<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 13 January 2017 at 16:24, Jules <span dir="ltr"><<a href="mailto:Jules@zend.to" target="_blank">Jules@zend.to</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div bgcolor="#FFFFFF">And as you were sending via IPv6, and <a href="http://utoronto.ca" target="_blank">utoronto.ca</a>'s SPF record does
not contain *any* IPv6 statements at all, then Google will block all
IPv6 mail traffic from <a href="http://utoronto.ca" target="_blank">utoronto.ca</a> (regardless of whether it comes
from your ZendTo server or your university's central outgoing mail
servers).<br></div></blockquote><div><br></div><div>Not quite… The <a href="http://utoronto.ca">utoronto.ca</a> SPF record ends with "~all" rather than "-all". This indicates only a "softfail" for unlisted hosts that, according to the RFC, means</div><div><br></div></div></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div class="gmail_extra"><div class="gmail_quote"><div>A "softfail" result is a weak statement by the publishing ADMD that the host is probably not authorized. It has not published a stronger, more definitive policy that results in a "fail".</div></div></div></blockquote><div class="gmail_extra"><div class="gmail_quote"><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div bgcolor="#FFFFFF">If <a href="http://utoronto.ca" target="_blank">utoronto.ca</a> has any IPv6 network in place (which they appear to,
as you could get to Google via IPv6), then they really should add an
IPv6 statement to their SPF record. Or else no-one is going to want
to receive any IPv6 mail they send.</div></blockquote></div><br>It could be that, like ours here, their mail gateways aren't yet IPv6 capable in which case the SPF record would be OK (although I'd have hoped their Firewall would have blocked other hosts from sending email out). Also I <i>think</i> we're still only assuming the sending domain is <a href="http://utoronto.ca">utoronto.ca</a>: I don't recall seeing an unobfuscated set of details.</div><div class="gmail_extra"><br></div><div class="gmail_extra">But there's certainly quite a few things in this area Brian needs to investigate!<br><br>Cheers,</div><div class="gmail_extra">Mike B-)<br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><font color="#666666">Systems Administrator & Change Manager</font></div><div><font color="#666666">IT Services, University of York, Heslington, York YO10 5DD, UK</font></div><div><font color="#666666">Tel: +44-(0)1904-323811</font></div><div><font color="#666666"><br></font></div><div><font color="#666666">Web:<span style="white-space:pre"> </span><a href="http://www.york.ac.uk/it-services" target="_blank">www.york.ac.uk/it-services</a></font></div><div><font color="#666666">Disclaimer:<span style="white-space:pre"> </span><a href="http://www.york.ac.uk/docs/disclaimer/email.htm" target="_blank">www.york.ac.uk/docs/disclaimer/email.htm</a></font></div></div></div>
</div></div>