|
Early Warning... If an email service has closed down or changed the services it offers, or if there are indications it is about to do so, post about it here. |
|
Thread Tools |
24 Mar 2017, 12:01 AM | #1 |
Ultimate Contributor
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
|
Yahoo and SPF
I have a 'forward email address' set up on Namecheap (where I host my domain names) to a friends Yahoo account. This has been in place for many years.
Over the last few weeks all these messages have been bounced with a 550 error. Bounced messages sent to this address also state that they have been bounced because the fail SPF. This may be old news and is for info only......... |
24 Mar 2017, 12:49 AM | #2 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,929
|
Forwarding has become difficult due to spam prevention techniques. The issue is how the sending domain publishes their SPF and DMARC records and DKIM signs outgoing mail. Yahoo started publishing a reject policy for Yahoo.com 3 years ago, and their other domains 2 years ago:
http://www.emaildiscussions.com/showthread.php?p=592621 Yahoo and many other email providers have started to honor reject policies set by other senders. https://help.yahoo.com/kb/error-mess...o-sln4382.html What was the sending domain in the From header? Bill |
24 Mar 2017, 01:22 AM | #3 |
Ultimate Contributor
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
|
Thanks for the info Bill. The messages are sent from the UK (various places) to an address I have set up at https://domain-dns.com/ that forwards to my GMail address, and an additional address at Yahoo.co.uk.
This setup has been flaky for a long time. The forwards to the Yahoo address are now failing one hundred percent of the time. Messages sent to my GMail address always get through. My apologies: this is not a Namecheap thing. I have two or three domain names that I use with forwarding. I need to stop doing that. |
24 Mar 2017, 08:17 AM | #4 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,929
|
What matters is the domain name in the From header. If SPF and/or DMARC DNS records specify reject for non-compliance, normal redirection forwarding which doesn't change From will fail at more and more destination servers. If you create a new email with your address in From (a manual forward) you should have no problems if you use your domain's outgoing normal sending server.
I think that many email users are not taking these email standards changes seriously. They will continue to lose incoming and outgoing messages if normal automatic forwarding is used anywhere. Bill |
9 Apr 2017, 11:52 PM | #5 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,749
|
For the record, normal forwarding seems to work fine if the destination is a Gmail address.
|
10 Apr 2017, 06:44 AM | #6 | |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,929
|
Quote:
https://support.google.com/mail/answer/2451690?hl=en Forwarding normally breaks SPF (as far as DMARC is concerned) due to alignment difficulties. The problem is that the From domain SPF policy specifies which email servers can be used to send mail for that domain, and in nearly all cases the forwarding server isn't included. Forwarding does not break DKIM signing unless the forwarding server(s) modify the signed headers or body. The canonicalization (c=...) choices in the DKIM-signature header(s) affect whether strict or relaxed algorithms are used for the signed header fields and message body. So the choice of relaxed or strict canonicalization and modifications by the forwarding server can affect DKIM authentication (and so DMARC authentication). Microsoft outlook.com/hotmail.com and other email servers are known to make changes to forwarded messages which can cause DKIM to fail, especially if the canonicalization is set to strict/strict by the sending email server. The bottom line is that DMARC is being implemented by many domains and email systems where you might read your messages. As more and more organizations worry about spam and spoofing messages, you will see policies becoming more strict. Here are the main factors affecting success receiving email affected by DMARC:
|
|
10 Apr 2017, 07:44 AM | #7 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,749
|
As far as I can tell nothing has gone missing that is being forwarded from Outlook.com, Namecheap, and other domain registrars except for emails that are trapped by the over-aggressive spam filters of Outlook. So where does this leave a service like the Basic level of POBox.com that forwards emails to another address? Am I wrong that if you select to "send as" from Gmail for the service you are forwarding from that Gmail will then not block other forwarded emails coming back from that service?
|