Check https://dmarcian.com/spf-survey/prodest.es.gov.br There is a warning and the a: is redundant anyhow, I would just suppress it. No need to add an extra DNS query.
your authoritative servers seems fine: http://www.digwebinterface.com/?hostnames=prodest.es.gov.br&type=TXT&showcommand=on&colorize=on&useresolver=8.8.4.4&ns=auth&nameservers= Otherwise, yes, Gmaill should not fail that often on this SPF record. On Sep 17, 2014, at 8:59 PM, Daniel Brito via dmarc-discuss <[email protected]> wrote: > Hi Jesper, > > The statement "a" accept this sintax : "a:<domain>/<prefix-length>". You > could check on the this page: http://www.openspf.org/SPF_Record_Syntax > > Also, it is possible to check the spf record on some internet tools. I > particularly use this: http://vamsoft.com/support/tools/spf-policy-tester. > > I will continue analyzing the dmarc report until i feel confident to use on > 100% of the mesagens. > > > Regards, > Daniel Brito > > > On Wed, Sep 17, 2014 at 2:13 PM, Jesper Knudsen > <[email protected]> wrote: > Do not know whether its the reason but your SPF record looks a little odd to > me. > > > > v=spf1 a:ironport.mail.es.gov.br/24 ip4:201.62.46.0/24 ip4:201.62.33.0/24 ~all > > > > The “a:” statement should not to my knowledge have a “/24” – maybe Google is > just getting choked with that. > > > > Regards, > > Jesper > > > > From: dmarc-discuss [mailto:[email protected]] On Behalf Of > Daniel Brito via dmarc-discuss > Sent: 16. september 2014 15:56 > To: João Oliveirinha > Cc: [email protected] > Subject: Re: [dmarc-discuss] SPF Check issue on Google Reports > > > > Hi, thanks for all. > > > > I verified all the suggestions, but everything is correctly. I don´t have > IPV6 and the DNS servers return the same results. > > Today, i received this report from google: > > > > <record> > > <row> > > <source_ip>201.62.46.25</source_ip> > > <count>21</count> > > . > > . > > . > > <spf> > > <domain>prodest.es.gov.br</domain> > > <result>pass</result> > > </spf> > > </auth_results> > > </record> > > > > <record> > > <row> > > <source_ip>201.62.46.25</source_ip> > > <count>1</count> > > . > > . > > . > > <spf> > > <domain>prodest.es.gov.br</domain> > > <result>fail</result> > > </spf> > > </auth_results> > > </record> > > > > <record> > > <row> > > <source_ip>201.62.46.25</source_ip> > > <count>30</count> > > . > > . > > . > > <spf> > > <domain>prodest.es.gov.br</domain> > > <result>pass</result> > > </spf> > > </auth_results> > > </record> > > > > <record> > > <row> > > <source_ip>201.62.46.25</source_ip> > > <count>7</count> > > . > > . > > . > > <spf> > > <domain>prodest.es.gov.br</domain> > > <result>fail</result> > > </spf> > > </auth_results> > > </record> > > ... > > > > This information is in one report aggregate, all this messages have passed in > DKIM verification, so this not impact me. But if it is not a error in Google > servers, it could be some miss configuration here. > > The DMARC registes is : "v=DMARC1; p=reject; sp=none; pct=70; > rua=mailto:[email protected]"; > > > > Like João Oliveirinha said, it is a minimum percentage of the email that > fails on SPF and only happen on google report's. > > > > > > Best Regards, > > Daniel Brito > > > > On Mon, Sep 15, 2014 at 7:00 PM, João Oliveirinha <[email protected]> > wrote: > > I am also seeing some problems with SPF verification by google servers > recently. > > > > The majority of cases are "fail" spf responses, but some are "permerror"s. > Which is strange. I haven't changed my dns records in some time, and my dns > provider is Cloudflare. > > > > Either way, this is only ~3% of the emails in the least week, for instance. > > > > > > -- > > > > > > João Oliveirinha / Senior Data Scientist > +351 91 322 43 52/ [email protected] (PGP) > > Feedzai SA Office: +351 211 985 635 > Edifício Atlantis, Av. João II, Lote 1.06.2.2, 1990-095 Lisboa, Portugal > http://www.feedzai.com > > > > > > On Mon, Sep 15, 2014 at 10:13 PM, Dave Warren via dmarc-discuss > <[email protected]> wrote: > > On 2014-09-15 13:55, Al Iverson via dmarc-discuss wrote: > > First thing I would look at is, do all of your DNS servers reliably > return the same results? If you have 3-4 DNS servers and one of them > doesn't return the right info, this could conceivably cause what you > are seeing. > > > One other thought, beyond what Al said... Any chance you've started > delivering to Google via IPv6, but your SPF only covers your IPv4 IP space? > > -- > Dave Warren > http://www.hireahit.com/ > http://ca.linkedin.com/in/davejwarren > > > > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html) > > > > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html) > > > > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html)
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
