That error message, (does not designate permitted sender hosts) corresponds to us not finding a SPF record for the domain, usually means the TXT lookup returned nothing. Looking through the code... ir probably also does that if the record is a redirect and the redirect domain doesn't exist.
Running our SPF check against campaign.adobe.com does not give me a parse error at this time: I0114 11:23:11.387946 spf_checker_util.cc:64] Found 57 permitted IP ranges for domain campaign.adobe.com This uses the same code as our smtp servers, I don't know what the googleapps.com tools use, whether it's the same code or just some open source library. For DNS, our smtp servers use Google's Public DNS system. We have seen issues in the past with some DNS resolvers involving large records and EDNS, though I have no idea the status of any of that. We also do have negative DNS caching, at least at the leafs of the system. Which is to say that flakey DNS answers can manifest as temporary incorrect responses on some subset of our servers. There is another caveat I should point out, which is that overly large IP spaces for domains will get your domain spf reputation discounted in the spam filter. There have been a number of overly large SPF record ranges which get abused by spammers who find the holes. Large enough entities may get an exception to that if we notice it, but it's a gray area. I know our own records are a travesty as well, it's been on the list to fix that forever. Brandon On Thu, Jan 14, 2021 at 6:29 AM Pascal HOARAU via mailop <[email protected]> wrote: > Hello, > > > > Since 8th december I can see (not all the time) issues on SPF (visible on > the headers) for messages sent from Adobe Campaign to Gmail users when the > SPF record is « v=spf1 redirect=__spf.campaign.adobe.com » (hosted > customers only) > > spf=none (google.com: XXX does not designate permitted sender hosts) > > This impacts major (worldwide) companies. > Is there a problem on Google servers ? maybe some of them can’t read the > long SPF content ? (the content is increasing from time to time) > > Current value is : > > __spf.campaign.adobe.com. 120 IN TXT "v=spf1 ip4:66.117.16.0/22 > ip4:192.243.225.0/24 ip4:192.243.228.0/24 ip4:192.243.229.0/24 ip4: > 208.67.42.0/24 ip4:192.243.244.0/22 ip4:63.140.47.0/24 ip4:185.34.188.0/24 > ip4:130.248.192.0/21 ip4:62.210.128.32/27 ip4:62.210.161.0/24 ip" "4: > 66.235.130.0/24 ip4:172.82.224.0/22 ip4:192.243.230.0/23 ip4: > 192.243.232.0/23 ip4:185.15.48.0/22 ip4:185.15.49.0/24 ip4:62.210.194.0/24 > ip4:172.82.229.0/24 ip4:172.82.230.0/23 ip4:52.51.29.0/24 ip4: > 52.50.57.0/24 ip4:52.209.104.0/24 ip4:172.82.242.0/23 " "ip4: > 195.154.155.0/24 ip4:172.82.196.0/23 ip4:130.117.8.0/24 ip4: > 172.82.216.0/23 ip4:172.82.232.0/23 ip4:207.211.34.0/24 ip4: > 173.212.230.0/24 ip4:172.82.196.0/24 ip4:172.82.218.0/23 ip4: > 192.243.255.0/24 ip4:172.82.197.0/24 " "ip4:172.82.217.0/24 ip4: > 185.15.50.0/24 ip4:172.82.236.0/22 ip4:130.248.176.0/20 ip4: > 172.82.243.0/24 ip4:130.248.136.0/23 ip4:130.248.152.0/22 ip4: > 172.82.220.0/22 ip4:130.248.139.0/24 ip4:130.248.140.0/23 " "ip4: > 130.248.208.0/21 ip4:172.82.241.144/32 ip4:130.248.204.0/22 ip4: > 130.248.216.0/23 ip4:130.248.158.0/24 ip4:130.248.202.0/23 ip4: > 130.248.224.0/24 ip4:63.140.40.0/23 ip4:63.140.43.0/24 ip4: > 130.248.128.0/23 ip4:130.248.164.0/22 ip4:130.248.238.0/24 ~all" > > The validation is OK when checked on MXTOOLBOX > I don’t see issue such issue with other mailbox providers. > > > > Regards, > Pascal > > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
