<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:"Century Gothic";
        panose-1:2 11 5 2 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0cm;
        font-size:10.0pt;
        font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:"Courier New";}
p.v1msonormal, li.v1msonormal, div.v1msonormal
        {mso-style-name:v1msonormal;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
p.v1v1msonormal, li.v1v1msonormal, div.v1v1msonormal
        {mso-style-name:v1v1msonormal;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.EmailStyle33
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:932930272;
        mso-list-type:hybrid;
        mso-list-template-ids:602549618 -527935616 201916419 201916421 201916417 201916419 201916421 201916417 201916419 201916421;}
@list l0:level1
        {mso-level-start-at:5;
        mso-level-number-format:bullet;
        mso-level-text:-;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Calibri",sans-serif;
        mso-fareast-font-family:Calibri;}
@list l0:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l0:level3
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l0:level4
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l0:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l0:level6
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
@list l0:level7
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Symbol;}
@list l0:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:"Courier New";}
@list l0:level9
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        font-family:Wingdings;}
ol
        {margin-bottom:0cm;}
ul
        {margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">We see it fairly often, as companies take on multiple cloud services which need to send on behalf of their email domain. They all expect you to include their SPF, and they may have a few of their
 own includes, multiply this a few times with different services and you easily hit the limit.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1"><span style="mso-fareast-language:EN-US">Ross<o:p></o:p></span></li></ul>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> AusNOG <ausnog-bounces@lists.ausnog.net>
<b>On Behalf Of </b>Noel Butler<br>
<b>Sent:</b> Tuesday, 19 October 2021 10:34 AM<br>
<b>To:</b> ausnog@lists.ausnog.net<br>
<b>Subject:</b> Re: [AusNOG] [DKIM Failure] Re: Anyone knowledgeable from Mimecast here who can contact me off list?<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Ahhh, so it does indeed count through them all, that would explain the extra lookups, first time I've ever heard of someone being rejected because of it, but, until OP lets us know what the
 reject was for, we wont know.<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></p>
<p id="reply-intro"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">On 19/10/2021 12:23, Two Fat Monkeys - Dirk Bermingham wrote:<o:p></o:p></span></p>
<blockquote style="border:none;border-left:solid #1010FF 1.5pt;padding:0cm 0cm 0cm 5.0pt;margin-left:0cm;margin-right:0cm">
<div id="replybody1">
<div>
<div>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US">Whilst we're living on the edge here....</span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US"> </span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<pre><span style="font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US">To quote the RFC:</span><o:p></o:p></pre>
<pre><span style="font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US">"</span><span style="color:black">SPF implementations MUST limit the number of mechanisms and modifiers</span><o:p></o:p></pre>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">   that do DNS lookups to at most 10 per SPF check, including any</span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">   lookups caused by the use of the "include" mechanism or the</span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">   "redirect" modifier.  If this number is exceeded during a check, a</span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">   PermError MUST be returned.  The "include", "a", "mx", "ptr", and</span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">   "exists" mechanisms as well as the "redirect" modifier do count</span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">   against this limit.  The "all", "ip4", and "ip6" mechanisms do not</span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">   require DNS lookups and therefore do not count against this limit.</span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">   The "exp" modifier does not count against this limit because the DNS</span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">   lookup to fetch the explanation string occurs after the SPF record</span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Courier New";color:black">   has been evaluated."</span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US"> </span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US">Chris' SPF was even more borked earlier... Those includes need to be trimmed a bit further to comply...</span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US"> </span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US">DB</span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="v1msonormal"><span style="font-size:10.0pt;font-family:"Century Gothic",sans-serif;mso-fareast-language:EN-US"> </span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="v1msonormal"><strong><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">From:</span></strong><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> AusNOG <<a href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a>>
<strong><span style="font-family:"Verdana",sans-serif">On Behalf Of </span></strong>Noel Butler<br>
<strong><span style="font-family:"Verdana",sans-serif">Sent:</span></strong> Tuesday, 19 October 2021 1:11 PM<br>
<strong><span style="font-family:"Verdana",sans-serif">To:</span></strong> <a href="mailto:ausnog@lists.ausnog.net">
ausnog@lists.ausnog.net</a><br>
<strong><span style="font-family:"Verdana",sans-serif">Subject:</span></strong> [DKIM Failure] Re: [AusNOG] Anyone knowledgeable from Mimecast here who can contact me off list?<o:p></o:p></span></p>
</div>
</div>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Andrew,<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">This is likely off topic for this list, but anyway, since I live on the edge...<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">By my count there is only 3 not 10 mechanism lookups (and show me an implementation that actually stops at 10), I'm not so sure they should be counting the includes includes/a/aaaa's either,
 only the include itself, as includes are typically out of your control (it has been a very long time since I read that RFC so may be wrong)<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Anyway, if that was the issue, it would have surfaced long before now surely.<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">If I was a betting man, I'd say DNS caching is the cause, if I was a betting man, I'd also be betting someone didnt drop a TTL when preparing for the change, so will have to wait till records
 refresh.<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Of course all this is assumption because OP never posted the actual error message.<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Cheers<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
<p id="v1reply-intro"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">On 19/10/2021 09:07, Andrew Oakeley wrote:<o:p></o:p></span></p>
<blockquote style="border:none;border-left:solid #1010FF 1.5pt;padding:0cm 0cm 0cm 5.0pt;margin-left:0cm;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div id="v1replybody1">
<div>
<div>
<p class="v1v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Hi,<o:p></o:p></span></p>
<p class="v1v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
<p class="v1v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">If I was you; I would start by fixing your SPF.<o:p></o:p></span></p>
<p class="v1v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
<p class="v1v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">This will show you the errors<o:p></o:p></span></p>
<p class="v1v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><a href="https://click.pstmrk.it/2s/mxtoolbox.com%2FSuperTool.aspx%3Faction%3Dspf%253aheartland.com.au%26run%3Dtoolpage/rIZ9BSYN/OHBV/CM9CEIXU4J" target="_blank">https://mxtoolbox.com/SuperTool.aspx?action=spf%3aheartland.com.au&run=toolpage</a><o:p></o:p></span></p>
<p class="v1v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
<p class="v1v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Andrew<o:p></o:p></span></p>
<p class="v1v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="v1v1msonormal"><strong><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">From:</span></strong><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> AusNOG <<a href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a>>
<strong><span style="font-family:"Verdana",sans-serif">On Behalf Of </span></strong>Christopher Scholfield<br>
<strong><span style="font-family:"Verdana",sans-serif">Sent:</span></strong> Tuesday, 19 October 2021 7:04 AM<br>
<strong><span style="font-family:"Verdana",sans-serif">To:</span></strong> 'AusNOG Mailing List' <<a href="mailto:ausnog@ausnog.net">ausnog@ausnog.net</a>><br>
<strong><span style="font-family:"Verdana",sans-serif">Subject:</span></strong> [AusNOG] Anyone knowledgeable from Mimecast here who can contact me off list?<o:p></o:p></span></p>
</div>
</div>
<p class="v1v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
<p class="v1v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Yesterday we changed mail filters, Mimecast is the only email provider that has been rejecting our emails due to SPF problems for the last 20 odd hours.  Mimecast technical
 support has told me their customers who aren't getting our emails need to contact them so their tech support can explain how to bypass their mail filters for our mail server.<o:p></o:p></span></p>
<p class="v1v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
<p class="v1v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">I'd rather work with someone at Mimecast to resolve the cause of the problem.<o:p></o:p></span></p>
</div>
</div>
</div>
</blockquote>
<div>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">ophos.com._nspf.vali <o:p></o:p></span></p>
</div>
<div>
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"> <o:p></o:p></span></p>
</div>
<div id="v1signature">
<p class="v1msonormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">--
<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Regards,<br>
Noel Butlerimplimentation<o:p></o:p></span></p>
<table class="MsoNormalTable" border="1" cellspacing="0" cellpadding="0" width="748" style="width:561.0pt">
<tbody>
<tr>
<td style="padding:.4pt .4pt .4pt .4pt">
<p><span style="font-size:9.0pt;font-family:"Arial",sans-serif">This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not
 disseminate this message without the authors express written authority to do so.   If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal
 privilege are not waived or lost by reason of the mistaken delivery of this message.</span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif;color:white"> </span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><img border="0" width="1" height="1" style="width:.0104in;height:.0104in" id="_x0000_i1025" src="./?_task=mail&_id=577684408616e2d25855e0&_action=display-attachment&_file=rcmfile271634610469072202400"></span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Courier New"">_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><o:p></o:p></span></p>
</div>
</blockquote>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></p>
<div id="signature">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">--
<o:p></o:p></span></p>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif">Regards,<br>
Noel Butler<o:p></o:p></span></p>
<table class="MsoNormalTable" border="1" cellspacing="0" cellpadding="0" width="748" style="width:561.0pt">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p><span style="font-size:9.0pt;font-family:"Arial",sans-serif">This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not
 disseminate this message without the authors express written authority to do so.   If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal
 privilege are not waived or lost by reason of the mistaken delivery of this message.</span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p><span style="font-size:12.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></p>
</div>
</div>
</body>
</html>