SPF Question

callthatgirl

callthatgirl

Well-Known Member
Vendor
Reaction score
2,847
Location
Fort Myers, FL
Hey gang, so I use an online scheduling system vCita.com. I had many issues with their appointments going to junk, so I had to deal with them to update their SPF records. They did and things worked great, now some clients are back to getting them in the junk mail. I was wondering if anyone who deals with this can offer any advice. I'm pretty sure it's a "them" problem and they will take action but I have to tell them exactly what to fix apparently.
 
If the emails are coming from @vcita.com, and going to junk. That means vcita.com has a reputation or configuration problem. It isn't your job to troubleshoot that, they should have people to handle that, and if they don't, or making a simple complaint isn't enough to get them to do their jobs...

Well... it's time to find a new service.

*edit*

Did a quick look and... well...

They're including several IP addresses, Google's SPF, Zendesk, hubspot, AND M365 SPFs...

The record is huge. And while it's valid, it's not reasonable to assume both Google and M365 are authoritative for this domain. They're being dumb online, and they should be caught as spam.
 
Last edited:
lol, I know. I will push for them, been with them for 9 years and all my marketing links are with them. I could leave but would be months of work for me.
 
Yeah those IP addresses in the SPF are for SendGrid which I'd find hard to believe only have 4-5 addresses. It could be the emails you received were sent from an IP on that list so passed SPF. But the emails sent to clients came from one of the 100+ other IP's SendGrid likely have so failed SPF and got junked.

They should simply have used include:sendgrid.net which covers the lot.

However, you won't know for sure without seeing some data on the junked emails. If you can get a client to forward you a copy (as an attachment - not a standard forward) then you could check the headers for SPF pass or failure.
 
@SAFCasper OMG you're right!

Not only are they integrating sendgrid improperly, but they didn't even do the IP's in the SPFs correctly. They tried to authorize specific IPs in a dynamic cluster and didn't even bother to have the brain power to specify a range!

So yeah, that's probably 100% of the problem right there. Someone didn't bother to follow Sendgrid's CLEAR INSTRUCTIONS.

@callthatgirl I mean that, Sendgrid hand holds their customers through not only SPF, but DKIM as well. So you can integrate Sendgrid completely, perfectly, and fully authorized all the way through DMARC. And it's basically copy / paste.

If it helps, you could let them know I'm looking for a full time position lol! They apparently need an infrastructure engineer badly!
 
@Sky-Knight they do need help, last time I had to force them to send to dev for this and finally, they said I was right. Now, this new issue, so I will send over to them again.

@Sky-Knight I happen to know a MSP that wants a FT Azure engineer, they asked me to come on board and send me to training but I declined. I can see if they are still looking.
 
@SAFCasper @Sky-Knight

So I put in a report and now sendgrid is gone. I told them to update not delete. Now I wonder if removing sendgrid will help or not.

v=spf1 include:_spf.google.com ip4:167.89.106.200 ip4:167.89.12.67 ip4:167.89.106.181 ip4:149.72.130.123 ip4:149.72.138.120 include:mail.zendesk.com include:support.zendesk.com include:spf.protection.outlook.com include:7749671.spf02.hubspotemail.net -all
 
@callthatgirl That's still wrong... they need to RTFM, all those ip4 directives are replaced by a single spf.sendgrid.net entry.

And honestly, if they aren't capable of auditing that record, they've seriously got talent issues they need resolved. I'm in a place now where they need to pay me $300 and I'll fix it for them. It'll take about 15min, assuming they can also provide me access to their sendgrid account.

I'd LOVE to show the idiot in charge there the specific hand holding screen in his Sendgrid account he just straight up ignored...
 
@Sky-Knight so yeah, I'll see what I can do to get you in there. This really concerns me as this was their last reply....ugh, so no one there knows and is just playing around? Seriously?

When I opened the request to for our Dev team to update the SPF record, they asked me what this is needed for, and if there is actually an issue, how can we reproduce it.
 
@callthatgirl The Dev team being responsible for infrastructure... There is no issue to reproduce, their SPF record is simply malformed in relation to using the Sendgrid service. So they either need to remove all those ip4 entries, or fix them to reference Sendgrid correctly.

To put it in Southern terms.... they need to Sh*t or get off the pot!

All you should have to tell them is their mail is landing in spam folders because of SPF failures. Anything more than that, is completely on them to figure out.

Seriously, they just replace all those ip4 entries with "include:sendgrid.net"

Assuming of course they're actually using Sendgrid... that's a HUGE assumption I might add. They might be using the static services sendgrid offers too... so those IPs might be valid. Perhaps they forgot one?

Someone needs to audit that mess.
 
Last edited:
So they listened and updated it, my appts are still hitting junk. I told them they need to hire help!
@Sky-Knight @SAFCasper

this looks worse
v=spf1 include:_spf.google.com ip4:167.89.106.200 ip4:167.89.12.67 ip4:167.89.106.181 include:sendgrid.net include:mail.zendesk.com include:support.zendesk.com include:spf.protection.outlook.com include:7749671.spf02.hubspotemail.net -all
 
callthatgirl said:
So they listened and updated it, my appts are still hitting junk. I told them they need to hire help!
@Sky-Knight @SAFCasper

this looks worse
v=spf1 include:_spf.google.com ip4:167.89.106.200 ip4:167.89.12.67 ip4:167.89.106.181 include:sendgrid.net include:mail.zendesk.com include:support.zendesk.com include:spf.protection.outlook.com include:7749671.spf02.hubspotemail.net -all
Click to expand...
At least they've added include:sendgrid.net, but they've still got the 3 sendgrid IPv4 addresses which i doubt are needed and i dont think they need the outlook.com one as they have google MX records so i dont think they are using M365 for email.
 
callthatgirl said:
So they listened and updated it, my appts are still hitting junk. I told them they need to hire help!
@Sky-Knight @SAFCasper

this looks worse
v=spf1 include:_spf.google.com ip4:167.89.106.200 ip4:167.89.12.67 ip4:167.89.106.181 include:sendgrid.net include:mail.zendesk.com include:support.zendesk.com include:spf.protection.outlook.com include:7749671.spf02.hubspotemail.net -all
Click to expand...
Honestly this is the point where you look at your tenant and try to figure out why your end marked it spam. This is harder than it needs to be on M365 though.

Given what I'm seeing though, I'll bet the sendgrid portion of the SPF isn't being processed because they've made their SPF too long. Which is yet more malformation, and stupidity on their part. The reasons why are in the thread posted by others... these people just keep digging a larger hole.
 
Last edited:
Any chance they (or you) are on a blacklist? Also, I saw something the other day (just reading something about DMARC, I think) that mentioned .biz domains get treated with more suspicion by many filters... That's only anecdotal, I don't have any data to back up that claim.
 
You must log in or register to reply here.

Similar threads

thecomputerguy
Why is this SPF record not working?
Replies
13
Views
492
Markverhyden
Markverhyden
HCHTech
Email authentication help
Replies
7
Views
363
Sky-Knight
Sky-Knight
thecomputerguy
SPF issues causing all mail from vendor to go to Junk.
Replies
6
Views
924
Markverhyden
Markverhyden
YeOldeStonecat
Lenovos new ThinkPad X9 series
Replies
4
Views
273
twwabw
twwabw
Velvis
Dentist office using Eaglesoft
Replies
1
Views
95
YeOldeStonecat
YeOldeStonecat
Back
Top