Email notifications problem

MortimercatMortimercat Registered Users Posts: 4 Big grins
I had trouble receiving my sign up verification Email - As this is my specialist area of knowledge, I was able to investigate - Long story short - The SPF record for smugmug.com does not include the IP of the forum emails. This would result in more Emails ending up in members spam folders and some members not receiving Emails. I fixed my problem by manually adding smugmug to my allow list, but I am not sure who to tell about the SPF problem.

Comments

  • RichardRichard Mildly bemused Madrid, SpainAdministrators, Vanilla Admin Posts: 19,387 moderator

    Hi Mortimercat and welcome to Dgrin. This is definitely not my area of knowledge, so I am struggling a bit understanding the problem here. Dgrin is hosted by Vanilla Forums, so email comes from SmugMug via Vanilla. I suppose that might be a problem if you are only allowing whitelisted sites to accept email. Is that the issue? I've never had a problem receiving email from the forum. Dunno.

  • MortimercatMortimercat Registered Users Posts: 4 Big grins
    It is a job for whoever set up the DNS for smugmug. They have taken the trouble to include a SPF record, but not included this forum. One solution would be adding "include:o1.smtp.vanillaforums.com" to the SPF record, another is to use ~all

    If you want a full explanation, read on...
    The SPF record is used in the fight against spam and other malicious/spoofed Emails. It provides a way for a recipients mail server to check that an Email really did come from an authorised user of the @smugmug.com domain.

    Smugmugs SPF record is "v=spf1 ip4:208.79.44.0/22 include:_spf.google.com include:amazonses.com include:mailgun.org include:spf.mandrillapp.com include:spf.mtasv.net -all". This configuration tells the world that Smugmug will only send Emails from Smugmugs own network or via Google, Amazon, Mailgun, Mandrillapp and mtasv and *nowhere else*.

    Emails from this forum arrive via the Vanilla Forum IP address (208.117.49.186). If the recipients mail server does a SPF check, it will conclude that it has not been sent by an authorised user of the @smugmug.com domain. The -all flag is a strict implementation - "Fail everything not in the list" .

    Here is an online tool that confirms that it is a fail. https://mxtoolbox.com/SuperTool.aspx?action=spf%3asmugmug.com%3a208.117.49.186

    So the main point is that the SPF record is wrong, but why am I the only one to notice? (There are some other forum messages referring to non delivery of notifications, it may explain some of those).

    The main reason is that most mail servers err on the side of caution. A failure with a SPF lookup would normally just increase an Emails "Potential Spam Score". For most people, the forum Emails would get through but with a higher risk of ending up in the spam folder.

    This is my specialist area so I run my own personal mail server and I choose to implement a strict SPF policy. SmugMugs SPF clearly states that this forum is not authorised to send Emails, so I was rejecting them.

    It is not a major issue, but it is something that is easily corrected and it will improve the reliability of the forums Emails although I cannot guarantee you will notice.
  • RichardRichard Mildly bemused Madrid, SpainAdministrators, Vanilla Admin Posts: 19,387 moderator

    Thanks for the detailed explanation. I'll pass this along to the folks at SmugMug.

  • rainforest1155rainforest1155 SmugMug Support Hero Registered Users Posts: 4,542 Major grins
    edited November 29, 2020

    I asked our Ops team to take a look at your report. Thanks for sharing the details.

    Sebastian
    SmugMug Support Hero
  • rainforest1155rainforest1155 SmugMug Support Hero Registered Users Posts: 4,542 Major grins

    Our Ops team let me know that they added the forums IP to the SPF record and this should resolve the issue.

    Sebastian
    SmugMug Support Hero
  • MortimercatMortimercat Registered Users Posts: 4 Big grins
    Excellent news :smile: I removed you from my allow list and I still get the Emails, so it definitely worked. :triumph: Nice to see I have helped others too.
Sign In or Register to comment.