SPF Check Fails for Email created, Checking only for AWS SES

  • Resolved ziegel

    (@ziegel)


    1 year, 5 months ago

    Hi,

    I’m using the plugin to pass WordPress emails to the AWS SES SMTP Service.

    There I have mail.exmaple.com configured as MAIL_FROM so it would also show on the mail header, and have SPF checks (if I correctly understand). This was done via adding an MX DNS record.

    I have seen on AWS DMARC reports (I also use AWS WorkMail -> SES to receive emails.), that the exmaple.com fails SPF checks (on some emails?). SPF is done for AWS, but not for for sending domain.

    The below is an example of such failure from the report:

    <?xml version="1.0"?>
<feedback>
	<version>0.1</version>
	<report_metadata>
		<org_name>AMAZON-SES</org_name>
		<email>[email protected]</email>
		<report_id>81192402-fab5-412b-84d7-42a86fa73144</report_id>
		<date_range>
			<begin>1685664000</begin>
			<end>1685750400</end>
		</date_range>
	</report_metadata>
	<policy_published>
		<domain>example.com</domain>
		<adkim>s</adkim>
		<aspf>s</aspf>
		<p>reject</p>
		<sp>quarantine</sp>
		<pct>100</pct>
		<fo>1</fo>
	</policy_published>
...

<record>
	<row>
		<source_ip>54.240.8.13</source_ip>
		<count>4</count>
		<policy_evaluated>
			<disposition>none</disposition>
			<dkim>pass</dkim>
			<spf>fail</spf>
		</policy_evaluated>
	</row>
	<identifiers>
		<envelope_from>amazonses.com</envelope_from>
		<header_from>example.com</header_from>
	</identifiers>
	<auth_results>
		<dkim>
			<domain>amazonses.com</domain>
			<result>pass</result>
		</dkim>
		<dkim>
			<domain>example.com</domain>
			<result>pass</result>
		</dkim>
		<spf>
			<domain>amazonses.com</domain>
			<result>pass</result>
		</spf>
	</auth_results>
</record>

    Below is an alert email send by a WordPress plugin to a GMAIL address, which does NOT show SPF check for the domain exmaple.com or for it mail-server MAIL_FROM sub-domain mail.example.com:

    Delivered-To: [email protected]
Received: by 2002:a05:6a10:9852:b0:4c1:bb48:afe with SMTP id x18csp1996586pxf;
        Sat, 3 Jun 2023 14:07:04 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ6LP+nkM4vqJk+xd4maWsjztbpkP09RYR4s8zbjFTwnSa4nOzkcuNWW+0T5jMVot5w0T6LW
X-Received: by 2002:a37:813:0:b0:75b:23a1:412 with SMTP id 19-20020a370813000000b0075b23a10412mr13144698qki.40.1685826424147;
        Sat, 03 Jun 2023 14:07:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1685826424; cv=none;
        d=google.com; s=arc-20160816;
        b=C3OGZloDWGMiYtuw5VWb0SZlBBv/1SGklaqywQcWhqIVpyKEaSv81cDkl/igd+Hvtd
         jhyG/+R1uM3bOifhpOZFl1xUJG0+DXykXiZQcbNDJCVnmAXLgbtCuYpmJd0HhJ9Ol7Iu
         eNR3Hjim7vOXUJw5BDAvdN1CVfe6xEMk7LOEHDFTbzG5XD/k1IAt9kJdeCtH9WFKyarr
         zT1y7EH8i6S6j6ETCNQhJ5o7bW+KbuNiWGU9kY7jORIxAR7YakHjrxnoen8z5QZrNRuo
         kjEZhprsCR89eQ/rmjDVxy0mA9U5wM3kjXVD2NiagxYIkmCHXVtlU5s+qd9PZjJnwd9n
         zqtw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=feedback-id:subject:to:mime-version:message-id:reply-to:from:date
         :dkim-signature:dkim-signature;
        bh=fae8CpiLSRkIjQuzknUWyeBFr2J/77CzunoANue87wU=;
        b=E2hFhj+RGjbgmwi8x1XJBhIf+XCbPV6k7Pu4i1oZEBbU24SLFvYuKLjzHsHe90n/sS
         Gs22T4OX9q4/x+UzkQUtKv7+fC5NKJpEstCVuDbGv4q/enxErY3oqvPSG1faNtBj2eqt
         HxAugySmHWa1CTKuYj1YQQDi1xkp9nPCCnXoszLEkqRQpiRTxrhecgezP5s9Ojzgn0yj
         eyl58R7xvbSSuw/m8m3fuZkEuIGHEGpsOkdudmAMqTmHhkunfykNuYtzoNvmpoLZcg6G
         RqjhrcaH4Hro+FdvfJEygIE4OApN5CJ17hvd9YKzeefLPxL9dyiYeE2CgBXGroOP6cEL
         vj4Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass [email protected] header.s=wfqzs7gihba6vvdajcheucjjz7gzlt57 header.b=lWEERC5g;
       dkim=pass [email protected] header.s=224i4yxa5dv7c2xz3womw6peuasteono header.b=XUj0AEeY;
       spf=pass (google.com: domain of 010001888315c9ab-4e99586b-75cd-499a-b333-c8fd96445d5d-000000@amazonses.com designates 54.240.8.13 as permitted sender) smtp.mailfrom=010001888315c9ab-4e99586b-75cd-499a-b333-c8fd96445d5d-000000@amazonses.com;
       dmarc=pass (p=REJECT sp=QUARANTINE dis=NONE) header.from=example.com
Return-Path: <010001888315c9ab-4e99586b-75cd-499a-b333-c8fd96445d5d-000000@amazonses.com>
Received: from a8-13.smtp-out.amazonses.com (a8-13.smtp-out.amazonses.com. [54.240.8.13])
        by mx.google.com with ESMTPS id c3-20020a05620a134300b0075b164431afsi2674813qkl.24.2023.06.03.14.07.03
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Sat, 03 Jun 2023 14:07:04 -0700 (PDT)
Received-SPF: pass (google.com: domain of 010001888315c9ab-4e99586b-75cd-499a-b333-c8fd96445d5d-000000@amazonses.com designates 54.240.8.13 as permitted sender) client-ip=54.240.8.13;
Authentication-Results: mx.google.com;
       dkim=pass [email protected] header.s=wfqzs7gihba6vvdajcheucjjz7gzlt57 header.b=lWEERC5g;
       dkim=pass [email protected] header.s=224i4yxa5dv7c2xz3womw6peuasteono header.b=XUj0AEeY;
       spf=pass (google.com: domain of 010001888315c9ab-4e99586b-75cd-499a-b333-c8fd96445d5d-000000@amazonses.com designates 54.240.8.13 as permitted sender) smtp.mailfrom=010001888315c9ab-4e99586b-75cd-499a-b333-c8fd96445d5d-000000@amazonses.com;
       dmarc=pass (p=REJECT sp=QUARANTINE dis=NONE) header.from=example.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
	s=wfqzs7gihba6vvdajcheucjjz7gzlt57; d=example.com; t=1685826423;
	h=Date:From:Reply-To:Message-ID:MIME-Version:Content-Type:To:Subject;
	bh=fae8CpiLSRkIjQuzknUWyeBFr2J/77CzunoANue87wU=;
	b=lWEERC5gB2ieujZ2s1iYD4K9ZiwuVrhLhbMgs1TwZGzwZseb+W4XR/IGKlsPlcls
	6XBK8d8TOqp9Oi2tspzRFQRQF4c4rQxI37/BzHUYTNbpRnH9tAZLPwB7uyL5M4vZCex
	4G0JOyia+AF4NTwIB30Zos7c6EYx96jeZAciRpT1qW7ddiJU6/U/1oLPeL8tCOICsho
	G1NuwRH4Badz+FUAJfIKVdr689CcUqo933Kmg28tpokgscC7P31rwcVp4dIHYfZskhV
	81ids3BaQLiehk98ZIFZ2XcF3D1Fqj48QpEgsP1VJTnn2CoM/JzAIM1ASt2US+ebfOK
	K6u9sIOooQ==
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
	s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1685826423;
	h=Date:From:Reply-To:Message-ID:MIME-Version:Content-Type:To:Subject:Feedback-ID;
	bh=fae8CpiLSRkIjQuzknUWyeBFr2J/77CzunoANue87wU=;
	b=XUj0AEeYDDbBq/4nudpoY4y/x1pkv/0RrIXjQ4fuIkJesQhoOX9Uz8KibOC6FyJS
	0SXJ8bJd1tRVp7EhUu2XliTArvYQvapnz1ICUvdFj6hj6UPYi2BhngPDS0R7mXsUF2v
	JemprlxU7ofdWuNbXshI/SqPLIaXaMiHspZdMRFM=
Date: Sat, 3 Jun 2023 21:07:03 +0000
From: Example <[email protected]>
Reply-To: [email protected]
Message-ID: <010001888315c9ab-4e99586b-75cd-499a-b333-c8fd96445d5d-000000@email.amazonses.com>
X-Mailer: PHPMailer 6.7 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
To: [email protected]
Subject: =?us-ascii?Q?[Plugin_Name]_Daily_Activity_Report_for_exam?=
 =?us-ascii?Q? ple.com?=
Feedback-ID: 1.us-east-1.Q4W1w4ylvrS5T7stUieKUesGMIoNBgz83o99wmWYZZw=:AmazonSES
X-SES-Outgoing: 2023.06.03-54.240.8.13

    These are DNS TXT records for SPF on example.com and mail.example.com:

    example.com.		TXT	v=spf1 ip4:54.240.0.0/18 ip4:<private_ip> ip4:<private_ip> ip4:<private_ip> ip4:<private_ip> include:amazonses.com include:smtp-out.amazonses.com include:_spf.google.com -all

mail.example.com.		TXT	v=spf1 ip4:54.240.0.0/18 ip4:<private_ip> ip4:<private_ip> ip4:<private_ip> ip4:<private_ip> include:amazonses.com include:smtp-out.amazonses.com include:_spf.google.com -all

    Question

    1. Can you say what caused the SPF of emails sent by example.com domain FAIL , for example.com or mail.example.com not to be shown on the above email haeder oe included in the DMARC reports?
    2. What could be a fix for that?
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘SPF Check Fails for Email created, Checking only for AWS SES’ is closed to new replies.