) then the sending ip must be listed in the spf record for the senders domain
so you need to rewrite the script at /home/pebblebe/public_html/index.php
for example its likely doing this
mail($to, $mail_subject, $mail_message, $mail_header);
when it should be
mail($to, $mail_subject, $mail_message, $mail_header, "-f $mail_err_email");
#########either way an example of a received message with full headers will easilly show us which/what the server is doing(and where the errors are coming from)
as for your spf record
"v=spf1 a +include:_<http://spf.mddservices.com>spf.mddservices.com +ip4:162.244.253.254 -all"
first remove the unneccissary +
next the waste of others resources 'a'
as you know your own ip so dont make others look it up for every email you send
a == a:<http://pebblesmart.com>pebblesmart.com == ip4:173.248.188.5
thus a cleaner fixed up spf would be
"v=spf1 ip4:162.244.253.254 ip4:173.248.188.5 include:_<http://spf.mddservices.com>spf.mddservices.com -all"

Post by KQJ
Hello,
I have a website (domain: <<http://pebblesmart.com>http://pebblesmart.com><http://pebblesmart.com>pebblesmart.com) hosted at a hosting service. The website's contact form generates emails to my company's customer support email address. (I use WordPress plugin Contact Form 7). However, the emails are marked as spam by Microsoft Outlook servers. I set up a SPF record for my domain and the hosting service said a DKIM record was created for my domain. But the email message header indicated no SPF or DKIM was found. I also directed the generated email to Gmail. It used "best guess" to let the message pass, but didn't indicate SPF record found or the message was DKIM signed.
I wonder in this situation where the SPF record should be stored. Perhaps the receiving server is not querying my domain's DNS record at all because the email was generated by the mail agent on the hosting server. Please see the enclosed message header. The hosting company doesn't seem to know this subject very well. So I am hoping you can give me some pointers.
Thank you very much.
Keith
========= Message Header =============
Received: from <<http://BN6PR06MB2755.namprd06.prod.outlook.com>http://BN6PR06MB2755.namprd06.prod.outlook.com><http://BN6PR06MB2755.namprd06.prod.outlook.com>BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) by
<<http://MWHPR06MB2767.namprd06.prod.outlook.com>http://MWHPR06MB2767.namprd06.prod.outlook.com><http://MWHPR06MB2767.namprd06.prod.outlook.com>MWHPR06MB2767.namprd06.prod.outlook.com (10.175.137.136) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.734.8 via Mailbox Transport; Sat, 19 Nov 2016 02:38:53 +0000
Received: from <<http://BY2PR06CA0002.namprd06.prod.outlook.com>http://BY2PR06CA0002.namprd06.prod.outlook.com><http://BY2PR06CA0002.namprd06.prod.outlook.com>BY2PR06CA0002.namprd06.prod.outlook.com (10.166.106.140) by
<<http://BN6PR06MB2755.namprd06.prod.outlook.com>http://BN6PR06MB2755.namprd06.prod.outlook.com><http://BN6PR06MB2755.namprd06.prod.outlook.com>BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.721.10; Sat, 19 Nov 2016 02:38:52 +0000
Received: from <<http://SN1NAM02FT026.eop-nam02.prod.protection.outlook.com>http://SN1NAM02FT026.eop-nam02.prod.protection.outlook.com><http://SN1NAM02FT026.eop-nam02.prod.protection.outlook.com>SN1NAM02FT026.eop-nam02.prod.protection.outlook.com
(2a01:111:f400:7e44::208) by <<http://BY2PR06CA0002.outlook.office365.com>http://BY2PR06CA0002.outlook.office365.com><http://BY2PR06CA0002.outlook.office365.com>BY2PR06CA0002.outlook.office365.com
(2a01:111:e400:7bfe::12) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.734.8 via Frontend
Transport; Sat, 19 Nov 2016 02:38:52 +0000
Authentication-Results: spf=none (sender IP is 162.244.253.254)
smtp.mailfrom=<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.supportedns.com>s3.supportedns.com; <<http://pebblesmart.com>http://pebblesmart.com><http://pebblesmart.com>pebblesmart.com; dkim=none (message not
signed) header.d=none;<<http://pebblesmart.com>http://pebblesmart.com><http://pebblesmart.com>pebblesmart.com; dmarc=none action=none
header.from=<<http://pebblesmart.com>http://pebblesmart.com><http://pebblesmart.com>pebblesmart.com;<<http://pebblesmart.com>http://pebblesmart.com><http://pebblesmart.com>pebblesmart.com; dkim=none (message not signed)
header.d=none;
Received-SPF: None (<<http://protection.outlook.com>http://protection.outlook.com><http://protection.outlook.com>protection.outlook.com: <<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.supportedns.com>s3.supportedns.com does not
designate permitted sender hosts)
Received: from <<http://scanner01.mail.supportedns.com>http://scanner01.mail.supportedns.com><http://scanner01.mail.supportedns.com>scanner01.mail.supportedns.com (162.244.253.254) by
<<http://SN1NAM02FT026.mail.protection.outlook.com>http://SN1NAM02FT026.mail.protection.outlook.com><http://SN1NAM02FT026.mail.protection.outlook.com>SN1NAM02FT026.mail.protection.outlook.com (10.152.72.97) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.734.4 via Frontend Transport; Sat, 19 Nov 2016 02:38:50 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:;UpperCasedChecksum:;SizeAsReceived:2327;Count:26
Received: from <<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.supportedns.com>s3.supportedns.com ([173.248.191.183])
by <<http://scanner01.mail.supportedns.com>http://scanner01.mail.supportedns.com><http://scanner01.mail.supportedns.com>scanner01.mail.supportedns.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.86)
id 1c7vYH-0002Zc-Gd; Fri, 18 Nov 2016 21:38:50 -0500
Received: from pebblebe by <<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.supportedns.com>s3.supportedns.com with local (Exim 4.87)
id 1c7vYG-002gOT-Av; Fri, 18 Nov 2016 21:38:48 -0500
Subject: Pebble Smart Contact: "Test New Contact Form #5"
X-PHP-Script: <<http://pebblesmart.com/index.php>http://pebblesmart.com/index.php><http://pebblesmart.com/index.php>pebblesmart.com/index.php for 75.170.66.196
X-PHP-Filename: /home/pebblebe/public_html/index.php REMOTE_ADDR: 75.170.66.196
Date: Sat, 19 Nov 2016 02:38:48 +0000
X-Mailer: PHPMailer 5.2.14 (<<https://github.com/PHPMailer/PHPMailer>https://github.com/PHPMailer/PHPMailer>https://github.com/PHPMailer/PHPMailer)
X-WPCF7-Content-Type: text/plain
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Filter-ID: -- snip -- snip ---
X-Originating-IP: 173.248.191.183
X-SpamExperts-Domain: <<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.supportedns.com>s3.supportedns.com
X-SpamExperts-Username: 173.248.191.183
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.20)
X-Classification: not-spam/combined
X-Recommended-Action: accept
X-IncomingHeaderCount: 26
X-MS-Exchange-Organization-Network-Message-Id: 9c81000f-3762-4960-1e4b-08d410253294
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: e5a10804-94c5-46a9-9149-411eb7e24477:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: -- snip -- snip ----- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Office365-Filtering-Correlation-Id: 9c81000f-3762-4960-1e4b-08d410253294
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(81800161)(71701004)(71702002);SRVR:BN6PR06MB2755;
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics:-- snip -- snip ---
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: -- snip -- snip ---
X-MS-Exchange-Organization-SCL: 5
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
SpamDiagnosticOutput: 1:22
SpamDiagnosticMetadata: Default
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Nov 2016 02:38:50.9484
(UTC)
X-MS-Exchange-CrossTenant-Id: e5a10804-94c5-46a9-9149-411eb7e24477
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2755
X-MS-Exchange-Organization-AuthSource: <<http://SN1NAM02FT026.eop-nam02.prod.protection.outlook.com>http://SN1NAM02FT026.eop-nam02.prod.protection.outlook.com><http://SN1NAM02FT026.eop-nam02.prod.protection.outlook.com>SN1NAM02FT026.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0519413
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
Sender Policy Framework: <<http://www.openspf.net>http://www.openspf.net>http://www.openspf.net
Modify Your Subscription: <<http://www.listbox.com/member/>http://www.listbox.com/member/>http://www.listbox.com/member/
<<https://www.listbox.com/member/archive/1020/=now>https://www.listbox.com/member/archive/1020/=now>Archives<<https://www.listbox.com/member/archive/rss/1020/15739084-ee0a6cb2>https://www.listbox.com/member/archive/rss/1020/15739084-ee0a6cb2> | <https://www.listbox.com/member/?&>Modify Your Subscription | <<https://www.listbox.com/unsubscribe/?&&post_id=20161120103310:A1DEAB10-AF36-11E6-9A98-8E119C2294C7>https://www.listbox.com/unsubscribe/?&&post_id=20161120103310:A1DEAB10-AF36-11E6-9A98-8E119C2294C7>Unsubscribe Now<<http://www.listbox.com>http://www.listbox.com>

all my collected advice on spf in general
<http://www.alandoherty.net/info/mailservers/spf/>http://www.alandoherty.net/info/mailservers/spf/
--
Alan Doherty: <http://www.alandoherty.net/>http://www.alandoherty.net/
all-contact: <http://www.alandoherty.net/contact/>http://www.alandoherty.net/contact/ : cell <tel:%2B353-87-907-8286>+353-87-907-8286
Anyone giving my address to 3rd parties without my explicit consent will be reviled,
If you cannot respect your contacts privacy, DO NOT ADD ME to YOUR ADDRESS-BOOK.
<http://alan-ie.livejournal.com/tag/idiocy>http://alan-ie.livejournal.com/tag/idiocy
Sender Policy Framework: <http://www.openspf.net>http://www.openspf.net
Modify Your Subscription: <http://www.listbox.com/member/>http://www.listbox.com/member/
<https://www.listbox.com/member/archive/1020/=now>Archives<https://www.listbox.com/member/archive/rss/1020/15739084-ee0a6cb2> | <https://www.listbox.com/member/?&>Modify Your Subscription | <https://www.listbox.com/unsubscribe/?&&post_id=20161121162850:7A05F994-B031-11E6-B8AC-F1ACD28C53A1>Unsubscribe Now<http://www.listbox.com>

all my collected advice on spf in general
http://www.alandoherty.net/info/mailservers/spf/

--
Alan Doherty: http://www.alandoherty.net/
all-contact: http://www.alandoherty.net/contact/ : cell +353-87-907-8286
Anyone giving my address to 3rd parties without my explicit consent will be reviled,
If you cannot respect your contacts privacy, DO NOT ADD ME to YOUR ADDRESS-BOOK.
http://alan-ie.livejournal.com/tag/idiocy

-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/26474686-1da6c477
Modify Your Subscription: https://www.listbox.com/member/?member_id=26474686&id_secret=26474686-2ac0b651
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26474686&id_secret=26474686-b919b075&post_id=20161121185358:C2ED0878-B045-11E6-BA7B-8B6C71F3482F
Powered by Listbox: http://www.listbox.com

KQJ

2016-11-22 00:16:09 UTC

Permalink

The use of the php mail() function is buried inside a WordPress function
which the contact form code uses to send mail. If I modify any of these
code, it will be lost with updates. So I am trying to see if another SMTP
plugin will let me specify the envelop sender.

In the case of listbox.com, used as an example in Ged's comment, I can see
the SPF record for jeeves.archives.listbox.com (deferred to listbox.com)
contains a:outbound.listbox.com, which contains an A record for the IP that
was sending the email. Totally makes sense.

Thanks!
Keith

-----Original Message-----
From: alan [mailto:***@alandoherty.net]
Sent: Monday, November 21, 2016 3:49 PM
To: spf-***@listbox.com; spf-***@listbox.com
Subject: Re: [spf-help] Setting SPF Record for a hosted situation

Post by KQJ
Thank you all for your input. I read all your responses carefully. I also

received further input from the ISP. It looks like with either code
modification or a plugin I can make the contact form to send with the proper
settings so that my domain's record is consulted for SPF by the receiving
server.

Post by KQJ
I do need help on a little more clarification. From the receiving server's

point of view, which piece of data (as shown in the header) does it use to
determine the domain to check SPF on? Is it the Return Path? Is that the
same as the Envelop From or "envelop sender" (per Alan's response)?

yes but return path is a pseudo-header
(only added by the last server it arrives on before converting it to
whatever format the users mailbox uses) servers/spf read it from the
envelope which is not part of the mail and discarded (converted to
return-path when it gets to final destination)

the headers it was visible in on your sample are these and likely the only
ones to entirely trust

simply adding the "-f ***@from-address" to the php mail function in
your php code should do what you need it works with exim (the system your
isp uses) sendmail and most others ,as i do a lot of php and exim on my own
servers

Received: from
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.supportedns
.com>s3.supportedns.com ([173.248.191.183])

Post by KQJ
by
<<http://scanner01.mail.supportedns.com>http://scanner01.mail.supporte
dns.com><http://scanner01.mail.supportedns.com>scanner01.mail.supporte
dns.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.86)
(envelope-from
<<<<<<<<<<<<<<<<<<<<< id 1c7vYH-0002Zc-Gd; Fri, 18 Nov 2016 21:38:50
-0500
Received: from pebblebe by
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.suppor
tedns.com>s3.supportedns.com with local (Exim 4.87) (envelope-from
<<<<<<<<<<<<<<<<<< id 1c7vYG-002gOT-Av; Fri, 18 Nov 2016 21:38:48
-0500
Thanks again.
Keith
On Sun, Nov 20, 2016 at 9:57 AM, alan
oops i see the mail was included(my bad) (ignore previous bits marked ####)
####without seeing the emails in question i cant be sure but if your software sends them
###from the submitters email address then obviously they will fail the
submitters domains spf and or dkim checks (as obviously they were
sent/forged from your servers ip not the submitters allowed ips/systems
###if your software sends them from one of your own address's on the
other hand (as it must) then the sending ip must be listed in the spf
record for the senders domain
needs to be fixed to send from one of your own addresses as servername
is unlikely to have an spf record, or setup an appropriate spf record
for the domain of servername (ok confirmed your software send the
emails from
this is the issue)
so you need to rewrite the script at
/home/pebblebe/public_html/index.php
to send from
than
for example its likely doing this
mail($to, $mail_subject, $mail_message, $mail_header); when it should
be mail($to, $mail_subject, $mail_message, $mail_header, "-f
$mail_err_email");
the -f "mail_err_email sets the envelope sender (the address
transmission errors are returned to) if unset it defaults to
#########either way an example of a received message with full headers
will easilly show us which/what the server is doing(and where the
errors are coming from)
as for your spf record
"v=spf1 a +include:_<http://spf.mddservices.com>spf.mddservices.com +ip4:162.244.253.254 -all"
first remove the unneccissary +
next the waste of others resources 'a'
as you know your own ip so dont make others look it up for every email
you send a == a:<http://pebblesmart.com>pebblesmart.com ==
ip4:173.248.188.5
thus a cleaner fixed up spf would be
"v=spf1 ip4:162.244.253.254 ip4:173.248.188.5

include:_<http://spf.mddservices.com>spf.mddservices.com -all"

Post by KQJ

Post by KQJ
Hello,

<<http://pebblesmart.com>http://pebblesmart.com><http://pebblesmart.com>pebb
lesmart.com) hosted at a hosting service. The website's contact form
generates emails to my company's customer support email address. (I use
WordPress plugin Contact Form 7). However, the emails are marked as spam by
Microsoft Outlook servers. I set up a SPF record for my domain and the
hosting service said a DKIM record was created for my domain. But the email
message header indicated no SPF or DKIM was found. I also directed the
generated email to Gmail. It used "best guess" to let the message pass, but
didn't indicate SPF record found or the message was DKIM signed.

Post by KQJ

Post by KQJ
I wonder in this situation where the SPF record should be stored. Perhaps

Post by KQJ

Post by KQJ
Thank you very much.
Keith
========= Message Header =============
Received: from
<<http://BN6PR06MB2755.namprd06.prod.outlook.com>http://BN6PR06MB2755.
namprd06.prod.outlook.com><http://BN6PR06MB2755.namprd06.prod.outlook.
com>BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) by
<<http://MWHPR06MB2767.namprd06.prod.outlook.com>http://MWHPR06MB2767.
namprd06.prod.outlook.com><http://MWHPR06MB2767.namprd06.prod.outlook.
com>MWHPR06MB2767.namprd06.prod.outlook.com (10.175.137.136) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.734.8 via Mailbox Transport; Sat, 19 Nov 2016 02:38:53 +0000
Received: from
<<http://BY2PR06CA0002.namprd06.prod.outlook.com>http://BY2PR06CA0002.
namprd06.prod.outlook.com><http://BY2PR06CA0002.namprd06.prod.outlook.
com>BY2PR06CA0002.namprd06.prod.outlook.com (10.166.106.140) by
<<http://BN6PR06MB2755.namprd06.prod.outlook.com>http://BN6PR06MB2755.
namprd06.prod.outlook.com><http://BN6PR06MB2755.namprd06.prod.outlook.
com>BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.721.10;
Sat, 19 Nov 2016 02:38:52 +0000
Received: from
<<http://SN1NAM02FT026.eop-nam02.prod.protection.outlook.com>http://SN
1NAM02FT026.eop-nam02.prod.protection.outlook.com><http://SN1NAM02FT02
6.eop-nam02.prod.protection.outlook.com>SN1NAM02FT026.eop-nam02.prod.p
rotection.outlook.com
(2a01:111:f400:7e44::208) by
<<http://BY2PR06CA0002.outlook.office365.com>http://BY2PR06CA0002.outl
ook.office365.com><http://BY2PR06CA0002.outlook.office365.com>BY2PR06C
A0002.outlook.office365.com
(2a01:111:e400:7bfe::12) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.734.8 via
Frontend Transport; Sat, 19 Nov 2016 02:38:52 +0000
Authentication-Results: spf=none (sender IP is 162.244.253.254)
smtp.mailfrom=<<http://s3.supportedns.com>http://s3.supportedns.com><h
ttp://s3.supportedns.com>s3.supportedns.com;
<<http://pebblesmart.com>http://pebblesmart.com><http://pebblesmart.co
m>pebblesmart.com; dkim=none (message not
signed)
header.d=none;<<http://pebblesmart.com>http://pebblesmart.com><http://
pebblesmart.com>pebblesmart.com; dmarc=none action=none
header.from=<<http://pebblesmart.com>http://pebblesmart.com><http://pe
bblesmart.com>pebblesmart.com;<<http://pebblesmart.com>http://pebblesm
art.com><http://pebblesmart.com>pebblesmart.com; dkim=none (message
not signed) header.d=none;
Received-SPF: None
(<<http://protection.outlook.com>http://protection.outlook.com><http:/
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.suppo
rtedns.com>s3.supportedns.com does not designate permitted sender
hosts)
Received: from
<<http://scanner01.mail.supportedns.com>http://scanner01.mail.supporte
dns.com><http://scanner01.mail.supportedns.com>scanner01.mail.supporte
dns.com (162.244.253.254) by
<<http://SN1NAM02FT026.mail.protection.outlook.com>http://SN1NAM02FT02
6.mail.protection.outlook.com><http://SN1NAM02FT026.mail.protection.ou
tlook.com>SN1NAM02FT026.mail.protection.outlook.com (10.152.72.97)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.734.4 via Frontend Transport; Sat, 19 Nov 2016 02:38:50 +0000
OriginalChecksum:;UpperCasedChecksum:;SizeAsReceived:2327;Count:26
Received: from
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.suppo
rtedns.com>s3.supportedns.com ([173.248.191.183]) by
<<http://scanner01.mail.supportedns.com>http://scanner01.mail.supporte
dns.com><http://scanner01.mail.supportedns.com>scanner01.mail.supporte
dns.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.86)
(envelope-from
id 1c7vYH-0002Zc-Gd; Fri, 18 Nov 2016 21:38:50 -0500
Received: from pebblebe by
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.suppo
rtedns.com>s3.supportedns.com with local (Exim 4.87) (envelope-from
id 1c7vYG-002gOT-Av; Fri, 18 Nov 2016 21:38:48 -0500
smart.com>
Subject: Pebble Smart Contact: "Test New Contact Form #5"
<<http://pebblesmart.com/index.php>http://pebblesmart.com/index.php><h
ttp://pebblesmart.com/index.php>pebblesmart.com/index.php for
75.170.66.196
X-PHP-Filename: /home/pebblebe/public_html/index.php REMOTE_ADDR: 75.170.66.196
Date: Sat, 19 Nov 2016 02:38:48 +0000
From: James Gooney

<http://pebblesmart.com>pebblesmart.com>

ail.com>gmail.com>
ail.com>gmail.com>
X-Mailer: PHPMailer 5.2.14
(<<https://github.com/PHPMailer/PHPMailer>https://github.com/PHPMailer
/PHPMailer>https://github.com/PHPMailer/PHPMailer)
X-WPCF7-Content-Type: text/plain
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Filter-ID: -- snip -- snip ---
X-Originating-IP: 173.248.191.183
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.suppo
rtedns.com>s3.supportedns.com
X-SpamExperts-Username: 173.248.191.183
<<http://mail.supportedns.com>http://mail.supportedns.com><http://mail
.supportedns.com>mail.supportedns.com; auth=pass
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.20)
X-Classification: not-spam/combined
X-Recommended-Action: accept
X-IncomingHeaderCount: 26
9c81000f-3762-4960-1e4b-08d410253294
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: e5a10804-94c5-46a9-9149-411eb7e24477:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: -- snip -- snip ----- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
9c81000f-3762-4960-1e4b-08d410253294
UriScan:;BCL:0;PCL:0;RULEID:(22001)(81800161)(71701004)(71702002);SRVR
:BN6PR06MB2755;
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics:-- snip -- snip ---
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: -- snip -- snip ---
X-MS-Exchange-Organization-SCL: 5
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
SpamDiagnosticOutput: 1:22
SpamDiagnosticMetadata: Default
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Nov 2016
02:38:50.9484
(UTC)
X-MS-Exchange-CrossTenant-Id: e5a10804-94c5-46a9-9149-411eb7e24477
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2755
<<http://SN1NAM02FT026.eop-nam02.prod.protection.outlook.com>http://SN
1NAM02FT026.eop-nam02.prod.protection.outlook.com><http://SN1NAM02FT02
6.eop-nam02.prod.protection.outlook.com>SN1NAM02FT026.eop-nam02.prod.p
rotection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0519413
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
<<http://www.openspf.net>http://www.openspf.net>http://www.openspf.net
<<http://www.listbox.com/member/>http://www.listbox.com/member/>http:/
/www.listbox.com/member/
<<https://www.listbox.com/member/archive/1020/=now>https://www.listbox
.com/member/archive/1020/=now>Archives<<https://www.listbox.com/member
/archive/rss/1020/15739084-ee0a6cb2>https://www.listbox.com/member/arc
hive/rss/1020/15739084-ee0a6cb2> |
<https://www.listbox.com/member/?&>Modify Your Subscription |
<<https://www.listbox.com/unsubscribe/?&&post_id=20161120103310:A1DEAB
10-AF36-11E6-9A98-8E119C2294C7>https://www.listbox.com/unsubscribe/?&&
post_id=20161120103310:A1DEAB10-AF36-11E6-9A98-8E119C2294C7>Unsubscrib
e Now<<http://www.listbox.com>http://www.listbox.com>

ME to YOUR ADDRESS-BOOK.

Post by KQJ
<http://alan-ie.livejournal.com/tag/idiocy>http://alan-ie.livejournal.
com/tag/idiocy
<http://www.openspf.net>http://www.openspf.net
<http://www.listbox.com/member/>http://www.listbox.com/member/
<https://www.listbox.com/member/archive/1020/=now>Archives<https://www
.listbox.com/member/archive/rss/1020/15739084-ee0a6cb2> |
<https://www.listbox.com/member/?&>Modify Your Subscription |
<https://www.listbox.com/unsubscribe/?&&post_id=20161121162850:7A05F99
4-B031-11E6-B8AC-F1ACD28C53A1>Unsubscribe Now<http://www.listbox.com>

all my collected advice on spf in general
http://www.alandoherty.net/info/mailservers/spf/

--
Alan Doherty: http://www.alandoherty.net/
all-contact: http://www.alandoherty.net/contact/ : cell +353-87-907-8286
Anyone giving my address to 3rd parties without my explicit consent will be
reviled, If you cannot respect your contacts privacy, DO NOT ADD ME to YOUR
ADDRESS-BOOK.
http://alan-ie.livejournal.com/tag/idiocy

-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/26474686-1da6c477
Modify Your Subscription: https://www.listbox.com/member/?member_id=26474686&id_secret=26474686-2ac0b651
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26474686&id_secret=26474686-b919b075&post_id=20161121191621:E281B1F4-B048-11E6-BF0D-E68894A55E72
Powered by Listbox: http://www.listbox.com

alan

2016-11-22 11:07:34 UTC

Permalink

if running wordpress thats different (bad but totally separate issue)

then easier for you or the isp to simply setup a global rewrite rule in exim
to rewrite all occurrences of ***@s3.supportedns.com to ***@pebblesmart.com

like so

begin rewrite
***@s3.supportedns.com ***@pebblesmart.com Eh

http://www.exim.org/exim-html-current/doc/html/spec_html/ch-address_rewriting.html

Post by KQJ
The use of the php mail() function is buried inside a WordPress function
which the contact form code uses to send mail. If I modify any of these
code, it will be lost with updates. So I am trying to see if another SMTP
plugin will let me specify the envelop sender.
In the case of listbox.com, used as an example in Ged's comment, I can see
the SPF record for jeeves.archives.listbox.com (deferred to listbox.com)
contains a:outbound.listbox.com, which contains an A record for the IP that
was sending the email. Totally makes sense.
Thanks!
Keith
-----Original Message-----
Sent: Monday, November 21, 2016 3:49 PM
Subject: Re: [spf-help] Setting SPF Record for a hosted situation

Post by KQJ
Thank you all for your input. I read all your responses carefully. I also

Post by KQJ
I do need help on a little more clarification. From the receiving server's

point of view, which piece of data (as shown in the header) does it use to
determine the domain to check SPF on? Is it the Return Path? Is that the
same as the Envelop From or "envelop sender" (per Alan's response)?
yes but return path is a pseudo-header
(only added by the last server it arrives on before converting it to
whatever format the users mailbox uses) servers/spf read it from the
envelope which is not part of the mail and discarded (converted to
return-path when it gets to final destination)
the headers it was visible in on your sample are these and likely the only
ones to entirely trust
your php code should do what you need it works with exim (the system your
isp uses) sendmail and most others ,as i do a lot of php and exim on my own
servers
Received: from
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.supportedns
.com>s3.supportedns.com ([173.248.191.183])

+ip4:162.244.253.254 -all"

Post by KQJ
first remove the unneccissary +
next the waste of others resources 'a'
as you know your own ip so dont make others look it up for every email
you send a == a:<http://pebblesmart.com>pebblesmart.com ==
ip4:173.248.188.5
thus a cleaner fixed up spf would be
"v=spf1 ip4:162.244.253.254 ip4:173.248.188.5

include:_<http://spf.mddservices.com>spf.mddservices.com -all"

Post by KQJ

Post by KQJ
Hello,

Post by KQJ

Post by KQJ
I wonder in this situation where the SPF record should be stored. Perhaps

Post by KQJ

Post by KQJ
Thank you very much.
Keith
========= Message Header =============
Received: from
<<http://BN6PR06MB2755.namprd06.prod.outlook.com>http://BN6PR06MB2755.
namprd06.prod.outlook.com><http://BN6PR06MB2755.namprd06.prod.outlook.>>com>BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) by
<<http://MWHPR06MB2767.namprd06.prod.outlook.com>http://MWHPR06MB2767.
namprd06.prod.outlook.com><http://MWHPR06MB2767.namprd06.prod.outlook.>>com>MWHPR06MB2767.namprd06.prod.outlook.com (10.175.137.136) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.734.8 via Mailbox Transport; Sat, 19 Nov 2016 02:38:53 +0000
Received: from
<<http://BY2PR06CA0002.namprd06.prod.outlook.com>http://BY2PR06CA0002.
namprd06.prod.outlook.com><http://BY2PR06CA0002.namprd06.prod.outlook.>>com>BY2PR06CA0002.namprd06.prod.outlook.com (10.166.106.140) by
<<http://BN6PR06MB2755.namprd06.prod.outlook.com>http://BN6PR06MB2755.
namprd06.prod.outlook.com><http://BN6PR06MB2755.namprd06.prod.outlook.>>com>BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.721.10;
Sat, 19 Nov 2016 02:38:52 +0000
Received: from
<<http://SN1NAM02FT026.eop-nam02.prod.protection.outlook.com>http://SN
1NAM02FT026.eop-nam02.prod.protection.outlook.com><http://SN1NAM02FT02>>6.eop-nam02.prod.protection.outlook.com>SN1NAM02FT026.eop-nam02.prod.p
rotection.outlook.com
(2a01:111:f400:7e44::208) by
<<http://BY2PR06CA0002.outlook.office365.com>http://BY2PR06CA0002.outl
ook.office365.com><http://BY2PR06CA0002.outlook.office365.com>BY2PR06C
A0002.outlook.office365.com
(2a01:111:e400:7bfe::12) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.734.8 via
Frontend Transport; Sat, 19 Nov 2016 02:38:52 +0000
Authentication-Results: spf=none (sender IP is 162.244.253.254)
smtp.mailfrom=<<http://s3.supportedns.com>http://s3.supportedns.com><h
ttp://s3.supportedns.com>s3.supportedns.com;
<<http://pebblesmart.com>http://pebblesmart.com><http://pebblesmart.co
m>pebblesmart.com; dkim=none (message not
signed)
header.d=none;<<http://pebblesmart.com>http://pebblesmart.com><http://
pebblesmart.com>pebblesmart.com; dmarc=none action=none
header.from=<<http://pebblesmart.com>http://pebblesmart.com><http://pe
bblesmart.com>pebblesmart.com;<<http://pebblesmart.com>http://pebblesm
art.com><http://pebblesmart.com>pebblesmart.com; dkim=none (message
not signed) header.d=none;
Received-SPF: None
(<<http://protection.outlook.com>http://protection.outlook.com><http:/
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.suppo
rtedns.com>s3.supportedns.com does not designate permitted sender
hosts)
Received: from
<<http://scanner01.mail.supportedns.com>http://scanner01.mail.supporte
dns.com><http://scanner01.mail.supportedns.com>scanner01.mail.supporte
dns.com (162.244.253.254) by
<<http://SN1NAM02FT026.mail.protection.outlook.com>http://SN1NAM02FT02
6.mail.protection.outlook.com><http://SN1NAM02FT026.mail.protection.ou>>tlook.com>SN1NAM02FT026.mail.protection.outlook.com (10.152.72.97)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.734.4 via Frontend Transport; Sat, 19 Nov 2016 02:38:50 +0000
OriginalChecksum:;UpperCasedChecksum:;SizeAsReceived:2327;Count:26
Received: from
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.suppo
rtedns.com>s3.supportedns.com ([173.248.191.183]) by
<<http://scanner01.mail.supportedns.com>http://scanner01.mail.supporte
dns.com><http://scanner01.mail.supportedns.com>scanner01.mail.supporte
dns.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.86)
(envelope-from
id 1c7vYH-0002Zc-Gd; Fri, 18 Nov 2016 21:38:50 -0500
Received: from pebblebe by
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.suppo
rtedns.com>s3.supportedns.com with local (Exim 4.87) (envelope-from
id 1c7vYG-002gOT-Av; Fri, 18 Nov 2016 21:38:48 -0500
smart.com>
Subject: Pebble Smart Contact: "Test New Contact Form #5"
<<http://pebblesmart.com/index.php>http://pebblesmart.com/index.php><h
ttp://pebblesmart.com/index.php>pebblesmart.com/index.php for
75.170.66.196
X-PHP-Filename: /home/pebblebe/public_html/index.php REMOTE_ADDR: 75.170.66.196
Date: Sat, 19 Nov 2016 02:38:48 +0000
From: James Gooney

<http://pebblesmart.com>pebblesmart.com>

ail.com>gmail.com>
ail.com>gmail.com>
X-Mailer: PHPMailer 5.2.14
(<<https://github.com/PHPMailer/PHPMailer>https://github.com/PHPMailer
/PHPMailer>https://github.com/PHPMailer/PHPMailer)
X-WPCF7-Content-Type: text/plain
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Filter-ID: -- snip -- snip ---
X-Originating-IP: 173.248.191.183
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.suppo
rtedns.com>s3.supportedns.com
X-SpamExperts-Username: 173.248.191.183
<<http://mail.supportedns.com>http://mail.supportedns.com><http://mail
.supportedns.com>mail.supportedns.com; auth=pass
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.20)
X-Classification: not-spam/combined
X-Recommended-Action: accept
X-IncomingHeaderCount: 26
9c81000f-3762-4960-1e4b-08d410253294
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: e5a10804-94c5-46a9-9149-411eb7e24477:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: -- snip -- snip ----- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
9c81000f-3762-4960-1e4b-08d410253294
UriScan:;BCL:0;PCL:0;RULEID:(22001)(81800161)(71701004)(71702002);SRVR
:BN6PR06MB2755;
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics:-- snip -- snip ---
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: -- snip -- snip ---
X-MS-Exchange-Organization-SCL: 5
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
SpamDiagnosticOutput: 1:22
SpamDiagnosticMetadata: Default
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Nov 2016
02:38:50.9484
(UTC)
X-MS-Exchange-CrossTenant-Id: e5a10804-94c5-46a9-9149-411eb7e24477
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2755
<<http://SN1NAM02FT026.eop-nam02.prod.protection.outlook.com>http://SN
1NAM02FT026.eop-nam02.prod.protection.outlook.com><http://SN1NAM02FT02>>6.eop-nam02.prod.protection.outlook.com>SN1NAM02FT026.eop-nam02.prod.p
rotection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0519413
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
<<http://www.openspf.net>http://www.openspf.net>http://www.openspf.net
<<http://www.listbox.com/member/>http://www.listbox.com/member/>http:/
/www.listbox.com/member/
<<https://www.listbox.com/member/archive/1020/=now>https://www.listbox
.com/member/archive/1020/=now>Archives<<https://www.listbox.com/member>>/archive/rss/1020/15739084-ee0a6cb2>https://www.listbox.com/member/arc
hive/rss/1020/15739084-ee0a6cb2> |
<https://www.listbox.com/member/?&>Modify Your Subscription |
<<https://www.listbox.com/unsubscribe/?&&post_id=20161120103310:A1DEAB>>10-AF36-11E6-9A98-8E119C2294C7>https://www.listbox.com/unsubscribe/?&&
post_id=20161120103310:A1DEAB10-AF36-11E6-9A98-8E119C2294C7>Unsubscrib
e Now<<http://www.listbox.com>http://www.listbox.com>

ME to YOUR ADDRESS-BOOK.

Post by KQJ
<http://alan-ie.livejournal.com/tag/idiocy>http://alan-ie.livejournal.
com/tag/idiocy
<http://www.openspf.net>http://www.openspf.net
<http://www.listbox.com/member/>http://www.listbox.com/member/
<https://www.listbox.com/member/archive/1020/=now>Archives<https://www> .listbox.com/member/archive/rss/1020/15739084-ee0a6cb2> |
<https://www.listbox.com/member/?&>Modify Your Subscription |
<https://www.listbox.com/unsubscribe/?&&post_id=20161121162850:7A05F99> 4-B031-11E6-B8AC-F1ACD28C53A1>Unsubscribe Now<http://www.listbox.com>

all my collected advice on spf in general
http://www.alandoherty.net/info/mailservers/spf/

--
Alan Doherty: http://www.alandoherty.net/
all-contact: http://www.alandoherty.net/contact/ : cell +353-87-907-8286
Anyone giving my address to 3rd parties without my explicit consent will be reviled,
If you cannot respect your contacts privacy, DO NOT ADD ME to YOUR ADDRESS-BOOK.
http://alan-ie.livejournal.com/tag/idiocy

-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/26474686-1da6c477
Modify Your Subscription: https://www.listbox.com/member/?member_id=26474686&id_secret=26474686-2ac0b651
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26474686&id_secret=26474686-b919b075&post_id=20161122060758:E85869BE-B0A3-11E6-9D6F-B30A3AF46A5D
Powered by Listbox: http://www.listbox.com

Steve Yates

2016-11-22 15:23:33 UTC

Permalink

If you can edit php.ini settings you can set sendmail_from there.

http://php.net/manual/en/mail.configuration.php

--

Steve Yates
ITS, Inc.

-----Original Message-----
From: KQJ [mailto:***@gmail.com]
Sent: Monday, November 21, 2016 6:16 PM
To: spf-***@listbox.com
Subject: RE: [spf-help] Setting SPF Record for a hosted situation

The use of the php mail() function is buried inside a WordPress function which the contact form code uses to send mail. If I modify any of these code, it will be lost with updates. So I am trying to see if another SMTP plugin will let me specify the envelop sender.

-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/26474686-1da6c477
Modify Your Subscription: https://www.listbox.com/member/?member_id=26474686&id_secret=26474686-2ac0b651
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26474686&id_secret=26474686-b919b075&post_id=20161122102343:A4A3C320-B0C7-11E6-A049-93527813E6BD
Powered by Listbox: http://www.listbox.com

KQJ

2016-11-22 15:47:27 UTC

Permalink

Thanks for the good ideas. I got the problem solved with a plugin in
WordPress that lets me specify the envelope sender.

Thank you all for your kind help.
Keith

Post by Steve Yates
If you can edit php.ini settings you can set sendmail_from there.
http://php.net/manual/en/mail.configuration.php
--
Steve Yates
ITS, Inc.
-----Original Message-----
Sent: Monday, November 21, 2016 6:16 PM
Subject: RE: [spf-help] Setting SPF Record for a hosted situation
The use of the php mail() function is buried inside a WordPress function
which the contact form code uses to send mail. If I modify any of these
code, it will be lost with updates. So I am trying to see if another SMTP
plugin will let me specify the envelop sender.

-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/26474686-1da6c477
Modify Your Subscription: https://www.listbox.com/member/?member_id=26474686&id_secret=26474686-2ac0b651
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26474686&id_secret=26474686-b919b075&post_id=20161122104734:F9FD2B42-B0CA-11E6-BCE7-F6F8670573DE
Powered by Listbox: http://www.listbox.com

Mike McGowan

2016-11-22 12:53:46 UTC

Permalink

Why am I getting all of these emails?

Mike McGowan
Philadelphia IT Group | President
c. (610) 348-7133
***@philadelphiaITgroup.com

On Nov 22, 2016 6:08 AM, alan <***@alandoherty.net> wrote:
if running wordpress thats different (bad but totally separate issue)

then easier for you or the isp to simply setup a global rewrite rule in exim
to rewrite all occurrences of ***@s3.supportedns.com to ***@pebblesmart.com

like so

begin rewrite
***@s3.supportedns.com ***@pebblesmart.com Eh

http://www.exim.org/exim-html-current/doc/html/spec_html/ch-address_rewriting.html

Post by KQJ
Thank you all for your input. I read all your responses carefully. I also

Post by KQJ
I do need help on a little more clarification. From the receiving server's

point of view, which piece of data (as shown in the header) does it use to
determine the domain to check SPF on? Is it the Return Path? Is that the
same as the Envelop From or "envelop sender" (per Alan's response)?
yes but return path is a pseudo-header
(only added by the last server it arrives on before converting it to
whatever format the users mailbox uses) servers/spf read it from the
envelope which is not part of the mail and discarded (converted to
return-path when it gets to final destination)
the headers it was visible in on your sample are these and likely the only
ones to entirely trust
your php code should do what you need it works with exim (the system your
isp uses) sendmail and most others ,as i do a lot of php and exim on my own
servers
Received: from
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.supportedns
.com>s3.supportedns.com ([173.248.191.183])

Post by KQJ
by
<<http://scanner01.mail.supportedns.com>http://scanner01.mail.supporte
dns.com><http://scanner01.mail.supportedns.com>scanner01.mail.supporte
dns.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.86)
(envelope-from
<<<<<<<<<<<<<<<<<<<<< id 1c7vYH-0002Zc-Gd; Fri, 18 Nov 2016 21:38:50
-0500
Received: from pebblebe by
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.suppor
tedns.com>s3.supportedns.com with local (Exim 4.87) (envelope-from
<<<<<<<<<<<<<<<<<< id 1c7vYG-002gOT-Av; Fri, 18 Nov 2016 21:38:48
-0500
Thanks again.
Keith
On Sun, Nov 20, 2016 at 9:57 AM, alan
oops i see the mail was included(my bad) (ignore previous bits marked
####)
####without seeing the emails in question i cant be sure but if your
software sends them
###from the submitters email address then obviously they will fail the
submitters domains spf and or dkim checks (as obviously they were
sent/forged from your servers ip not the submitters allowed ips/systems
###if your software sends them from one of your own address's on the
other hand (as it must) then the sending ip must be listed in the spf
record for the senders domain
needs to be fixed to send from one of your own addresses as servername
is unlikely to have an spf record, or setup an appropriate spf record
for the domain of servername (ok confirmed your software send the
emails from
this is the issue)
so you need to rewrite the script at
/home/pebblebe/public_html/index.php
to send from
than
for example its likely doing this
mail($to, $mail_subject, $mail_message, $mail_header); when it should
be mail($to, $mail_subject, $mail_message, $mail_header, "-f
$mail_err_email");
the -f "mail_err_email sets the envelope sender (the address
transmission errors are returned to) if unset it defaults to
#########either way an example of a received message with full headers
will easilly show us which/what the server is doing(and where the
errors are coming from)
as for your spf record
"v=spf1 a +include:_<http://spf.mddservices.com>spf.mddservices.com

+ip4:162.244.253.254 -all"

include:_<http://spf.mddservices.com>spf.mddservices.com -all"

Post by KQJ

Post by KQJ
Hello,

Post by KQJ

Post by KQJ
I wonder in this situation where the SPF record should be stored. Perhaps

Post by KQJ

Post by KQJ
Thank you very much.
Keith
========= Message Header =============
Received: from
<<http://BN6PR06MB2755.namprd06.prod.outlook.com>http://BN6PR06MB2755.
namprd06.prod.outlook.com><http://BN6PR06MB2755.namprd06.prod.outlook.>>com>BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) by
<<http://MWHPR06MB2767.namprd06.prod.outlook.com>http://MWHPR06MB2767.
namprd06.prod.outlook.com><http://MWHPR06MB2767.namprd06.prod.outlook.>>com>MWHPR06MB2767.namprd06.prod.outlook.com (10.175.137.136) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.734.8 via Mailbox Transport; Sat, 19 Nov 2016 02:38:53 +0000
Received: from
<<http://BY2PR06CA0002.namprd06.prod.outlook.com>http://BY2PR06CA0002.
namprd06.prod.outlook.com><http://BY2PR06CA0002.namprd06.prod.outlook.>>com>BY2PR06CA0002.namprd06.prod.outlook.com (10.166.106.140) by
<<http://BN6PR06MB2755.namprd06.prod.outlook.com>http://BN6PR06MB2755.
namprd06.prod.outlook.com><http://BN6PR06MB2755.namprd06.prod.outlook.>>com>BN6PR06MB2755.namprd06.prod.outlook.com (10.175.127.9) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.721.10;
Sat, 19 Nov 2016 02:38:52 +0000
Received: from
<<http://SN1NAM02FT026.eop-nam02.prod.protection.outlook.com>http://SN
1NAM02FT026.eop-nam02.prod.protection.outlook.com><http://SN1NAM02FT02>>6.eop-nam02.prod.protection.outlook.com>SN1NAM02FT026.eop-nam02.prod.p
rotection.outlook.com
(2a01:111:f400:7e44::208) by
<<http://BY2PR06CA0002.outlook.office365.com>http://BY2PR06CA0002.outl
ook.office365.com><http://BY2PR06CA0002.outlook.office365.com>BY2PR06C
A0002.outlook.office365.com
(2a01:111:e400:7bfe::12) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.734.8 via
Frontend Transport; Sat, 19 Nov 2016 02:38:52 +0000
Authentication-Results: spf=none (sender IP is 162.244.253.254)
smtp.mailfrom=<<http://s3.supportedns.com>http://s3.supportedns.com><h
ttp://s3.supportedns.com>s3.supportedns.com;
<<http://pebblesmart.com>http://pebblesmart.com><http://pebblesmart.co
m>pebblesmart.com; dkim=none (message not
signed)
header.d=none;<<http://pebblesmart.com>http://pebblesmart.com><http://
pebblesmart.com>pebblesmart.com; dmarc=none action=none
header.from=<<http://pebblesmart.com>http://pebblesmart.com><http://pe
bblesmart.com>pebblesmart.com;<<http://pebblesmart.com>http://pebblesm
art.com><http://pebblesmart.com>pebblesmart.com; dkim=none (message
not signed) header.d=none;
Received-SPF: None
(<<http://protection.outlook.com>http://protection.outlook.com><http:/
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.suppo
rtedns.com>s3.supportedns.com does not designate permitted sender
hosts)
Received: from
<<http://scanner01.mail.supportedns.com>http://scanner01.mail.supporte
dns.com><http://scanner01.mail.supportedns.com>scanner01.mail.supporte
dns.com (162.244.253.254) by
<<http://SN1NAM02FT026.mail.protection.outlook.com>http://SN1NAM02FT02
6.mail.protection.outlook.com><http://SN1NAM02FT026.mail.protection.ou>>tlook.com>SN1NAM02FT026.mail.protection.outlook.com (10.152.72.97)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.734.4 via Frontend Transport; Sat, 19 Nov 2016 02:38:50 +0000
OriginalChecksum:;UpperCasedChecksum:;SizeAsReceived:2327;Count:26
Received: from
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.suppo
rtedns.com>s3.supportedns.com ([173.248.191.183]) by
<<http://scanner01.mail.supportedns.com>http://scanner01.mail.supporte
dns.com><http://scanner01.mail.supportedns.com>scanner01.mail.supporte
dns.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.86)
(envelope-from
id 1c7vYH-0002Zc-Gd; Fri, 18 Nov 2016 21:38:50 -0500
Received: from pebblebe by
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.suppo
rtedns.com>s3.supportedns.com with local (Exim 4.87) (envelope-from
id 1c7vYG-002gOT-Av; Fri, 18 Nov 2016 21:38:48 -0500
smart.com>
Subject: Pebble Smart Contact: "Test New Contact Form #5"
<<http://pebblesmart.com/index.php>http://pebblesmart.com/index.php><h
ttp://pebblesmart.com/index.php>pebblesmart.com/index.php for
75.170.66.196
75.170.66.196
Date: Sat, 19 Nov 2016 02:38:48 +0000
From: James Gooney

<http://pebblesmart.com>pebblesmart.com>

ail.com>gmail.com>
ail.com>gmail.com>
X-Mailer: PHPMailer 5.2.14
(<<https://github.com/PHPMailer/PHPMailer>https://github.com/PHPMailer
/PHPMailer>https://github.com/PHPMailer/PHPMailer)
X-WPCF7-Content-Type: text/plain
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Filter-ID: -- snip -- snip ---
X-Originating-IP: 173.248.191.183
<<http://s3.supportedns.com>http://s3.supportedns.com><http://s3.suppo
rtedns.com>s3.supportedns.com
X-SpamExperts-Username: 173.248.191.183
<<http://mail.supportedns.com>http://mail.supportedns.com><http://mail
.supportedns.com>mail.supportedns.com; auth=pass
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.20)
X-Classification: not-spam/combined
X-Recommended-Action: accept
X-IncomingHeaderCount: 26
9c81000f-3762-4960-1e4b-08d410253294
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: e5a10804-94c5-46a9-9149-411eb7e24477:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Forefront-Antispam-Report: -- snip -- snip ----- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
9c81000f-3762-4960-1e4b-08d410253294
UriScan:;BCL:0;PCL:0;RULEID:(22001)(81800161)(71701004)(71702002);SRVR
:BN6PR06MB2755;
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Microsoft-Exchange-Diagnostics:-- snip -- snip ---
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: -- snip -- snip ---
X-MS-Exchange-Organization-SCL: 5
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
SpamDiagnosticOutput: 1:22
SpamDiagnosticMetadata: Default
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Nov 2016
02:38:50.9484
(UTC)
X-MS-Exchange-CrossTenant-Id: e5a10804-94c5-46a9-9149-411eb7e24477
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2755
<<http://SN1NAM02FT026.eop-nam02.prod.protection.outlook.com>http://SN
1NAM02FT026.eop-nam02.prod.protection.outlook.com><http://SN1NAM02FT02>>6.eop-nam02.prod.protection.outlook.com>SN1NAM02FT026.eop-nam02.prod.p
rotection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.0519413
X-Microsoft-Exchange-Diagnostics: -- snip -- snip ---
<<http://www.openspf.net>http://www.openspf.net>http://www.openspf.net
<<http://www.listbox.com/member/>http://www.listbox.com/member/>http:/
/www.listbox.com/member/
<<https://www.listbox.com/member/archive/1020/=now>https://www.listbox
.com/member/archive/1020/=now>Archives<<https://www.listbox.com/member>>/archive/rss/1020/15739084-ee0a6cb2>https://www.listbox.com/member/arc
hive/rss/1020/15739084-ee0a6cb2> |
<https://www.listbox.com/member/?&>Modify Your Subscription |
<<https://www.listbox.com/unsubscribe/?&&post_id=20161120103310:A1DEAB>>10-AF36-11E6-9A98-8E119C2294C7>https://www.listbox.com/unsubscribe/?&&
post_id=20161120103310:A1DEAB10-AF36-11E6-9A98-8E119C2294C7>Unsubscrib
e Now<<http://www.listbox.com>http://www.listbox.com>

ME to YOUR ADDRESS-BOOK.

Post by KQJ
<http://alan-ie.livejournal.com/tag/idiocy>http://alan-ie.livejournal.
com/tag/idiocy
<http://www.openspf.net>http://www.openspf.net
<http://www.listbox.com/member/>http://www.listbox.com/member/
<https://www.listbox.com/member/archive/1020/=now>Archives<https://www> .listbox.com/member/archive/rss/1020/15739084-ee0a6cb2> |
<https://www.listbox.com/member/?&>Modify Your Subscription |
<https://www.listbox.com/unsubscribe/?&&post_id=20161121162850:7A05F99> 4-B031-11E6-B8AC-F1ACD28C53A1>Unsubscribe Now<http://www.listbox.com>

all my collected advice on spf in general
http://www.alandoherty.net/info/mailservers/spf/

--
Alan Doherty: http://www.alandoherty.net/
all-contact: http://www.alandoherty.net/contact/ : cell +353-87-907-8286
Anyone giving my address to 3rd parties without my explicit consent will be reviled,
If you cannot respect your contacts privacy, DO NOT ADD ME to YOUR ADDRESS-BOOK.
http://alan-ie.livejournal.com/tag/idiocy

-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/26474686-1da6c477
Modify Your Subscription: https://www.listbox.com/member/?member_id=26474686&id_secret=26474686-2ac0b651
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26474686&id_secret=26474686-b919b075&post_id=20161122075402:B88DC148-B0B2-11E6-8813-F1DEFA19DD29
Powered by Listbox: http://www.listbox.com

Alex van den Bogaerdt

2016-11-22 15:48:46 UTC

Permalink

Post by Mike McGowan
Why am I getting all of these emails?

Because you, or someone else on your behalf, have subscribed to the
mailing list.

As far as I know this is a confirmed subscription, i.e.:
1: someone sends a request to the mailing list manager
2: the mailing list manager sends a request to confirm to your email account
3: this request needs to be answered before your email address is added.

The answer to the question you did not ask:

To unsubscribe, follow the easy directions sent in every message,
including the one you copied verbatim:

Modify Your Subscription:
https://www.listbox.com/member/?member_id= { see your own copy }
Unsubscribe Now:
https://www.listbox.com/unsubscribe/?member_id= { see your own copy }

-------------------------------------------
Sender Policy Framework: http://www.openspf.net [http://www.openspf.net]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/26474686-1da6c477
Modify Your Subscription: https://www.listbox.com/member/?member_id=26474686&id_secret=26474686-2ac0b651
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26474686&id_secret=26474686-b919b075&post_id=20161122104908:2EE04A2E-B0CB-11E6-8CBD-C4D58C5E1ADC
Powered by Listbox: http://www.listbox.com