Yesterday I called MTS Data Card support but their IVRS system was failing in giving me my balance details. Eventually I decided to email their support and glad to say support email was also easily available on their website.
Today I saw acknowledgement mail in spam. No big deal but I usually dig around genuine mails which go in spam to find exact cause. In this case I found mail was sent to me from firstname.lastname@example.org and the server which relayed this mail was:
18.104.22.168 with rDNS pointer - mtsndmx1.mtsindia.in.
From email headers only one can tell main failure in mail:Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning email@example.com does not designate 22.214.171.124 as permitted sender) firstname.lastname@example.org Thus clearly SPF failure. How?
Quick check on TXT record on root domain:
“v=spf1 a mx include:elabs5.com ~all” “v=spf1 ip4:126.96.36.199 ip4:188.8.131.52 ip4:184.108.40.206 ip4:220.127.116.11 ip4:18.104.22.168/28 ip4:22.214.171.124/27 ~all”
Here’s what’s wrong:
- Two v=spf1 in SPF isn’t really good. Very likely most of systems will hit for TXT record and will get any on random and eventually use it ignoring whitelisted IP’s in other completely.
- MTS missed to include 126.96.36.199 the server which is placed on Tata Communications backbone in SPF record. Most of other IP’s mentioned in their SPF belong to Softlayer datacenter.