On 1/4/23 11:39, Jan Eden via Mailman-users wrote:
Hi,
my question is not related to Mailman directly, apologies for using this list. I configured the DNS records for my base domain and my lists subdomain identically (the DMARC policy records are also identical, but not listed here):
MX @ mail.eden.one TXT @ "v=spf1 mx ~all" MX lists mail.eden.one TXT lists "v=spf1 mx ~all"
A mail 123.123.123.123
But both Yahoo and Google report different SPF results for the two domains:
<policy_published> <domain>eden.one</domain> <adkim>s</adkim> <aspf>s</aspf> <p>quarantine</p> <pct>75</pct> </policy_published> <record> <row> <source_ip>123.123.123.123</source_ip> <count>3</count> <policy_evaluated> <disposition>none</disposition> <dkim>pass</dkim> <spf>pass</spf> </policy_evaluated> </row>
<policy_published> <domain>lists.eden.one</domain> <adkim>s</adkim> <aspf>s</aspf> <p>quarantine</p> <pct>75</pct> </policy_published> <record> <row> <source_ip>123.123.123.123</source_ip> <count>2</count> <policy_evaluated> <disposition>none</disposition> <dkim>pass</dkim> <spf>fail</spf> </policy_evaluated> </row>
What could possibly cause this difference? The SPF test also fails for a different base domain with the same MX and SPF records.
Your spf for lists.mail.eden.one specifies its MX which is also lists.mail.eden.one, however mail from that domain arrives from IP 123.123.123.123 and presumably an rDNS lookup returns mail.eden.one which is not lists.mail.eden.one, thus the failure.
Add the IP 123.123.123.123 to the spf and drop the MX since it doesn't work
TXT lists "v=spf1 123.123.123.123 ~all"
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan