> a = all A/AAAA records in that domain. I'm reading that as any A record > defined for that zone, which in this case includes > mailserver.abcs.co.nz. Is this where I'm going wrong?
Yes. Including a naked 'a' in the SPF record refers to the A record for '@' in the zone. How is the receiving mail server to query for all A and AAAA records for a given domain? It's not too common to allow AXFR queries from all of the public internet... > Also, mailserver.abcs.co.nz is the MX record, so it should be covered > there, shouldn't it? That's why I included this part: >> You should be covered, however, by the "mx" part of your SPF record, given >> that the MX for abcs.co.nz is mailserver.abcs.co.nz., and that *does* have >> a AAAA of 2403:7000:8000:700::34. -- Hugo ----- Original Message ----- From: Steve Holdoway <st...@greengecko.co.nz> Sent: 2015-03-16 - 16:19 To: Hugo Slabbert <hslabb...@stargate.ca> Subject: Re: [mailop] Help. Why are my emails being marked as spam by google? > a = all A/AAAA records in that domain. I'm reading that as any A record > defined for that zone, which in this case includes > mailserver.abcs.co.nz. Is this where I'm going wrong? > > Also, mailserver.abcs.co.nz is the MX record, so it should be covered > there, shouldn't it? > > Steve > > > On Mon, 2015-03-16 at 16:14 -0700, Hugo Slabbert wrote: >> <target-name> is the domain part. Per your message, your domain is >> abcs.co.nz, which doesn't have a AAAA, so "a" in your SPF record doesn't >> get you anything at the moment for v6. >> >> You should be covered, however, by the "mx" part of your SPF record, given >> that the MX for abcs.co.nz is mailserver.abcs.co.nz., and that *does* have >> a AAAA of 2403:7000:8000:700::34. >> >> -- >> Hugo >> >> -----Original Message----- >> >Date: Tue, 17 Mar 2015 12:03:33 +1300 >> >From: Steve Holdoway <st...@greengecko.co.nz> >> >To: "Howard F. Cunningham" <howa...@macrollc.com> >> >CC: "mailop@mailop.org" <mailop@mailop.org> >> >Subject: Re: [mailop] Help. Why are my emails being marked as spam by >> >google? >> >X-Mailer: Evolution 2.32.3 (2.32.3-34.el6) >> > >> >Huh, >> > >> >RFC7208, section 5.3 is where I'm coming from... >> > >> >" >> >5.3. "a" >> > >> > This mechanism matches if <ip> is one of the <target-name>'s IP >> > addresses. For clarity, this means the "a" mechanism also matches >> > AAAA records. >> > >> > a = "a" [ ":" domain-spec ] [ dual-cidr-length ] >> > >> > An address lookup is done on the <target-name> using the type of >> > lookup (A or AAAA) appropriate for the connection type (IPv4 or >> > IPv6). The <ip> is compared to the returned address(es). If any >> > address matches, the mechanism matches. >> >" >> > >> >So that's not how it's implemented? >> > >> >Steve >> > >> >On Mon, 2015-03-16 at 22:44 +0000, Howard F. Cunningham wrote: >> >> Steve >> >> >> >> That is not what the "a" is for. The "a" uses an A record and is not >> >> related IPv6 specifically >> >> >> >> From http://www.openspf.org/SPF_Record_Syntax >> >> >> >> The "ip6" mechanism (edit) >> >> ip6:<ip6-address> >> >> ip6:<ip6-network>/<prefix-length> >> >> The argument to the "ip6:" mechanism is an IPv6 network range. If no >> >> prefix-length is given, /128 is assumed (singling out an individual host >> >> address). >> >> >> >> Examples: >> >> >> >> "v=spf1 ip6:1080::8:800:200C:417A/96 -all" >> >> >> >> Allow any IPv6 address between 1080::8:800:0000:0000 and >> >> 1080::8:800:FFFF:FFFF. >> >> "v=spf1 ip6:1080::8:800:68.0.3.1/96 -all" >> >> >> >> Allow any IPv6 address between 1080::8:800:0000:0000 and >> >> 1080::8:800:FFFF:FFFF. >> >> >> >> >> >> Howard Cunningham, MCP >> >> howa...@macrollc.com - personal >> >> For technical support, send an email to serv...@macrollc.com or call >> >> 703-359-9211 (24/7) >> >> >> >> >> >> -----Original Message----- >> >> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Steve >> >> Holdoway >> >> Sent: Monday, March 16, 2015 6:36 PM >> >> To: Dave Israel >> >> Cc: mailop@mailop.org >> >> Subject: Re: [mailop] Help. Why are my emails being marked as spam by >> >> google? >> >> >> >> On Mon, 2015-03-16 at 18:16 -0400, Dave Israel wrote: >> >> >> >> > Make sure your mailer is set to use the right ipv6 address as a >> >> > source; my v6 servers have a few addresses, and without explicit >> >> > configuration, they'd invariably pick the wrong one when sending mail. >> >> > That gave me the same symptom you're seeing with google. >> >> There's only one enabled, and google is saying it's good with that. >> >> > >> >> > also: Your spf record is "v=spf1 a mx ip4:120.138.27.178 ~all", which >> >> > doesn't look like it ought to be helping for v6. >> >> It's my understanding that a includes aaaa with an SPF record. The >> >> specific IP address is a fallback in case we need to use a separate >> >> server - irrespective of whether it's in the same domain. >> >> > >> >> > -Dave >> >> >> >> If I'm wrong, please let me know! >> >> >> >> >> >> Steve >> >> -- >> >> Steve Holdoway BSc(Hons) MIITP >> >> http://www.greengecko.co.nz >> >> Linkedin: http://www.linkedin.com/in/steveholdoway >> >> Skype: sholdowa >> >> >> >> >> >> _______________________________________________ >> >> mailop mailing list >> >> mailop@mailop.org >> >> http://chilli.nosignal.org/mailman/listinfo/mailop >> >> >> >> -- >> >> ExchangeDefender Message Security: Click below to verify authenticity >> >> https://admin.exchangedefender.com/verify.php?id=t2GMih29008445&from=howa...@macrollc.com >> >> >> >> >> >> >> > >> >-- >> >Steve Holdoway BSc(Hons) MIITP >> >http://www.greengecko.co.nz >> >Linkedin: http://www.linkedin.com/in/steveholdoway >> >Skype: sholdowa >> > >> > >> >_______________________________________________ >> >mailop mailing list >> >mailop@mailop.org >> >http://chilli.nosignal.org/mailman/listinfo/mailop > > -- > Steve Holdoway BSc(Hons) MIITP > http://www.greengecko.co.nz > Linkedin: http://www.linkedin.com/in/steveholdoway > Skype: sholdowa > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > http://chilli.nosignal.org/mailman/listinfo/mailop > _______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
