info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
SPF Authentication
104 views
Skip to first unread message
welkinator
Dec 19, 2011, 9:38:58 AM12/19/11
to
I searched this echo for any SPF problems and found no posts. But
another poster had Yahoo problems but it didn't seem to address my
issues.
I have a Gmail account which I POP with Eudora but my provider is
austin.rr.com (RoadRunner).
Recently all my posts to several Yahoo groups have been bounced with
this message:
/quote on
Your email was not delivered due to a suspected guidelines violation.
Please visit http://groups.yahoo.com/local/guidelines.html
/quote off
If you go to the link provided it says:
/quote on
Most common cause - Using an external email client
External email applications (such as Windows Live Mail, Microsoft
Outlook, Mozilla Thunderbird, Eudora, Incredimail, etc.) configured
with an incorrect or non-authenticated SMTP email server may result in
delivery failure. This may impact customers previously able to send
email to Yahoo! Groups without issue.
Spammers are known to use non-authenticated email delivery methods
when sending unsolicited messages to Yahoo! Groups. To prevent spam,
Yahoo! Groups now rejects email that is not truly authenticated by the
provider affiliated with your email address.
/quote off
BUT I >>DO<< USE "ALLOW AUTHENTICATION"!!
I suspect it has something to do with using Road Runner to "forward"
my email - with a Gmail return addy _ but I don't know how to overcome
this.
openspf.org has been down over a month. My incoming emails often say
Note that in Blah, blah, blah I get this in the Yahoo Bounce:
"Received-SPF: pass (google.com: best guess record for domain of
ng13-"
But when I get an email from my wife (yeah, yeah I know - she's just
20-feet away!) I get this:
Received-SPF: fail (google.com: domain of wi...@gmx.com does not
designate 71.74.56.123 as permitted sender) client-ip=71.74.56.123;
She has the problem as well using GMX and RoadRunner.
Thanks
....bwelkin
another poster had Yahoo problems but it didn't seem to address my
issues.
I have a Gmail account which I POP with Eudora but my provider is
austin.rr.com (RoadRunner).
Recently all my posts to several Yahoo groups have been bounced with
this message:
/quote on
Your email was not delivered due to a suspected guidelines violation.
Please visit http://groups.yahoo.com/local/guidelines.html
/quote off
If you go to the link provided it says:
/quote on
Most common cause - Using an external email client
External email applications (such as Windows Live Mail, Microsoft
Outlook, Mozilla Thunderbird, Eudora, Incredimail, etc.) configured
with an incorrect or non-authenticated SMTP email server may result in
delivery failure. This may impact customers previously able to send
email to Yahoo! Groups without issue.
Spammers are known to use non-authenticated email delivery methods
when sending unsolicited messages to Yahoo! Groups. To prevent spam,
Yahoo! Groups now rejects email that is not truly authenticated by the
provider affiliated with your email address.
/quote off
BUT I >>DO<< USE "ALLOW AUTHENTICATION"!!
I suspect it has something to do with using Road Runner to "forward"
my email - with a Gmail return addy _ but I don't know how to overcome
this.
openspf.org has been down over a month. My incoming emails often say
Note that in Blah, blah, blah I get this in the Yahoo Bounce:
"Received-SPF: pass (google.com: best guess record for domain of
ng13-"
But when I get an email from my wife (yeah, yeah I know - she's just
20-feet away!) I get this:
Received-SPF: fail (google.com: domain of wi...@gmx.com does not
designate 71.74.56.123 as permitted sender) client-ip=71.74.56.123;
She has the problem as well using GMX and RoadRunner.
Thanks
....bwelkin
David
Dec 19, 2011, 8:02:46 PM12/19/11
to
server using port 587 (Open Tools/Personality/<Dominant> and tick 'Use
submission port 587'). You will also have to change your User Name and
SMTP Server to match your Gmail particulars.
Doing this will mean that your mail isn't distributed (sent) by the rr
mail server but is relayed to the Gmail mail server which should then
authenticate your address and distribute your mail.
As an example my mail server is in London whilst I live in Australia. I
use a local ISP to connect to the internet and forward my mail to my
London mail server, via port 587, for processing.
John H Meyers
Dec 20, 2011, 4:28:31 AM12/20/11
to
On 12/19/2011 8:38 AM, welkinator wrote:
> My provider [ISP] is austin.rr.com (RoadRunner).
The quoted content does not come from the quoted link,
but something just like it appears here:
<http://help.yahoo.com/kb/index?locale=en_US&page=content&y=PROD_GRPS&id=SLN3263&impressions=true>
Here is the explanation of SPF authentication,
as will be the first result of Googling "SPF":
<http://en.wikipedia.org/wiki/Sender_Policy_Framework>
I'll now quote a key sentence from that article:
"SPF allows the _owner of an Internet domain_
to specify which computers are authorized to send mail
with _sender addresses in that domain_,
using special Domain Name System (DNS) records"
> But I _DO_ use "Allow Authentication"!!
Your "authentication" to RR permits you to use RR's outgoing servers to send mail,
but RR's outgoing servers are not those which OTHER domains publish in SPF records
as their self-provided outgoing servers; therefore, any time that you
use an RR server while your mail says "From: some_other_domain,"
an SPF test based on that OTHER domain in your "From" address will fail.
> I suspect it has something to do with using Road Runner to [send] my email
> with a Gmail return address, but I don't know how to overcome this.
Your suspicion is correct, and one way to overcome it,
_when the domain of your sending address publishes SPF records_
AND
_when a recipient's domain refuses to accept mail sent via other servers_
is to use the outgoing servers provided by the domain of your sending address.
A second way to overcome it is to NEVER USE YAHOO for anything related to email,
or to newsgroups, or for anything, given its management's miserable record
of bad decisions causing widespread customer disservice (more below about this).
> Note that in Blah, blah, blah I get this in the Yahoo Bounce:
> "Received-SPF: pass (google.com: best guess record for domain of ng13-..."
rather than Yahoo's result, in case you didn't notice.
Google's declared SPF test results may parallel Yahoo's
SPF test results, but Google's policy re how severely to require
a positive confirmation is no doubt much more liberal than Yahoo's.
Yahoo is rather infamous for vastly over-reacting in a "vigilante" manner,
and for infuriating its own clientele by suddenly blocking a great deal of
perfectly legitimate mail that its subscribers expect, need, and depend upon,
as we observed a number of years ago when we (as well as legitimate sources
world-wide) became unable to email about 1/3 of all our students,
ever since which we have advised every student to use only Gmail
for academically important work, and let Yahoo screw itself instead,
by their ill-considered spastic killing of a high percentage of valid mail
instead of only spam, like a radical cancer treatment that destroys all of the
patients' organs and kills the patient along with the cancer.
For spammers, by the way, it is actually easy to circumvent the test,
leaving only ordinary mail clients like Outlook, Eudora, etc. failing it,
so once again, Yahoo is right about the fact that using a common email client
(even with your own ISP-provided, fully authenticated outgoing server)
will still leave your legitimate mail shot down by Yahoo,
while professional spammers have the last laugh.
The inherent flaw in using SPF tests to blindly and indiscriminately block mail
is the very reason why we _don't_ publish SPF records for our domain,
because we know that doing so would cause knee-jerk reactors like Yahoo
to refuse mail that _has_ to be set from elsewhere, such as by our
faculty and students in our locations in China, and elsewhere world-wide,
plus even from local faculty members' off-campus _homes_ (using other local ISPs).
We have a high quality graduate Computer Science masters degree program here,
and have placed many graduates at Microsoft, Google, and other top companies,
but I don't recall anyone ever seeking placement at Yahoo,
which perhaps would be a blight on their resume to even have worked at.
--
> My provider [ISP] is austin.rr.com (RoadRunner).
>
> Recently all my posts to several Yahoo groups have been bounced
> with this message:
>
> /quote on
> Your email was not delivered due to a suspected guidelines violation.
> Please visit http://groups.yahoo.com/local/guidelines.html
> /quote off
>
> If you go to the link provided it says:
>
> /quote on
> Most common cause - Using an external email client...
> Recently all my posts to several Yahoo groups have been bounced
> with this message:
>
> /quote on
> Your email was not delivered due to a suspected guidelines violation.
> Please visit http://groups.yahoo.com/local/guidelines.html
> /quote off
>
> If you go to the link provided it says:
>
> /quote on
The quoted content does not come from the quoted link,
but something just like it appears here:
<http://help.yahoo.com/kb/index?locale=en_US&page=content&y=PROD_GRPS&id=SLN3263&impressions=true>
Here is the explanation of SPF authentication,
as will be the first result of Googling "SPF":
<http://en.wikipedia.org/wiki/Sender_Policy_Framework>
I'll now quote a key sentence from that article:
"SPF allows the _owner of an Internet domain_
to specify which computers are authorized to send mail
with _sender addresses in that domain_,
using special Domain Name System (DNS) records"
> But I _DO_ use "Allow Authentication"!!
Your "authentication" to RR permits you to use RR's outgoing servers to send mail,
but RR's outgoing servers are not those which OTHER domains publish in SPF records
as their self-provided outgoing servers; therefore, any time that you
use an RR server while your mail says "From: some_other_domain,"
an SPF test based on that OTHER domain in your "From" address will fail.
> I suspect it has something to do with using Road Runner to [send] my email
> with a Gmail return address, but I don't know how to overcome this.
Your suspicion is correct, and one way to overcome it,
_when the domain of your sending address publishes SPF records_
AND
_when a recipient's domain refuses to accept mail sent via other servers_
is to use the outgoing servers provided by the domain of your sending address.
A second way to overcome it is to NEVER USE YAHOO for anything related to email,
or to newsgroups, or for anything, given its management's miserable record
of bad decisions causing widespread customer disservice (more below about this).
> Note that in Blah, blah, blah I get this in the Yahoo Bounce:
>
> But when I get an email from my wife (yeah, yeah I know - she's just
> 20-feet away!) I get this:
> Received-SPF: fail (google.com: domain of wi...@gmx.com does not
> designate 71.74.56.123 as permitted sender) client-ip=71.74.56.123
You have just quoted Google's result of SPF testing,
> But when I get an email from my wife (yeah, yeah I know - she's just
> 20-feet away!) I get this:
> Received-SPF: fail (google.com: domain of wi...@gmx.com does not
> designate 71.74.56.123 as permitted sender) client-ip=71.74.56.123
rather than Yahoo's result, in case you didn't notice.
Google's declared SPF test results may parallel Yahoo's
SPF test results, but Google's policy re how severely to require
a positive confirmation is no doubt much more liberal than Yahoo's.
Yahoo is rather infamous for vastly over-reacting in a "vigilante" manner,
and for infuriating its own clientele by suddenly blocking a great deal of
perfectly legitimate mail that its subscribers expect, need, and depend upon,
as we observed a number of years ago when we (as well as legitimate sources
world-wide) became unable to email about 1/3 of all our students,
ever since which we have advised every student to use only Gmail
for academically important work, and let Yahoo screw itself instead,
by their ill-considered spastic killing of a high percentage of valid mail
instead of only spam, like a radical cancer treatment that destroys all of the
patients' organs and kills the patient along with the cancer.
For spammers, by the way, it is actually easy to circumvent the test,
leaving only ordinary mail clients like Outlook, Eudora, etc. failing it,
so once again, Yahoo is right about the fact that using a common email client
(even with your own ISP-provided, fully authenticated outgoing server)
will still leave your legitimate mail shot down by Yahoo,
while professional spammers have the last laugh.
The inherent flaw in using SPF tests to blindly and indiscriminately block mail
is the very reason why we _don't_ publish SPF records for our domain,
because we know that doing so would cause knee-jerk reactors like Yahoo
to refuse mail that _has_ to be set from elsewhere, such as by our
faculty and students in our locations in China, and elsewhere world-wide,
plus even from local faculty members' off-campus _homes_ (using other local ISPs).
We have a high quality graduate Computer Science masters degree program here,
and have placed many graduates at Microsoft, Google, and other top companies,
but I don't recall anyone ever seeking placement at Yahoo,
which perhaps would be a blight on their resume to even have worked at.
--
welkinator
Jan 4, 2012, 12:43:04 AM1/4/12
to
On Tue, 20 Dec 2011 12:02:46 +1100, David <da...@skea.com> wrote:
>
>A solution is to forward your sending mail through to the Gmail mail
>server using port 587 (Open Tools/Personality/<Dominant> and tick 'Use
>submission port 587'). You will also have to change your User Name and
>SMTP Server to match your Gmail particulars.
>
>Doing this will mean that your mail isn't distributed (sent) by the rr
>mail server but is relayed to the Gmail mail server which should then
>authenticate your address and distribute your mail.
>
>As an example my mail server is in London whilst I live in Australia. I
>use a local ISP to connect to the internet and forward my mail to my
>London mail server, via port 587, for processing.
This took me to the solution I needed - Thanks!
>
>A solution is to forward your sending mail through to the Gmail mail
>server using port 587 (Open Tools/Personality/<Dominant> and tick 'Use
>submission port 587'). You will also have to change your User Name and
>SMTP Server to match your Gmail particulars.
>
>Doing this will mean that your mail isn't distributed (sent) by the rr
>mail server but is relayed to the Gmail mail server which should then
>authenticate your address and distribute your mail.
>
>As an example my mail server is in London whilst I live in Australia. I
>use a local ISP to connect to the internet and forward my mail to my
>London mail server, via port 587, for processing.
I went to Tools/Options (I don't have a "Personality" menu item
under Tools) and changed the SMTP server under the Getting Started and
then checked the "Use submission port 587" which is on the Sending
Mail tool. Next, on the main menu bar, I click Spectial then Forget
Password(s) and lastly clicked Get Mail. I entered my password for the
SMTP account and all has been good since.
This also worked on my wife's account which uses a different SMTP
server.
Your help was much appreciated.
...bwelkin
David
Jan 5, 2012, 12:05:28 AM1/5/12
to
Strange you didn't see a Personalities heading under Tools. Are you
using Eudora 7.1.0.9? By the way you may want to have access to your 'rr
mail server' mailbox also. (Unless you never get mail sent there by your
ISP or anyone else). It's useful to have a second way of sending mail in
case the preferred method is down for some reason. If so you need to set
up a second personality using the rr mail server address, login and
password. This is usually done via Tools then Personalities which should
be the 7th item in the drop down list - just after Signatures. If you
can open this select <Dominant> then New from the drop down list. Give
it a name and add in your rr data. Don't forget to add in the rr server
detail into the Incoming Mail Tab as well.
using Eudora 7.1.0.9? By the way you may want to have access to your 'rr
mail server' mailbox also. (Unless you never get mail sent there by your
ISP or anyone else). It's useful to have a second way of sending mail in
case the preferred method is down for some reason. If so you need to set
up a second personality using the rr mail server address, login and
password. This is usually done via Tools then Personalities which should
be the 7th item in the drop down list - just after Signatures. If you
can open this select <Dominant> then New from the drop down list. Give
it a name and add in your rr data. Don't forget to add in the rr server
detail into the Incoming Mail Tab as well.
welkinator
Jan 5, 2012, 11:33:50 PM1/5/12
to
Hi, Yes to 7.1.0.9 and I'm sorry, there is a Personalities entry under
Tools but when clicked doesn't offer any settings or options and when
clicked on just brings up a new blank email. I had looked also under
Tools/Options.
Now I see that I could have created a new Personality but I don't need
two.
I have additional email addresses three of which I access through
Outlook Express, another I access through a second installation of
Eudora and a couple of others which are WEB based only.
Thanks for the help.
...bwelkin
0 new messages