Ok, so the federal gov’t could have turned it on in late September. Well, at least this discovery highlights the deficiency of a few domains that host or smarthost through us. In short, we likely need to audit the DNS of all those domains and check to see if they have an SPF and/or DKIM record. If we manage their DNS, too, then it’s an easy fix, it not, requires customer involvement.
Frank From: Franck Martin [mailto:[email protected]] Sent: Thursday, October 08, 2015 4:11 AM To: Frank Bulk <[email protected]> Cc: mailop <[email protected]> Subject: Re: [mailop] Dual-stacked gov't MX records >From Terry's blog, each customer needs to enable IPv6. So whenever they >enabled IPv6... And you may not have noticed that this mail was delivered to the spam folder at GMail by default. On Wed, Oct 7, 2015 at 10:06 PM, Frank Bulk <[email protected]> wrote: Thanks, but how long has ia.usda.gov <http://ia.usda.gov> been using an MX that is dual-stacked? Or have all of MSFT’s hosts been dual-stacked since late last fall and this delivery delay has been happening all along, it’s just that we had nothing in our logs from mid-July to late September? Frank From: Franck Martin [mailto:[email protected] <mailto:[email protected]> ] Sent: Wednesday, October 07, 2015 1:05 PM To: Frank Bulk <[email protected] <mailto:[email protected]> > Cc: mailop <[email protected] <mailto:[email protected]> > Subject: Re: [mailop] Dual-stacked gov't MX records ia.usda.gov <http://ia.usda.gov> . 86400 IN MX 10 hi-usda-gov.mail.protection.outlook.com <http://hi-usda-gov.mail.protection.outlook.com> . http://blogs.msdn.com/b/tzink/archive/2014/10/28/support-for-anonymous-inbound-email-over-ipv6-in-office-365.aspx not new stuff: http://engineering.linkedin.com/email/sending-and-receiving-emails-over-ipv6 http://www.slideshare.net/FranckMartin/linkedin-smtpi-pv6 On Wed, Oct 7, 2015 at 10:17 AM, Frank Bulk <[email protected] <mailto:[email protected]> > wrote: Anyone know when ia.usda.gov <http://ia.usda.gov> , ia.nacdnet.net <http://ia.nacdnet.net> , ams.usda.gov <http://ams.usda.gov> , fs.fed.us <http://fs.fed.us> , aphis.usda.gov <http://aphis.usda.gov> , usda.gov <http://usda.gov> , and nist.gov <http://nist.gov> started having a dual-stacked MX record? Our monitoring system notified us this morning that a message from a customer couldn't deliver there: Site ia.usda.gov <http://ia.usda.gov> (2a01:111:f400:7c10::10) said after data sent: 450 4.7.26 Service does not accept messages sent over IPv6 [2607:fe28:0:4000::10] unless they pass either SPF or DKIM validation (message not signed) Site ia.usda.gov <http://ia.usda.gov> (2a01:111:f400:7c0c::11) said after data sent: 450 4.7.26 Service does not accept messages sent over IPv6 [2607:fe28:0:4000::10] unless they pass either SPF or DKIM validation (message not signed) Site ia.usda.gov <http://ia.usda.gov> (2a01:111:f400:7c10::1:10) said after data sent: 450 4.7.26 Service does not accept messages sent over IPv6 [2607:fe28:0:4000::10] unless they pass either SPF or DKIM validation (message not signed) to=2a01:111:f400:7c09::11 TCPWrite failed 0/63998, tot=65608 upto=0 0 sec Err Code Zero write_timed3.1 0sec (450 4.7.26 Service does not accept messages sent over IPv6 [2607:fe28:0:4000::20] unless they pass e) 0 Err Code Zero write_timed1 104 r=0 r=0 I've asked our customer's IT consultant to add our email servers to their existing SPF record, but this is the first time I've run into this. Going back 30 days in my email servers logs it started September 24. Frank _______________________________________________ mailop mailing list [email protected] <mailto:[email protected]> http://chilli.nosignal.org/mailman/listinfo/mailop
_______________________________________________ mailop mailing list [email protected] http://chilli.nosignal.org/mailman/listinfo/mailop
