Sun Dial Menu
Tempusfugit UK
 

SPF, DKIM and DMARC

Why are your emails not getting delivered?

When setting up mailers for the Village Hall website I had to come to grips with some of the techniques used to suppress spam. It seems that not everyone is singing the same song sheet.

The good news is that there are solutions to this and things have moved on with the development of technology. It seems that Google, for example, use ARC to provide authenication using a system that was proposed in July 2019. Microsoft, and possibly others such as BTInternet (Yahoo) do not.

So as not to be caught out in the future when I add emails to forms on websites that I am developing a strategy for I have a "Blacklist" test page. The problem is that a php mail() function call does not allow the interception of a "bounce" message as there is no mechanism for this. There probably is but that is in the "too hard basket" for the moment.

SPF - Sender Policy Framework

This seems to be the first port of call for email authentication. If a website/server does not have SPF record in its DNS settings then the message may get rejected. SPF is more effective when used with DKIM and DMARC.

DKIM - DomainKeys Identified Mail

This was defined in a RFC from September 2011.

DMARC - Domain-based Message Authentication, Reporting, and Conformance

From a proposal - March 2015

Top Menu

ARC - Authenticated Received Chain

This is used by Google and gmail to add headers to messages that transit intermediate servers.

Below I show the ARC headers that google adds to the meassge resulting in an spf=pass

Delivered-To: tempusfugit.ca@gmail.com
Received: by 2002:a17:906:7c8:0:0:0:0 with SMTP id m8csp234834ejc;
        Wed, 19 Feb 2020 00:45:22 -0800 (PST)
X-Google-Smtp-Source: APXvYqx0o+m5FqWApOgTz+6xMQtgA8XSjmhEthr9kKp/kZ8Z4jn8pFpdmLPbv4HPYtBEWrPVAJRW
X-Received: by 2002:a5d:5044:: with SMTP id h4mr32770646wrt.4.1582101922657;
        Wed, 19 Feb 2020 00:45:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1582101922; cv=none;
        d=google.com; s=arc-20160816;
        b=luqg5V/ABr4W+B55w6tHa5atChddKItg3p6FPmBUKtyrbxwElIto62MDPQYg4x2FvR
         sBihKtqSa+9EP55oICx390D7hgsJLaU9kVne7MTxvyKxC6MFB8RY1qat5eRGHmBjcXJA
         wTcx6u9FC4xfWUAyOfR4kQZ1pIGichtUC/frHm3f2S35hf2hia9vBom05NriB6Gz0xbl
         eADuTqf3AiCH38ffqIRx/wJbbYAAC9QxJOMk6xvIsJDYieQytGzVuBwKTPBn0IsuMRs6
         vBqyfaTKysTExqBA3jO6/8Z0CY4VvINdxs3j6oJxK4M0Puu55rGwMo87rX6gENiw06IE
         PWOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=date:message-id:reply-to:from:subject:to:delivered-to;
        bh=RdBuX5K4dbh84zgm6U2gOYB8jZH33D/qVQleHXFhe/Y=;
        b=kVCqvek7wa7FoRAlNT4lFfb4ctkHPIzAPbP6SH9+LbG0c4E0iF1MRwOSQ1aJezOPh+
         k13PMCTGEluoOkgbRBwnH7c87JPW2GqwNw541obCk+6kJ8UEYZFsafiIVPPPW4vqjlq1
         AqVEBslOh74Uq/2vzJObEOix+lr0r/mTgadkp6UcuEFanNdftazywwx+9eELLMw8Hgit
         mE4HjraZJ8f5N54Wk4Bf7yOEETbaQLbkprhSjYF5Djqdy72DFAxFfcFBbRFkVXIQKBkE
         C8ThmBJ7YnTfpFRCW+p/8498I3Ulfva1WVTLjHABojF7ez9Lf2GiKIsyGJk0QYOE72NL
         voSQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of srs0=h+ru=4h=lin-10-170-0-192.gridhost.co.uk=bwvhuk14@tempusfugit.me.uk 
	   designates 79.171.34.138 as permitted sender) 
	   smtp.mailfrom="SRS0=H+RU=4H=lin-10-170-0-192.gridhost.co.uk=bwvhuk14@tempusfugit.me.uk"

Wordpress mail server

At the present time, with a day to go, it is not clear to me what the mail server for wordpress.com is. The Domain mapping is renewed with the plan but the Wordpress help also says that you need an upgraded plan to setup the mapping. Seeing that the subscription is going to revert to a "free" subscription from a "Personal" plan. It is not clear whether the mapping will remain. We shall see as I ws told that nothing would be lost. If it is the site will still be accessable at https://belchampwaltervillagehall.wordpress.com

Let's Encrypt

The blacklisting that I was seeing on the tsohost server seems to have been fixed:

Starting Feb. 19, 2020, Let's Encrypt began making multiple domain validation requests from diverse network vantage points.

Top Menu

Site design by Tempusfugit Web Design -