I need help solving a situation where a sender's message is being rejected
after going through a legitimate e-mail spam/virus filtering service.
Here is the 'real-world' example:
Sender is someone at kroll.com.
kroll.com's TXT record is:
"v=spf1 redirect=krollworldwide.com"
krollworldwide.com has this:
"v=spf1 ip4:208.71.237.0/24 ip4:193.37.237.0/24 ip4:207.12.234.129
ip4:208.71.238.38 ip4:217.77.181.100 ip4:204.13.136.221 -all"
The recipient is someone at platecoinc.com. The MX record for platecoinc.com
has mail going to server24.appriver.com
AppRiver is a spam/virus filtering company. When they have finished checking
for spam and viruses, mail is sent to 'mail.wegtech.com', which is where
the e-mail mailboxes for platecoinc.com are hosted.
When AppRiver attempts to pass along the 'clean' message from sender@kroll.com
to recip@platecoinc.com, the mail server (mail.wegtech.com) won't
accept it based on SPF. I discussed this with AppRiver a bit and they assure
me that "we do not 're-write the sender address from SPF checks.'"
Here's what shows up in AppRiver's log files:
-------------------------
4/21/2008
8:18:00 AM
SERVER25B sender@kroll.com
RE: paperless billing To: recip@platecoinc.com
IP: 208.71.237.35
VALID FROM UNITED STATES
08:18:02.467 4 SMTP-520276(mail.wegtech.com:25) Connected. SIZE AUTH
08:18:02.467 4 SMTP-520276(mail.wegtech.com:25) [286452055] sending
08:18:02.467 4 SMTP-520276(mail.wegtech.com:25) cmd: MAIL
FROM:<sender@kroll.com> SIZE=8372
08:18:02.748 4 SMTP-520276(mail.wegtech.com:25) rsp: 250 ok
08:18:02.748 4 SMTP-520276(mail.wegtech.com:25) cmd: RCPT
TO:<recip@platecoinc.com>
08:18:02.780 4 SMTP-520276(mail.wegtech.com:25) rsp: 553 See
http://spf.pobox.com/why.html?sender=sender%40kroll.com&ip=207.97.229.125&receiver=mail.powerwebhost.net
(#5.7.1)
08:18:02.780 1 DEQUEUER [286452055]
SMTP(mail.wegtech.com:25)recip@platecoinc.com failed: host
mail.wegtech.com:25 says:\r\n 553 See
http://spf.pobox.com/why.html?sender=sender%40kroll.com&ip=207.97.229.125&receiver=mail.powerwebhost.net
(#5.7.1)
-------------------------
My question is: Who is at fault and what needs to be done to correct the
situation? Is SRS the answer? How/where would SRS be applied in this case?
--
Cliff Nieuwenhuis
President
Foresite Software LLC
www.foresitesoftware.com
(608)356-0286
Foresite Software LLC is an IBM Business Partner
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1129/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1129/
Powered by Listbox: http://www.listbox.com
after going through a legitimate e-mail spam/virus filtering service.
Here is the 'real-world' example:
Sender is someone at kroll.com.
kroll.com's TXT record is:
"v=spf1 redirect=krollworldwide.com"
krollworldwide.com has this:
"v=spf1 ip4:208.71.237.0/24 ip4:193.37.237.0/24 ip4:207.12.234.129
ip4:208.71.238.38 ip4:217.77.181.100 ip4:204.13.136.221 -all"
The recipient is someone at platecoinc.com. The MX record for platecoinc.com
has mail going to server24.appriver.com
AppRiver is a spam/virus filtering company. When they have finished checking
for spam and viruses, mail is sent to 'mail.wegtech.com', which is where
the e-mail mailboxes for platecoinc.com are hosted.
When AppRiver attempts to pass along the 'clean' message from sender@kroll.com
to recip@platecoinc.com, the mail server (mail.wegtech.com) won't
accept it based on SPF. I discussed this with AppRiver a bit and they assure
me that "we do not 're-write the sender address from SPF checks.'"
Here's what shows up in AppRiver's log files:
-------------------------
4/21/2008
8:18:00 AM
SERVER25B sender@kroll.com
RE: paperless billing To: recip@platecoinc.com
IP: 208.71.237.35
VALID FROM UNITED STATES
08:18:02.467 4 SMTP-520276(mail.wegtech.com:25) Connected. SIZE AUTH
08:18:02.467 4 SMTP-520276(mail.wegtech.com:25) [286452055] sending
08:18:02.467 4 SMTP-520276(mail.wegtech.com:25) cmd: MAIL
FROM:<sender@kroll.com> SIZE=8372
08:18:02.748 4 SMTP-520276(mail.wegtech.com:25) rsp: 250 ok
08:18:02.748 4 SMTP-520276(mail.wegtech.com:25) cmd: RCPT
TO:<recip@platecoinc.com>
08:18:02.780 4 SMTP-520276(mail.wegtech.com:25) rsp: 553 See
http://spf.pobox.com/why.html?sender=sender%40kroll.com&ip=207.97.229.125&receiver=mail.powerwebhost.net
(#5.7.1)
08:18:02.780 1 DEQUEUER [286452055]
SMTP(mail.wegtech.com:25)recip@platecoinc.com failed: host
mail.wegtech.com:25 says:\r\n 553 See
http://spf.pobox.com/why.html?sender=sender%40kroll.com&ip=207.97.229.125&receiver=mail.powerwebhost.net
(#5.7.1)
-------------------------
My question is: Who is at fault and what needs to be done to correct the
situation? Is SRS the answer? How/where would SRS be applied in this case?
--
Cliff Nieuwenhuis
President
Foresite Software LLC
www.foresitesoftware.com
(608)356-0286
Foresite Software LLC is an IBM Business Partner
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1129/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1129/
Powered by Listbox: http://www.listbox.com