Email notifications problem
Mortimercat Registered Users Posts: 4 Big grins
I had trouble receiving my sign up verification Email - As this is my specialist area of knowledge, I was able to investigate - Long story short - The SPF record for smugmug.com does not include the IP of the forum emails. This would result in more Emails ending up in members spam folders and some members not receiving Emails. I fixed my problem by manually adding smugmug to my allow list, but I am not sure who to tell about the SPF problem.
Hi Mortimercat and welcome to Dgrin. This is definitely not my area of knowledge, so I am struggling a bit understanding the problem here. Dgrin is hosted by Vanilla Forums, so email comes from SmugMug via Vanilla. I suppose that might be a problem if you are only allowing whitelisted sites to accept email. Is that the issue? I've never had a problem receiving email from the forum. Dunno.
If you want a full explanation, read on...
The SPF record is used in the fight against spam and other malicious/spoofed Emails. It provides a way for a recipients mail server to check that an Email really did come from an authorised user of the @smugmug.com domain.
Smugmugs SPF record is "v=spf1 ip4:18.104.22.168/22 include:_spf.google.com include:amazonses.com include:mailgun.org include:spf.mandrillapp.com include:spf.mtasv.net -all". This configuration tells the world that Smugmug will only send Emails from Smugmugs own network or via Google, Amazon, Mailgun, Mandrillapp and mtasv and *nowhere else*.
Emails from this forum arrive via the Vanilla Forum IP address (22.214.171.124). If the recipients mail server does a SPF check, it will conclude that it has not been sent by an authorised user of the @smugmug.com domain. The -all flag is a strict implementation - "Fail everything not in the list" .
Here is an online tool that confirms that it is a fail. https://mxtoolbox.com/SuperTool.aspx?action=spf%3asmugmug.com%3a126.96.36.199
So the main point is that the SPF record is wrong, but why am I the only one to notice? (There are some other forum messages referring to non delivery of notifications, it may explain some of those).
The main reason is that most mail servers err on the side of caution. A failure with a SPF lookup would normally just increase an Emails "Potential Spam Score". For most people, the forum Emails would get through but with a higher risk of ending up in the spam folder.
This is my specialist area so I run my own personal mail server and I choose to implement a strict SPF policy. SmugMugs SPF clearly states that this forum is not authorised to send Emails, so I was rejecting them.
It is not a major issue, but it is something that is easily corrected and it will improve the reliability of the forums Emails although I cannot guarantee you will notice.
Thanks for the detailed explanation. I'll pass this along to the folks at SmugMug.
I asked our Ops team to take a look at your report. Thanks for sharing the details.
SmugMug Support Hero
Our Ops team let me know that they added the forums IP to the SPF record and this should resolve the issue.
SmugMug Support Hero