Gmail SPF Softfail 0.0.0.0 when sending between accounts on the same server.
Hello all.
I'm facing a problem what is news to me, when users send messages to other users on the same server. Messages sent to other servers are working fine. After received some custommers complains, I did testes and I noticed the problem. The 3 scenarios bellow I tested using the same sender and same recipient in test 1 and 2. In test 3 it is a different recipient.
Situation 1, sending via webmail - Received with problems.
When a user sends by their webmail to a recipient account on the same server, and the recipient receives the message in Gmail, the message does not go to spam, but SPF registers IP 0.0.0.0 and DKIM and DMARC are not registered.
Situation 2, sending via local Outlook - It went to spam. When the same user sends through their local outlook and the recipient receives it in Gmail, the message goes to Spam and a softfail is registered. SPF registers IP 0.0.0.0 again and DKIM and DMARC are not registered. In this case, IP xxx.xxx.xxx.xxx shows the local connection IP of the user and not the IP of the server.
Situation 3, sending via Outlook or local Webmail to another server - Received without any problems. When the user sends via local Outlook or webmail to another server (in this test a Gmail) the message is received perfectly without any problems. SPF, DKIM and DMARC are registered correctly. In this case, xxx.xxx.xxx.xxx shows the server IP and not the user's local IP.
I never had this problem in years, maybe something changed with last Cpanel updates? Or Gmail changed something to use it to read messages in Cpanel servers? I did some checks on the DNS settings and they are all fine. Tested by emailing
SPF: PASS with IP 0.0.0.0
Authentication-Results: mx.google.com;
spf=pass (google.com: did not find external ips, assuming domain of xxxxx@xxxxx.com.br as allowed sender) smtp.mailfrom=xxxxx@xxxxx.com.br
Received-SPF: pass (google.com: did not find external ips, assuming the domain of xxxxx@xxxxx.com.br as allowed sender)
Situation 2, sending via local Outlook - It went to spam. When the same user sends through their local outlook and the recipient receives it in Gmail, the message goes to Spam and a softfail is registered. SPF registers IP 0.0.0.0 again and DKIM and DMARC are not registered. In this case, IP xxx.xxx.xxx.xxx shows the local connection IP of the user and not the IP of the server.
SPF: SOFTFAIL with IP 0.0.0.0
Authentication-Results: mx.google.com;
spf=softfail (google.com: transition domain xxxxx@xxxxx.com.br does not designate xxx.xxx.xxx.xxx as allowed sender) smtp.mailfrom=xxxxx@xxxxx.com.br
Received-SPF: softfail (google.com: transition domain xxxxx@xxxxx.com.br does not designate xxx.xxx.xxx.xxx as allowed sender) client-ip=xxx.xxx.xxx.xxx;
Situation 3, sending via Outlook or local Webmail to another server - Received without any problems. When the user sends via local Outlook or webmail to another server (in this test a Gmail) the message is received perfectly without any problems. SPF, DKIM and DMARC are registered correctly. In this case, xxx.xxx.xxx.xxx shows the server IP and not the user's local IP.
SPF: PASS with IP xxx.xxx.xxx.xxx
DKIM: 'PASS' with domain xxxxx.com.br
DMARC: 'PASS'
ARC-Authentication results: i=1; mx.google.com;
dkim=pass header.i=@xxxxx.com.br header.s=default header.b=jB7ZS2WC;
spf=pass (google.com: domain of xxxxx@xxxxx.com.br designates xxx.xxx.xxx.xxx as allowed sender) smtp.mailfrom=xxxxx@xxxxx.com.br;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=xxxxx.com.br
I never had this problem in years, maybe something changed with last Cpanel updates? Or Gmail changed something to use it to read messages in Cpanel servers? I did some checks on the DNS settings and they are all fine. Tested by emailing
-
Hey there! When a user sends by their webmail to a recipient account on the same server, and the recipient receives the message in Gmail
Can you clarify this part a bit for me? If they are sending the message to an account on the same server, what mechanism gets the message to Gmail? Is there a forwarder or mailing list in place?0 -
Hello cPrex. Yes sure, sorry for any misconception in explaining. No forwardings or lists, but pop3. I notice the issue with users who host their domains and emails on my server but download (from my server) and read their emails in gmail.com via pop3 (Gmail settings > Accounts & Import > Check emails from other accounts). 0 -
If you do a search on Google for their own "SPF: PASS with IP 0.0.0.0" message, you only get two results, both of which aren't helpful. Since the SPF record checks out everywhere else, you may want to contact Google directly to see if they can offer more specific details on that behavior as I'm not finding anything on my end. 0 -
I'm not able to merge a thread that's five years old, but I'm happy to talk about the issues here. 0 -
I did remove that reply as the thread was five years old. 0 -
@vikins - I thought I actually merged it into this thread but apparently that didn't work! Can you post that again? 0 -
It was the appropriate place to post because the issue is still happening and that cPanel thread was the most informative and well documented. The most well documented thread anywhere I can find about the issues is this one: 77473 This happens when people make use of gmail feature "Check mail from other accounts". You can config a gmail account to POP mail from any legit POP mail account and it will pull it into your gmail and process the mail. It will not pull in emails with suspicious attachments though and I've never seen it have a false positive. But unlike when you simply forward mail to gmail, it rewrites the headers in a very strange way and ends up doing an spf check on the client IP address of the original email sender. As in, their home IP address of their wifi router, which makes no sense whatsoever for spf. The key thing here is that this doesn't happen with all mail. This only happens with mail that is delivered locally on the server. For example, when a customer sends an email to another customer on the same shared server. That email will process internally and not go through SMTP. It is in these cases that the gmail feature "Check mail from other accounts" will rewrite the header and then it will fail spf and produce this warning. It is a very specific kind of case, but nonetheless it does happen more than you'd think. Since google isn't going to fix this anytime soon, there are suggestions out there that adding a header using exim can resolve the issue. I'd like to discuss how this can be accomplished. 0 -
Thanks for that - I spoke with our email team and they thought it would be best to submit a ticket to our support team so we can see this in action on the server-side to see if there is anything we can do on our end. 0 -
Ticket # 94440007 has been created. 0 -
Thanks - I'm following along with that on my end as well. 0 -
@Metro2 It sounds like you resolved a part of the issue, possibly by getting your spf / dkim / dmarc properly aligned, which can resolve the gmail warning message for most situations. But I think the 10% of messages that you mention that are still having an issue is due to the same issue I'm seeing. These are messages are ones produced by the server and/or messages between users on the same server, meaning messages that are handled internally on the server. Those that go though normal SMTP channels are not affected by this issue. Happy to keep working together to solve this last 10% of the issue. 0 -
@vikins - I actually didn't solve anything. I know my message had a lot of words to skip through, but I mentioned that even before the problems started, SPF/DKIM/DMARC were ALREADY correct. The Workspace technicians I chatted with (and their supervisors) were baffled. But yes, that is in regard to normal mailing situations. Indeed some of the ones that are automated through server notifications (and things like help desk scripts) that may identify as either 0.0.0.0 or no obvious actual sender verify, even if they pass DKIM in some cases, are getting tagged as spam or dangerous by Gmail still. For example - 1 out of every 8 "high 5 minute load alert" messages I receive to an actual POP3 domain account that I have set up in a Gmail account as "Check mail from other accounts" is still getting marked as spam and even some standard server alerts & messages between users on their own domain send email directly to each other (but using Gmail as their POP3 client) are getting marked with the "Caution" banner and suspect as phishing. For no identifiable reason whatsoever. It's going to take a lot of people reporting this situation directly to Google for anything to get done, and even then... expect a long wait. 0 -
Yes indeed, and it is a conundrum to me that Gmail bases it's algorithm on only the IP of the sender even if they're authenticated when the server sends local messages directly to a domain account. It would be wonderful if Google had a support division that was dedicated to working with other providers, but apparently that's only possible if you're already too wealthy to have to work this crap every day like a slave. 0 -
This has been happening to me too over the last few months, with communication between my clients and myself on the same server being flagged as Softfail too (using Gmail POP3/SMTP). Very annoying as there seems to be no solution. Could a possible fix be for cPanel to include an option to never send email locally across accounts on the same server? What are the repercussions of setting all accounts to 'Remote mail server' in the existing setup? I have SPF, DKIM and DMARC set up on all accounts. 0 -
I appreciate the way people in this thread can contribute to solving the problem. Based on @vikins' answer, I did tests today by changing the SPF. First I add the sender's local IP address in the domain's SPF record (domain.com). Didn't work, softfail happens in Gmail. Second, I add the sender's local IP address to the hostname's SPF record (server.domain.com). It worked, the softfail did not happen. So for my clients who have fixed IP address at their location, I am putting their IPs in the hostname SPF records. This works as a partial server-side solution to bypass Gmail's SPF checker. Of course, this doesn't solve it for all my clients, as some of them use dynamic IPs, but it minimizes the problem for me at this point until a complete solution appears. 0 -
Hello guys. I have a workaround when the customer's email account is being sent over a local broadband dynamic IP. I will share it here. It's simple, just use some dynamic IP hostname service like "noip.com" in the SPF record. " In my house I have internet with dynamic IP. " I registered an account at noip.com (free or paid, it doesn't matter). " I create a hostname for my home in noip.com, eg. digitalcomunicshouse.ddns.net " I downloaded the DUC (noip client) and installed it on my home computer. " Then I add the hostname in the SPF record for my domain, in cpanel, like this: "v=spf1 ip4:xxx.xxx.xxx.xxx a:digitalcomunicshouse.ddns.net +a +mx ~all" Now gmail no longer gives SOFTFAIL 0.0.0.0, but PASS 0.0.0.0. And the message is no longer marked as spam. I will be sending out a newsletter to my complaining customers to get them to do this too. Best regards! 0
Please sign in to leave a comment.
Comments
20 comments