|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
4 Aug 2021, 10:18 PM | #1 | |||
Essential Contributor
Join Date: Jun 2009
Posts: 395
|
Problems with FastMail's SPF Records
Good day.
Fastmail is not the DNS host for my domain. However, my domain's SPF RR were set, as follows: Code:
"v=spf1 include:spf.messagingengine.com include:zoho.com -all" Quote:
Quote:
Quote:
My domain's SPF RR now are: Code:
"v=spf1 ip4:66.111.4.0/24 include:spf.messagingengine.com include:zoho.com -all" Also, adding "ip4:66.111.4.0/24" is not going to work with the offending SMTP server in the first bounce message (64.147.123.30). What am I missing? Thank you. -- Jacinto |
|||
4 Aug 2021, 11:19 PM | #2 |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,092
|
I really think a support request is in order. If I had to guess, I would speculate that Fastmail changed a couple of SPF servers in an emergency to circumvent the original IP addresses appearing in spam blocklists. In the process, the update of spf.messagingengine.com was forgotten (or possibly did occur, but was not picked up because of propagation delays).
|
5 Aug 2021, 12:14 AM | #3 |
Essential Contributor
Join Date: Jun 2009
Posts: 395
|
Thank you, BriTim.
I believe you are correct. None of the three offending FM SMTP servers IP addresses come up when "spf.messagingengine.com" is searched: Code:
~ $ host spf.messagingengine.com |sort spf.messagingengine.com has address 64.147.123.17 spf.messagingengine.com has address 64.147.123.18 spf.messagingengine.com has address 64.147.123.19 spf.messagingengine.com has address 64.147.123.20 spf.messagingengine.com has address 64.147.123.21 spf.messagingengine.com has address 64.147.123.24 spf.messagingengine.com has address 64.147.123.25 spf.messagingengine.com has address 64.147.123.26 spf.messagingengine.com has address 64.147.123.27 spf.messagingengine.com has address 64.147.123.28 spf.messagingengine.com has address 64.147.123.29 spf.messagingengine.com has address 66.111.4.221 spf.messagingengine.com has address 66.111.4.222 spf.messagingengine.com has address 66.111.4.224 spf.messagingengine.com has address 66.111.4.225 spf.messagingengine.com has address 66.111.4.229 spf.messagingengine.com has address 66.111.4.230 spf.messagingengine.com has address 66.111.4.25 spf.messagingengine.com has address 66.111.4.26 spf.messagingengine.com has address 66.111.4.27 spf.messagingengine.com has address 66.111.4.28 spf.messagingengine.com has address 66.111.4.29 ~ $ Since all the SPF IP addresses are in the "64.147.123.0" and "66.111.4.0" IP ranges, adding "ipv4:64.147.123.0/24" to SPF RR should do the trick (at least for now until FM decides to fix what ain't broke). Thank you again. -- Jacinto |
6 Aug 2021, 03:36 AM | #4 |
Essential Contributor
Join Date: Jun 2009
Posts: 395
|
Just a heads-up.
Checked FM's SPF RR today and the offending SMTP severs IP numbers (66.111.4.223, 66.111.4.226 and 64.147.123.30) are still not included in them. Sure miss pre-Opera FastMail and all the FM founders and other staff who were active participants in this Forum. I suppose that we'll have to stick with the current much less than perfect FastMail and hope we don't get burned too badly because of its lackadaisical attitude towards paying subscribers. -- Jacinto |
6 Aug 2021, 05:13 AM | #5 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,732
|
When I look up IP 64.147.123.30 I see this as the host: forward1-smtp.messagingengine.com. When I look up 66.111.4.226 I see this as the host: forward2-smtp.messagingengine.com. Those appear to be SMTP servers for email forwarding purposes. Are you using smtp.fastmail.com for sending?
Last edited by TenFour : 6 Aug 2021 at 05:29 AM. |
6 Aug 2021, 05:45 AM | #6 | |
Essential Contributor
Join Date: Jun 2009
Posts: 395
|
Quote:
Yes, outgoing mail is relayed from the MUAs, via SSL, to port 565 at mail.messagingengine.com. This was set-up by FM years ago as a SMTP server that would not add its own "Received" headers (haven't checked it in a while to see if it still doesn't). The FM bouncing problem has become so nasty that, for my biggest FM account, I'm embarrassed to say, I now relay outgoing mail via an old GApps (now grandfathered GSuite) account. So far, no outgoing mail has bounced using GMail. -- Jacinto |
|
6 Aug 2021, 06:44 AM | #7 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,732
|
I believe you should send via smtp.fastmail.com since they changed things in 2016. https://www.fastmail.com/help/accoun...tyupgrade.html
|
6 Aug 2021, 05:58 PM | #8 | |
Essential Contributor
Join Date: Jun 2009
Posts: 395
|
Quote:
As I said earlier, the server we currently use is the one that "was set-up by FM years ago as a SMTP server that would not add its own "Received" headers." Even though I said "years ago," if I remember correctly, it was after 2016. There was a discussion thread about the same on this Sub-Forum. I'll try to find it when I have time (but not today). Anyways, with all due respect to remaining FastMail admirers (of which I used to be one until the Opera debacle), it is irresponsible for a for-profit E-Mail host to actively use SMTP servers for which it has not published SPF RR. We are paying FastMail subscribers and should not have to put-up with bounced sent mails, especially, transactional messages, because of the E-Mail carrier's irresponsibility. -- Jacinto |
|
8 Aug 2021, 12:11 AM | #9 |
Essential Contributor
Join Date: Jan 2017
Posts: 278
|
Fastmail has two classes of outgoing server. One is for normal mail sent from locally hosted domains, the other is for forwarded mail and mail using third-party addresses. These third party addresses are registered at FM in identities, but not hosted there.
The SPF for hosted mail doesn't include the forwarding servers. The spam in forwarded mail means that the servers in the latter set often have very low reputations. If you want to send from a domain not hosted at FM you can put "include:spfall.messagingengine.com" in your SPF record. Be aware that you will be paying FM for a second class service. Last edited by SideshowBob : 8 Aug 2021 at 12:23 AM. |
8 Aug 2021, 07:13 AM | #10 |
Essential Contributor
Join Date: Jan 2017
Posts: 278
|
BTW the DNS A-record lookup done on spf.messagingengine.com isn't relevant - it should have been a TXT look-up.
It may appear to work at FM if they've set up the IP addresses for spf.messagingengine.com to match its SPF record, but it's certainly not definitive, so there's no guarantee that it's consistent with the correct look-up. include:spf.messagingengine.com means lookup the SPF for spf.messagingengine.com and look for a pass on that. You can't get a fail from an include so the term "include" is really a misnomer. |
8 Aug 2021, 08:32 PM | #11 |
Essential Contributor
Join Date: Jun 2009
Posts: 395
|
|
8 Aug 2021, 08:35 PM | #12 | |
Essential Contributor
Join Date: Jun 2009
Posts: 395
|
Quote:
I must be missing something. There are no published A or TXT RR for "spfall.messagingengine.com". -- Jacinto |
|
8 Aug 2021, 10:33 PM | #13 | |
Essential Contributor
Join Date: Jan 2017
Posts: 278
|
Try it again there is a TXT record
Quote:
|
|
9 Aug 2021, 12:14 AM | #14 | ||
Essential Contributor
Join Date: Jun 2009
Posts: 395
|
Hi, Bob!
I use "host" rather than "dig" and got it this time. Perhaps I typed something incorrectly previously: Code:
~ $ host -t TXT spfall.messagingengine.com spfall.messagingengine.com descriptive text "v=spf1 ip4:66.111.4.0/24 ip4:64.147.123.0/24 -all" ~ $ Quote:
Quote:
-- Jacinto |
||
15 Aug 2021, 02:49 AM | #15 | ||
Essential Contributor
Join Date: Jan 2017
Posts: 278
|
Quote:
Quote:
There hasn't actually been a change, the spfall TXT record is the same as it was a year ago. I'm assuming here that the email was sent out through wforward1-smtp for the normal reasons. If this happened to non-forwarded email sent using a domain hosted at fastmail, you should tell support. |
||