Results 1 to 11 of 11
  1. #1

    Question SPF and Infusionmail.com

    Joe - I'm now VERY concerned as of today. I've commented on the Infusionsoft blog and also submitted a case - this sums it up:

    ISSUE 1
    Note that your SPF record fails - putting us users at risk of being labeled as spam, since infusionmail.com is not permitting the "reply to/from" domain to be a sender ... doh. Why bother to have an SPF record at Infusionmail.com? With so many different user domains, you couldn't possibly add them all or keep up.

    Here is a snippet from the header (where 67.222.30.32 is my server IP for the reply-to/from domain):

    Received-SPF: fail (google.com: domain of bounce@infusionmail.com does not designate 67.222.30.32 as permitted sender) client-ip=67.222.30.32;
    Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of bounce@infusionmail.com does not designate 67.222.30.32 as permitted sender) smtp.mail=bounce@infusionmail.com


    Please explain a more suitable method asap.

    ISSUE 2
    See header:

    "1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
    [URIs: infusionsoft.com]"

    Please have Infusionsoft.com removed from the blacklist AND ... in your email templates you have a spam checker. Please ensure this spam checker FLAGS the Infusiosoft.com spam score as above - this is deceptive to users thinking we have managed to achieve a rating below the magic "5" when your own url is adding another 1.7.
    Does anyone else have opinions/work-arounds or have had discussions with Infusionsoft regarding this?

    Thanks,

    Robert

    PS. Your general search (not the forum search) is lousy. It brings up "Community" posts that when one clicks the link, are not available due to the fact that it is a legacy post from the fireboard system I think. Frustrating. Then in this forum I can't seem to search all at once? Have to drill down to a specific forum before the search function is available. Time-consuming and frankly I don't have that time available. Is there something I'm not seeing here?

  2. #2
    Robert,

    Have you configured your own domain's SPF record to allow infusionmail.com to send email on your behalf? I imagine doing so would solve the above issue.

    Here is an article on setting up your SPF record.
    JUSTIN GOURLEY
    Test Automation Engineer


    "The fish who keeps on swimming, is the first to chill upstream" - 311

  3. #3
    No Justin, that would not solve the issue, since the issue is with YOUR SERVER and not mine. Please read more carefully.

    Here is what I posted back on my case answer from Jon:

    Hi Jon – thanks for the answer re the URBIL. I accept that the URBIL listing IN ITSELF would not block … BUT when calculating a spam score on your spam scorer (which presumably uses Spam Assassin) this should be taken into account. Otherwise, the score is being underscored.

    More importantly, both you and Justin Gourley (see this thread http://community.infusionsoft.com/sh...Deliverability) have not understood the SPF issue correctly.

    The SPF issue is NOT with MY server SPF configuration – it’s with YOURS. Please re-read my case again.

    My server is set up as per your recommendations and has been for well over one year (here is my SPF record – which you could verify using an SPF checker anyway: v=spf1 a mx ip4:67.222.30.32 ip4:67.222.31.32 include:infusionmail.com –all)

    The HEADER of the email says this:

    Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of bounce@infusionmail.com does not designate 67.222.30.32 as permitted sender) smtp.mail=bounce@infusionmail.com

    Notice this statement: “domain of bounce@infusionmail.com does not designate 67.222.30.32 as permitted sender

    Ie the SPF record AT INFUSIONMAIL.COM is the issue … not my server.

    Please review and confirm your understanding.
    I may not be an expert but I'm pretty sure I'm correct!

    Tell me what you think is going on?

  4. #4
    It looks like the IP address 67.222.30.32 is spoofing email. The error message below indicates that.

    "domain of bounce@infusionmail.com does not designate 67.222.30.32 as permitted sender”

    67.222.30.32 is the server sending the actual email and Infusionmail.com does not allow that IP to send email. I will double check with my email guys here, but from what I can tell our server is not the one sending that email, and therefore the SPF is failing as it should.
    JUSTIN GOURLEY
    Test Automation Engineer


    "The fish who keeps on swimming, is the first to chill upstream" - 311

  5. #5
    Infusionsoft Staff josephmanna's Avatar
    Join Date
    Jun 2011
    Location
    Chandler, AZ
    Posts
    198
    Robert,

    I was out of the office when I saw your posts. I want to let you know that you don't need to post comments on the blog and the forums about your technical concerns. The forums and the blog are not the appropriate means for receiving support from Infusionsoft. We have a dedicated support team who's sole priority is delivering excellent customer service whenever you need it, whether by phone, chat or email.

    I will be addressing your concerns however since you did take the time to let us know. I need you to be supportive and helpful so we can reach the solution. We are doing our best to help you and need you to be willing to try solutions that we come up with as it pertains to your situation.

    SPF Records -
    As Justin points out, it appears (based on the snippet you provided), that you are attempting to send an email on behalf of "bounce@infusionmail.com." This isn't permitted and SPF is doing what it should to prevent forgery/phishing.

    We are digging in to better understand the situation, but based on this information alone, SPF is doing what it should.

    As an additional step, we strongly recommend users establish an SPF record on their servers and permit Infusionmail.com to send on behalf of their domains. This will improve deliverability. Justin linked to a helpful support article on that.

    RE: URLBL Listing
    Our Email Systems Team frequently monitors our email reputation as well as domain reputation. On rare occasions we become listed on URIBL due to nefarious activities from users and affiliates. We request de-listing and it usually occurs within a day or two. It's unfortunate that yes, a URIBL listing will decrease inbox placement, it is only temporary and we are very aware of it when it occurs and do our best to resolve it quickly.

    We ask that users police themselves and excercise discretion when they send emails to their list. If something looks or feels like spam according to recipients, it is. When recipients report spam, it flags the domain and the cycle continues. It starts and ends with senders, so send responsibly is the advice here.

    RE: Forums Search
    At this time the search functionality on the forums is very limited. We are in the process of having our old infrastructure removed from Google, but it's possible a few results may linger. Once we fix a few issues with the aesthetics, we'll add the search to the top.


    I hope my responses were helpful. Since you have already created a support case concerning this, I will recommend that you keep your individual responses there and allow us to help you. Thanks for your patience and willingness to receive help and additional perspectives on the community.



    Quote Originally Posted by Robert.S View Post
    Joe - I'm now VERY concerned as of today. I've commented on the Infusionsoft blog and also submitted a case - this sums it up:



    Does anyone else have opinions/work-arounds or have had discussions with Infusionsoft regarding this?

    Thanks,

    Robert

    PS. Your general search (not the forum search) is lousy. It brings up "Community" posts that when one clicks the link, are not available due to the fact that it is a legacy post from the fireboard system I think. Frustrating. Then in this forum I can't seem to search all at once? Have to drill down to a specific forum before the search function is available. Time-consuming and frankly I don't have that time available. Is there something I'm not seeing here?
    JOSEPH MANNA
    Developer Partner Program Manager
    @joemanna on Twitter


    Need an App or Certified Consultant? Check the Marketplace!
    Want to help others leverage Infusionsoft? Become a Partner!

  6. #6
    My post seems to have vanished from here (???) but here is my reply to my case and to Justin from an earlier concern about the SPF records.

    Hi Sterling, Jon & Justin.

    Thanks - and I owe you guys a HUGE apology. That header actually comes from an address that is FORWARDED (via mail forwarding in my Cpanel account on my server) - so of course you are correct, the SPF does not work in this case.

    When I retested with an email sent directly to a POP account, there are no SPF issues in the header.

    I also see that the safe-sender score is somewhat mitigating the URIBL issue - see below:

    -2.0 RCVD_IN_RP_SAFE RBL: Sender is in Return Path Safe (trusted relay)
    [Return Path SenderScore Safe List (formerly]
    [Habeas Safelist) - <http://www.senderscorecertified.com>]
    1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
    [URIs: infusionsoft.com]


    Thanks again for re-looking at this issue - and again, my bad, for jumping to conclusions when I should have realized this was a forwarded address ....

    Ooops.

    Have a great weekend!

    Robert

  7. #7
    Hi there Joe,

    I had already posted an apology to a different thread (which was one that I had a link to and thought it was a reply to mine!). See here: http://community.infusionsoft.com/sh...ull=1#post2162 feel free to move my post to this thread, not sure what went on there!

    Regarding where and how I post - yes I did submit a support case for this as well, but I was concerned about the URIBL and wanted a general community feel.

    Frankly the level of official support is often very "level 1" which is why I tend to look here as well. (It has improved recently by the way, with the new ticketing system). Public conversations ARE a valid place for me and others to better understand (as I would from your reply above, thank you for taking the time).

    Cheers,

    Robert

  8. #8
    Infusionsoft Staff josephmanna's Avatar
    Join Date
    Jun 2011
    Location
    Chandler, AZ
    Posts
    198
    Thanks, Robert, for the update! I merged in your post. I'm glad our support team was able to help you understand some of the finer details on SPF.

    Just want to show that I checked the URIBL list for Infusionsoft.com and we have been removed:

    Screen shot 2011-10-24 at 1.00.04 PM.jpg
    JOSEPH MANNA
    Developer Partner Program Manager
    @joemanna on Twitter


    Need an App or Certified Consultant? Check the Marketplace!
    Want to help others leverage Infusionsoft? Become a Partner!

  9. #9
    Thank you Joe - good news about the URIBL too ...

  10. #10
    Infusionsoft Staff josephmanna's Avatar
    Join Date
    Jun 2011
    Location
    Chandler, AZ
    Posts
    198
    As an update to this post -- I have posted details on our blog how to get in compliance with SPF.

    Increase Your Email Reputation with SPF
    JOSEPH MANNA
    Developer Partner Program Manager
    @joemanna on Twitter


    Need an App or Certified Consultant? Check the Marketplace!
    Want to help others leverage Infusionsoft? Become a Partner!

  11. #11
    Hi there,

    I read this article: http://bigideasblog.infusionsoft.com...tion-with-spf/ , i add the [COLOR=inherit !important]v=spf1 mx include:infusionmail.com –all record to my DNS settings but when i checked the record here: [/COLOR]http://www.kitterman.com/spf/validate.html , after i introduced my domain name and generated my spf record, this message came out:

    SPF record lookup and validation for: kilostop.ro
    SPF records are published in DNS as TXT records.

    The TXT records found for your domain are:
    v=spf1 +a +mx +ip4:89.42.216.160 ?all
    Record contains non-ASCII characters and is invalid.


    Use the back button on your browser to return to the SPF checking tool without clearing the form.

    My question is: after i added the infusionsoft spf record: why the TXT record found for my domain: v=spf1 +a +mx +ip4:89.42.216.160 ?all doesn't include infusionmail.com? why is invalid? because when i checked here:

    Is this SPF record valid - syntactically correct?- the result was correct:

    Input accepted, querying now...
    evaluating v=spf1 +a +mx +ip4:89.42.216.160 ?all ...
    SPF record passed validation test with pySPF (Python SPF library)!

    What should i do?How can i check if the record has been added correctly and also if it's working to not have anymore hard bounces email addresses?

    Regards,
    Luiza


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •