[Mailman-Users] SPF MAIL FROM check failed: [MAIL_FROM]

David dave at fiteyes.com
Thu May 10 02:32:37 CEST 2012 

On Wed, May 9, 2012 at 4:01 PM, David <dave at fiteyes.com> wrote:
> Re: Giving away the secrets of 99.3% email delivery
>
> 1. Constantly monitor spam blacklists. We have a set of Nagios alerts
that regularly check if we’re listed on any delivery blacklists, and
whenever they go off we take whatever corrective action we need to get back
off the blacklist.
> 2. Have valid SPF records. Don’t impersonate your users. When running a
web app like Basecamp, which sends email that are generated by another
user, it can be tempting to send the email from that user (e.g., so that a
comment I wrote on Basecamp would appear to come from noah at 37signals dot
com), which might make people feel more comfortable. Unfortunately, this is
a surefire way to end up on spam lists, since you’ll likely be sending from
an IP address that does not have the valid SPF records. And chances are, if
the user’s domain does have an SPF record, it doesn’t include your
application’s IP.
> 3. Sign the mail! DKIM and Domain Keys. Yahoo and Gmail both score signed
email higher.
> 4. Dedicated and conditioned email sending IPs.
> 5. Configure reverse dns entries. Most of the “big boys” won’t accept
mail from your servers if your reverse dns entries don’t match. You might
need your IP provider to help with setting up these records.
> 6. Enroll in feedback loops. We haven’t automated our parsing of
feedback, but a daily / weekly review of feedback loop emails helps us know
when there’s an unhappy user, or other problem. Too many complaints and
you’ve got trouble.

I started by setting up an SPF record (#2 on the list above). However,
shortly after setting it up, we got a bounce with this reason:

SPF MAIL FROM check failed:  [MAIL_FROM]

I searched a bit and came across things like this:
http://comments.gmane.org/gmane.org.user-groups.linux.new-zealand.general/34245
But nothing I found answered my questions.

Looking at the headers of the bounced message, I note:

Received-SPF: pass (domain of lists.example.com designates 10.10.10.99 as
permitted sender)
X-Originating-IP: [10.10.10.99]

That would seem to indicate things are OK, but maybe X-Originating-IP isn't
the line I need to be looking at... I'm not sure what [MAIL_FROM] (in the
SPF check failed line) matches in the email header.

Also, I note:

X-YahooFilteredBulk: 10.10.10.99 <-- what does "X-YahooFilteredBulk" mean?

And there is another value for this field.
X-Originating-IP: [76.21.140.158]

These are the headers of the bounced message:

Subject: Failure Notice
Sorry, we were unable to deliver your message to the following address.

<recipient at destination.com.br>:
Remote host said: 550 5.7.1 SPF MAIL FROM check failed:  [MAIL_FROM]

--- Below this line is a copy of the message.

Received: from [72.30.22.79] by nm1.bullet.mail.sp2.yahoo.com with NNFMP;
09 May 2012 21:51:02 -0000
Received: from [68.142.200.224] by tm13.bullet.mail.sp2.yahoo.com with
NNFMP; 09 May 2012 21:51:02 -0000
Received: from [66.94.237.102] by t5.bullet.mud.yahoo.com with NNFMP; 09
May 2012 21:51:01 -0000
Received: from [127.0.0.1] by omp1007.access.mail.mud.yahoo.com with NNFMP;
09 May 2012 21:51:01 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 502900.95307.bm at omp1007.access.mail.mud.yahoo.com
X-Yahoo-Forwarded: from recipient at destination.com to
recipient at destination.com.br
Return-Path: <all-bounces at lists.example.com>
X-YahooFilteredBulk: 10.10.10.99
Received-SPF: pass (domain of lists.example.com designates 10.10.10.99 as
permitted sender)
X-YMailISG: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
X-Originating-IP: [10.10.10.99]
Authentication-Results: mta1017.biz.mail.mud.yahoo.com  from=
lists.example.com; domainkeys=neutral (no sig);  from=att.net;
dkim=permerror (bad sig)
Received: from 127.0.0.1  (EHLO localhost) (10.10.10.99)
 by mta1017.biz.mail.mud.yahoo.com with SMTP; Wed, 09 May 2012 14:51:01
-0700
Received: from myhost.hostingprovider.com (localhost [127.0.0.1])
       by localhost (Postfix) with ESMTP id E9CA1123AB;
       Wed,  9 May 2012 21:43:23 +0000 (UTC)
X-Original-To: list at lists.example.com
Delivered-To: list at lists.example.com
Received: from fmailhost01.isp.att.net (fmailhost01.isp.att.net
 [204.127.217.101]) by localhost (Postfix) with ESMTP id 1D84D123A4
 for <list at lists.example.com>; Wed,  9 May 2012 20:52:06 +0000 (UTC)
DKIM-Signature: v=1; q=dns/txt; d=att.net; s=dkim01; i=member1 at domain.net;
 a=rsa-sha256; c=relaxed/relaxed; t=1336596725; h=Content-Type:
 MIME-Version:Message-ID:Date:Subject:In-Reply-To:References:To:
 From; yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
Received: from homecomputer3
 (c-76-21-140-158.hsd1.va.comcast.net[76.21.140.158])
 by worldnet.att.net (frfwmhc01) with SMTP
 id <20120509205204H0100sdv2pe>; Wed, 9 May 2012 20:52:05 +0000
X-Originating-IP: [76.21.140.158]
From: "Member One" <member1 at domain.net>
To: "'Example Discussion'" <list at lists.example.com>
References: <
13283191.1336591910177.JavaMail.root at wamui-june.atl.sa.earthlink.net>
In-Reply-To: <
13283191.1336591910177.JavaMail.root at wamui-june.atl.sa.earthlink.net>
Date: Wed, 9 May 2012 16:52:07 -0400
Message-ID: <!&!aaaaaaaaaaaaaaaaaaaaaaaaaaaaa==@att.net>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: xyxyzyzy
Content-Language: en-us
X-Mailman-Approved-At: Wed, 09 May 2012 21:43:22 +0000
Subject: [Example Discussion 110] Re: Example Subject
X-BeenThere: list at lists.example.com
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: Example Discussion <list at lists.example.com>
List-Id: Example Discussion <all.lists.example.com>
List-Unsubscribe: <http://lists.example.com/m/options/all>,
 <mailto:all-request at lists.example.com?subject=unsubscribe>
List-Archive: <http://lists.example.com/archive/all>
List-Post: <mailto:list at lists.example.com>
List-Help: <mailto:all-request at lists.example.com?subject=help>
List-Subscribe: <http://lists.example.com/m/listinfo/all>,
 <mailto:all-request at lists.example.com?subject=subscribe>
Content-Type: multipart/mixed;
boundary="===============4254722804560345795=="
Errors-To: all-bounces at lists.example.com
Sender: all-bounces at lists.example.com

More information about the Mailman-Users mailing list