|
|
Subject: SPF prevents mail from being delivered to Hotmail
- msg#00065
In the Hotmail saga, here is my latest discovery.
As we all know, Hotmail receives email very unreliably. Many
legitimate mails end up in the junk mail folder, many others simply
disappear.
Mail to Hotmail seemed to work better depending on providers used.
I.e. mails from my domains sent though ControlledMail would arrive
into Hotmail's inbox perfectly; whereas the same mails sent through
Tuffmail would end up in Hotmail's junk mail folder.
As an experiment, I have totally removed the SPF record of one of my
domains, guidedvacation.com. I waited ca 2 weeks (knowing that
Hotmails caches SPF records). And here is my experiment of today:
- mail from guidedvacation.com sent through Tuffmail arrives perfectly
in Hotmail's inbox
- mail from any other of my domains, that still have an SPF record,
sent through Tuffmail arrives in Hotmail's junk mail folder
In other terms having an SPF record is harmful if you want to send
mail to Hotmail. Removing the SPF record will improve reliability of
email delivery to Hotmail.
SPF also seems to be useless with joejob prevention. Spammers use my
SPF-protected domains more and more to send their spam. I receive
thousands of returned mails which I have never sent before, and I have
constantly to increase my filters so they don't flood my inbox. So SPF
does not seem to do the job it was designed to, and I wonder, at the
end, what is its use now?
Thread at a glance:
Previous Message by Date:
Re: SPF - microsoft.com Maximum lookup or DNS unresolve
On Wed, Oct 25, 2006 at 11:13:40PM +0200, chris gigs wrote:
> Does anyone know if this error is really due to all lookups that are needed
> for microsoft.com SPF or is it because smtp.msn.com is unresolvable?
It is because of:
$ dig smtp.msn.com
;; Truncated, retrying in TCP mode.
[...]
The daemon doesn't try tcp, or your firewall is blocking it.
HTH
Alex
Next Message by Date:
RE: SPF prevents mail from being delivered to Hotmail
Mark Wolk <mailto:markwolk@xxxxxxxxx> wrote on Thursday, October 26,
2006 10:04 PM:
> In other terms having an SPF record is harmful if you want to send
> mail to Hotmail. Removing the SPF record will improve reliability of
> email delivery to Hotmail.
I can't speak directly to the accuracy of your claim since I
haven't tried it, however, 1) I have a client whose domain doesn't use
SPF and has trouble sending to HotMail, and 2) HotMail, being a
Microsoft property, likely doesn't use SPF, it uses SPF records to
perform Sender ID calculations.
Did you also set up a Sender ID record for this domain and test
with that? Is there an SPF record set up for the HELO greeting of the
outgoing (Tuffmail ?) mail server?
> SPF also seems to be useless with joejob prevention. Spammers use my
> SPF-protected domains more and more to send their spam. I receive
> thousands of returned mails which I have never sent before, and I have
> constantly to increase my filters so they don't flood my inbox. So SPF
> does not seem to do the job it was designed to, and I wonder, at the
> end, what is its use now?
This is sort of a common misconception I think. SPF will only
work well to block forged e-mails when every or most every mail server
checks for it. If the receiving mail server doesn't check for SPF, then
SPF has no effect. The whole
SPF-is-merging-with-Sender-ID-oops-no-it's-not thing slowed things down
IMHO, and even now I don't think many mail servers natively support SPF
except via add-ons. So I don't think it's caught on as fast as everyone
would like. I think a push to get mail servers to check for SPF would
be a really good idea.
Being on this list for a while now it is apparent to me that a
"single mail server" setup is fairly easy to get right with SPF but more
complicated setups are often set up incorrectly by SPF newbies. Having
an "include" that doesn't resolve will render an SPF record useless, for
example.
- Steve Yates
- ITS, Inc.
- Computers will help us to solve problems we wouldn't have without
them.
~ Taglines by Taglinator - www.srtware.com ~
Previous Message by Thread:
SPF - microsoft.com Maximum lookup or DNS unresolve
Hello,
I am currently using SPF (thanks to openspf) using the postfix-policyd-spf
perl script (v 1.06) and Query.pm (v1.44). I got some feedback from end
users not receiving email from microsoft.com.
On the spf-discuss mailinglist (archive of May) that there is an issue
discussed with the SPF format of microsoft.com which demand lots of dns
lookup.
I've done a test using the new version of Query.pm (1.999001) with "my
$MAX_LOOKUP_COUNT = 50", but I still get the following error:
--------------------------------------------------------------------------
[root@hostname]# ./postfix-policyd-spf
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
helo_name=mail4.mssupport.microsoft.com
sender=service@xxxxxxxxxxxxx
recipient=destination@xxxxxxxxxx
client_address=131.107.70.12
client_name=mail4.mssupport.microsoft.com
action=DEFER_IF_PERMIT Please see
http://www.openspf.org/why.html?sender=service%40microsoft.com&ip=131.107.70.12&receiver=hostname:
DNS error while looking up smtp.msn.com A: SERVFAIL
older version give me this result as query.pm returns "error"
action=450 temporary failure: Please see
http://spf.pobox.com/why.html?sender=service%40microsoft.com&ip=131.107.70.12&receiver=hostname:
DNS error while looking up smtp.msn.com A: query timed out
--------------------------------------------------------------------------
Does anyone know if this error is really due to all lookups that are needed
for microsoft.com SPF or is it because smtp.msn.com is unresolvable?
(I've not yet had a look on the meaning of the new return codes)
For right now I ve kept the old version of query.pm and added the following
to postfix-policyd-spf as a workaround:
if ($attr{sender} =~ /\@microsoft.com/)
{ syslog(info=>"%s: SPF Skipping SPF check for
microsoft.com",$attr{queue_id});
return "DUNNO-Microsoft exception";
}
Does anyone else have other workaround?
Thank you in advance for your feedback
Chris
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Next Message by Thread:
RE: SPF prevents mail from being delivered to Hotmail
Mark Wolk <mailto:markwolk@xxxxxxxxx> wrote on Thursday, October 26,
2006 10:04 PM:
> In other terms having an SPF record is harmful if you want to send
> mail to Hotmail. Removing the SPF record will improve reliability of
> email delivery to Hotmail.
I can't speak directly to the accuracy of your claim since I
haven't tried it, however, 1) I have a client whose domain doesn't use
SPF and has trouble sending to HotMail, and 2) HotMail, being a
Microsoft property, likely doesn't use SPF, it uses SPF records to
perform Sender ID calculations.
Did you also set up a Sender ID record for this domain and test
with that? Is there an SPF record set up for the HELO greeting of the
outgoing (Tuffmail ?) mail server?
> SPF also seems to be useless with joejob prevention. Spammers use my
> SPF-protected domains more and more to send their spam. I receive
> thousands of returned mails which I have never sent before, and I have
> constantly to increase my filters so they don't flood my inbox. So SPF
> does not seem to do the job it was designed to, and I wonder, at the
> end, what is its use now?
This is sort of a common misconception I think. SPF will only
work well to block forged e-mails when every or most every mail server
checks for it. If the receiving mail server doesn't check for SPF, then
SPF has no effect. The whole
SPF-is-merging-with-Sender-ID-oops-no-it's-not thing slowed things down
IMHO, and even now I don't think many mail servers natively support SPF
except via add-ons. So I don't think it's caught on as fast as everyone
would like. I think a push to get mail servers to check for SPF would
be a really good idea.
Being on this list for a while now it is apparent to me that a
"single mail server" setup is fairly easy to get right with SPF but more
complicated setups are often set up incorrectly by SPF newbies. Having
an "include" that doesn't resolve will render an SPF record useless, for
example.
- Steve Yates
- ITS, Inc.
- Computers will help us to solve problems we wouldn't have without
them.
~ Taglines by Taglinator - www.srtware.com ~
|
|