<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Century Gothic";
panose-1:2 11 5 2 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
font-size:10.0pt;
font-family:"Courier New";}
p.v1msonormal, li.v1msonormal, div.v1msonormal
{mso-style-name:v1msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle30
{mso-style-type:personal-reply;
font-family:"Century Gothic",sans-serif;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US">Whilst we’re living on the edge here….<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<pre><span style="font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US">To quote the RFC:<o:p></o:p></span></pre>
<pre><span style="font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US">”</span><span style="color:black">SPF implementations MUST limit the number of mechanisms and modifiers<o:p></o:p></span></pre>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black"> that do DNS lookups to at most 10 per SPF check, including any<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black"> lookups caused by the use of the "include" mechanism or the<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black"> "redirect" modifier. If this number is exceeded during a check, a<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black"> PermError MUST be returned. The "include", "a", "mx", "ptr", and<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black"> "exists" mechanisms as well as the "redirect" modifier do count<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black"> against this limit. The "all", "ip4", and "ip6" mechanisms do not<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black"> require DNS lookups and therefore do not count against this limit.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black"> The "exp" modifier does not count against this limit because the DNS<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black"> lookup to fetch the explanation string occurs after the SPF record<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black"> has been evaluated.”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US">Chris’ SPF was even more borked earlier… Those includes need to be trimmed a bit further to comply…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US">DB<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> AusNOG <ausnog-bounces@lists.ausnog.net>
<b>On Behalf Of </b>Noel Butler<br>
<b>Sent:</b> Tuesday, 19 October 2021 1:11 PM<br>
<b>To:</b> ausnog@lists.ausnog.net<br>
<b>Subject:</b> [DKIM Failure] Re: [AusNOG] Anyone knowledgeable from Mimecast here who can contact me off list?<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Andrew,<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">This is likely off topic for this list, but anyway, since I live on the edge...<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">By my count there is only 3 not 10 mechanism lookups (and show me an implementation that actually stops at 10), I'm not so sure they should be counting the includes includes/a/aaaa's either,
only the include itself, as includes are typically out of your control (it has been a very long time since I read that RFC so may be wrong)<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Anyway, if that was the issue, it would have surfaced long before now surely.<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">If I was a betting man, I'd say DNS caching is the cause, if I was a betting man, I'd also be betting someone didnt drop a TTL when preparing for the change, so will have to wait till records
refresh.<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Of course all this is assumption because OP never posted the actual error message.<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Cheers<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></p>
<p id="reply-intro"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">On 19/10/2021 09:07, Andrew Oakeley wrote:<o:p></o:p></span></p>
<blockquote style="border:none;border-left:solid #1010FF 1.5pt;padding:0cm 0cm 0cm 5.0pt;margin-left:0cm;margin-right:0cm">
<div id="replybody1">
<div>
<div>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Hi,<o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">If I was you; I would start by fixing your SPF.<o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">This will show you the errors<o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><a href="https://click.pstmrk.it/2s/mxtoolbox.com%2FSuperTool.aspx%3Faction%3Dspf%253aheartland.com.au%26run%3Dtoolpage/rIZ9BSYN/OHBV/CM9CEIXU4J" target="_blank">https://mxtoolbox.com/SuperTool.aspx?action=spf%3aheartland.com.au&run=toolpage</a><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Andrew<o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="v1msonormal"><strong><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">From:</span></strong><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> AusNOG <ausnog-bounces@lists.ausnog.net>
<strong><span style="font-family:"Verdana",sans-serif">On Behalf Of </span></strong>Christopher Scholfield<br>
<strong><span style="font-family:"Verdana",sans-serif">Sent:</span></strong> Tuesday, 19 October 2021 7:04 AM<br>
<strong><span style="font-family:"Verdana",sans-serif">To:</span></strong> 'AusNOG Mailing List' <ausnog@ausnog.net><br>
<strong><span style="font-family:"Verdana",sans-serif">Subject:</span></strong> [AusNOG] Anyone knowledgeable from Mimecast here who can contact me off list?<o:p></o:p></span></p>
</div>
</div>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Yesterday we changed mail filters, Mimecast is the only email provider that has been rejecting our emails due to SPF problems for the last 20 odd hours. Mimecast technical
support has told me their customers who aren't getting our emails need to contact them so their tech support can explain how to bypass their mail filters for our mail server.<o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">I'd rather work with someone at Mimecast to resolve the cause of the problem.<o:p></o:p></span></p>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
</div>
<div id="signature">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">--
<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Regards,<br>
Noel Butlerimplimentation<o:p></o:p></span></p>
<table class="MsoNormalTable" border="1" cellspacing="0" cellpadding="0" width="748" style="width:561.0pt">
<tbody>
<tr>
<td style="padding:.4pt .4pt .4pt .4pt">
<p><span style="font-size:9.0pt;font-family:"Arial",sans-serif">This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not
disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal
privilege are not waived or lost by reason of the mistaken delivery of this message.</span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></p>
</div>
</div>
<img src="https://ea.pstmrk.it/open/v3_FVSWTR2ItKgSGdIhlcLxl9S5aRlXPucdpS44okY_zvopq3It60zsvIEcaXDPusZuta36Dt2rC8LHnHKNwB0lZYCQLIrjV8FeD0aZuY2j71PU3g2xyqfP0SXPjB9cJmAjnUyP22kyAi9nfEHRlDY7Z1dlikz7pENmH5E_TvhCWrgilgGD1YoIgm3Dp4CXXj7rnaPCccTf4u_h02W2MMJbe7XhgtjIkonIPAwvxEcmKz6voTzhkxpntL0CmU5Tu-xYvld3gmA7QxyUNWYlSFGORNy22X3SbwfQAj0Kefrhc-O0S4vzJ5ULU_SsLBO_cWLD9gYU_yU2mKqrSOg7Jgrxvq-B9tvd8Mb9G5dApxwkqv7p5HqTjwB4agBnmUNk_33mtBXi-BtdSnNRd7P4h2pvm_uum2jQUGu1KC5WctCFfV4Q2cWsawMKgbsuc5WPniCDn2rVzN70HXm-ds8rPtngUKV_4_9Q2srHLm6pRz4-KTDwYNUQN7jGN0VAKAkqiMUxo4v-zLTP1ewOkV5gtGGS6qGd1NVqZPdZHtOwuA_xJNE" width="1" height="1" border="0" alt="" /></body>
</html>