EmailDiscussions.com  

Go Back   EmailDiscussions.com > Discussions about Email Services > Early Warning...
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

Early Warning... If an email service has closed down or changed the services it offers, or if there are indications it is about to do so, post about it here.

Reply
 
Thread Tools
Old 24 Mar 2017, 12:01 AM   #1
David
Ultimate Contributor
 
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
Yahoo and SPF

I have a 'forward email address' set up on Namecheap (where I host my domain names) to a friends Yahoo account. This has been in place for many years.

Over the last few weeks all these messages have been bounced with a 550 error. Bounced messages sent to this address also state that they have been bounced because the fail SPF.

This may be old news and is for info only.........
David is offline   Reply With Quote

Old 24 Mar 2017, 12:49 AM   #2
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,379
Forwarding has become difficult due to spam prevention techniques. The issue is how the sending domain publishes their SPF and DMARC records and DKIM signs outgoing mail. Yahoo started publishing a reject policy for Yahoo.com 3 years ago, and their other domains 2 years ago:
http://www.emaildiscussions.com/showthread.php?p=592621

Yahoo and many other email providers have started to honor reject policies set by other senders.
https://help.yahoo.com/kb/error-mess...o-sln4382.html

What was the sending domain in the From header?

Bill
n5bb is offline   Reply With Quote
Old 24 Mar 2017, 01:22 AM   #3
David
Ultimate Contributor
 
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
Thanks for the info Bill. The messages are sent from the UK (various places) to an address I have set up at https://domain-dns.com/ that forwards to my GMail address, and an additional address at Yahoo.co.uk.

This setup has been flaky for a long time. The forwards to the Yahoo address are now failing one hundred percent of the time. Messages sent to my GMail address always get through.

My apologies: this is not a Namecheap thing. I have two or three domain names that I use with forwarding. I need to stop doing that.
David is offline   Reply With Quote
Old 24 Mar 2017, 08:17 AM   #4
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,379
What matters is the domain name in the From header. If SPF and/or DMARC DNS records specify reject for non-compliance, normal redirection forwarding which doesn't change From will fail at more and more destination servers. If you create a new email with your address in From (a manual forward) you should have no problems if you use your domain's outgoing normal sending server.

I think that many email users are not taking these email standards changes seriously. They will continue to lose incoming and outgoing messages if normal automatic forwarding is used anywhere.

Bill
n5bb is offline   Reply With Quote
Old 9 Apr 2017, 11:52 PM   #5
TenFour
Essential Contributor
 
Join Date: Feb 2017
Posts: 351
For the record, normal forwarding seems to work fine if the destination is a Gmail address.
TenFour is offline   Reply With Quote
Old 10 Apr 2017, 06:44 AM   #6
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,379
Quote:
Originally Posted by TenFour View Post
For the record, normal forwarding seems to work fine if the destination is a Gmail address.
I suggest that you read the Gmail DMARC warnings in their help. Gmail has been implementing DMARC in stages:
https://support.google.com/mail/answer/2451690?hl=en

Forwarding normally breaks SPF (as far as DMARC is concerned) due to alignment difficulties. The problem is that the From domain SPF policy specifies which email servers can be used to send mail for that domain, and in nearly all cases the forwarding server isn't included.

Forwarding does not break DKIM signing unless the forwarding server(s) modify the signed headers or body. The canonicalization (c=...) choices in the DKIM-signature header(s) affect whether strict or relaxed algorithms are used for the signed header fields and message body. So the choice of relaxed or strict canonicalization and modifications by the forwarding server can affect DKIM authentication (and so DMARC authentication). Microsoft outlook.com/hotmail.com and other email servers are known to make changes to forwarded messages which can cause DKIM to fail, especially if the canonicalization is set to strict/strict by the sending email server.

The bottom line is that DMARC is being implemented by many domains and email systems where you might read your messages. As more and more organizations worry about spam and spoofing messages, you will see policies becoming more strict. Here are the main factors affecting success receiving email affected by DMARC:
  • The DMARC and SPF policies and DKIM key(s) in the DNS records of the From domain in the message.
  • Actions by the sending server:
    • The outgoing server IP address matching the published SPF allowed sending servers.
    • Proper DKIM signing and the choice of strict or relaxed canonicalization.
  • If the message is directly sent to the destination without forwarding, then as long as the sending and destination systems follow the standards both DKIM and SPF should pass with proper alignment, so DMARC will pass and the message will be delivered with fully passing authentication.
  • But if the message is forwarded:
    • SPF will not be aligned by DMARC standards, so SPF authentication will fail.
    • DKIM might pass or fail, depending on the sender relaxed or strict canonicalization choices and how the forwarding system modifies the headers and body.
    • This means that DMARC will sometimes pass and at other times fail, depending on the sender choices and forwarding server modifications to the message.
I apologize that this post is so long and complex. But email users need to understand that the recent spam/spoofing prevention techniques (SPF/DKIM/DMARC) are affecting the delivery of your messages, and this has nothing to do with "spam filters" based on message content. Here are some suggestions:
  • Only send messages using sending servers authorized by the From domain of the message. Don't send a message with your Gmail or Yahoo address in From using your ISP or some other sending system. If you are using an email client (such as Thunderbird or Outlook), be sure that the SMTP outgoing server you use is appropriate for the From domain.
  • Don't forward critically important messages. Expect forwarding though some services (such as hotmail/outlook) which corrupt DKIM signing to often fail.
Bill
n5bb is offline   Reply With Quote
Old 10 Apr 2017, 07:44 AM   #7
TenFour
Essential Contributor
 
Join Date: Feb 2017
Posts: 351
As far as I can tell nothing has gone missing that is being forwarded from Outlook.com, Namecheap, and other domain registrars except for emails that are trapped by the over-aggressive spam filters of Outlook. So where does this leave a service like the Basic level of POBox.com that forwards emails to another address? Am I wrong that if you select to "send as" from Gmail for the service you are forwarding from that Gmail will then not block other forwarded emails coming back from that service?
TenFour is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 09:09 AM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy