Reputation: 14599
SPF failure I don't understand with mailchimp
In a nutshell
I've configured a SPF policy on my domain but I receive a dmarc report with an failure. I don't understand why there is this failure.
More context
I've configured the following spf policy for my domain zerowasteparis.fr: v=spf1 include:spf.infomaniak.ch include:servers.mcsv.net include:_spf.google.com ~all. I see that servers.mcsv.net resolves to v=spf1 ip4:205.201.128.0/20 ip4:198.2.128.0/18 ip4:148.105.8.0/21 ?all
(I also configured a dkim policy which seems to work just fine).
I don't understand why I received a dmarc report which contains in particular:
<record>
<row>
<source_ip>198.2.190.251</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>zerowasteparis.fr</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>automations.mcsv.net</domain>
<result>pass</result>
<selector>k1</selector>
</dkim>
<dkim>
<domain>zerowasteparis.fr</domain>
<result>pass</result>
<selector>k1</selector>
</dkim>
<spf>
<domain>mail251.suw12.mcsv.net</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
I don't understand why it contains the line <spf>fail</spf>.
Why I'm puzzled
- From a tech engineering point of view, if I'm not mistaken
198.2.190.251is in the rangeip4:198.2.128.0/18(since it represents the range198.2.128.0to198.2.191.255) - From a social engineering point of view it would mean that mailchimp spf doc is incorrect, but since their job is to send email, I'm having trouble believing it.
Long story short: I don't understand why I see this failure in this report
Upvotes: 5
Views: 1946
Answers (1)
Reputation: 76
Mailchimp (like number of other well known ESPs) is designed in a way to use their own email address in MailFrom (RFC5321.MailFrom). The main reason behind this is to handle bounces of campaign emails.
SPF validation performs check if Source/Sender IP is included in SPF record of domain mentioned in MailFrom field.
- domain tag in XML file contains domain retrieved from message header's smtp.mailfrom: mail251.suw12.mcsv.net
- source_ip tag: 198.2.190.251
- The SPF record defined for mail251.suw12.mcsv.net domain: v=spf1 ip4:198.2.190.251 include:spf.mandrillapp.com ?all, i.e sending IP is covered with SPF.
That is why have SPF=pass in auth_results section.
<spf>
<domain>mail251.suw12.mcsv.net</domain>
<result>pass</result>
</spf>
Unlike SPF, DMARC validation perform the check if domain mentioned in From field (RFC5322.From) matches / aligned with domain mentioned in MailFrom (RFC5321.MailFrom)
- rDNS/PTR of 198.2.190.251 from source_ip tag: mail251.suw12.mcsv.net
- Domain mentioned in header_from tag: zerowasteparis.fr
- Thus, domain in RFC5322.From (zerowasteparis.fr) does not match / not aligned with domain in RFC5321.MailFrom (mcsv.net)
That is why you get SPF=fail in policy_evaluated section.
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>zerowasteparis.fr</header_from>
</identifiers>
Apart of above explanation, I would suggest you deploy one of DMARC Analytics and Implementation solutions, listed on DMARC.org website, e.g. EasyDMARC.
Upvotes: 4
Related Questions
- how to explain this DMARC SPF failure?
- Mailchimp domain SPF authentication
- spf feedback shows fails for no apparent reason
- SPF Fail while sending mail using office 365 for sending email
- Creating an SPF record for SMTP
- Why does this SPF record fail?
- SPF Configuration for Mandrill and MailChimp?
- SPF = Hotmail : Pass / Gmail : Fail
- GMail SMTP SPF problem
- Sending emails with PHP fails