<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<br>
<div class="moz-cite-prefix">On 16/01/2017 09:35, Mike Brudenell
wrote:<br>
</div>
<blockquote
cite="mid:CAPXCWas4NOjxW=tVzWa4m9doPLy8GTp6JK=02=5zse4OyUnrHg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">On 13 January 2017 at 16:24, Jules <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:Jules@zend.to" target="_blank">Jules@zend.to</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">And as you were sending via IPv6,
and <a moz-do-not-send="true" href="http://utoronto.ca"
target="_blank">utoronto.ca</a>'s SPF record does not
contain *any* IPv6 statements at all, then Google will
block all IPv6 mail traffic from <a
moz-do-not-send="true" href="http://utoronto.ca"
target="_blank">utoronto.ca</a> (regardless of whether
it comes from your ZendTo server or your university's
central outgoing mail servers).<br>
</div>
</blockquote>
<div><br>
</div>
<div>Not quite… The <a moz-do-not-send="true"
href="http://utoronto.ca">utoronto.ca</a> SPF record
ends with "~all" rather than "-all". This indicates only a
"softfail" for unlisted hosts that, according to the RFC,
means</div>
<div><br>
</div>
</div>
</div>
<blockquote style="margin:0 0 0 40px;border:none;padding:0px">
<div class="gmail_extra">
<div class="gmail_quote">
<div>A "softfail" result is a weak statement by the
publishing ADMD that the host is probably not
authorized. It has not published a stronger, more
definitive policy that results in a "fail".</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
That's what it should mean.<br>
Google don't accept IPv6 mail unless you have a specific "ip6:"
statement in your SPF record, even if you have "~all" or "?all" as
well.<br>
<blockquote
cite="mid:CAPXCWas4NOjxW=tVzWa4m9doPLy8GTp6JK=02=5zse4OyUnrHg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div><br>
</div>
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">If <a moz-do-not-send="true"
href="http://utoronto.ca" target="_blank">utoronto.ca</a>
has any IPv6 network in place (which they appear to, as
you could get to Google via IPv6), then they really
should add an IPv6 statement to their SPF record. Or
else no-one is going to want to receive any IPv6 mail
they send.</div>
</blockquote>
</div>
<br>
It could be that, like ours here, their mail gateways aren't
yet IPv6 capable in which case the SPF record would be OK
(although I'd have hoped their Firewall would have blocked
other hosts from sending email out).</div>
</div>
</blockquote>
Indeed! Maybe their IPv4 firewall does, but not their IPv6 one?<br>
<blockquote
cite="mid:CAPXCWas4NOjxW=tVzWa4m9doPLy8GTp6JK=02=5zse4OyUnrHg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra"> Also I <i>think</i> we're still only
assuming the sending domain is <a moz-do-not-send="true"
href="http://utoronto.ca">utoronto.ca</a>: I don't recall
seeing an unobfuscated set of details.</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">But there's certainly quite a few
things in this area Brian needs to investigate!<br>
<br>
Cheers,</div>
<div class="gmail_extra">Mike B-)<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature">
<div dir="ltr">
<div><font color="#666666">Systems Administrator &
Change Manager</font></div>
<div><font color="#666666">IT Services, University of
York, Heslington, York YO10 5DD, UK</font></div>
<div><font color="#666666">Tel: +44-(0)1904-323811</font></div>
<div><font color="#666666"><br>
</font></div>
<div><font color="#666666">Web:<span style="white-space:pre"> </span><a
moz-do-not-send="true"
href="http://www.york.ac.uk/it-services"
target="_blank">www.york.ac.uk/it-services</a></font></div>
<div><font color="#666666">Disclaimer:<span style="white-space:pre"> </span><a
moz-do-not-send="true"
href="http://www.york.ac.uk/docs/disclaimer/email.htm"
target="_blank">www.york.ac.uk/docs/disclaimer/email.htm</a></font></div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng MBCS CITP CEng
'When I read Shakespeare I am struck with wonder
That such trivial people should muse and thunder
In such lovely language.' - D.H. Lawrence
<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</pre>
</body>
</html>