Jump to content


Photo

Log more details for SPF blocks

SPF logging

  • Please log in to reply
2 replies to this topic

#1 Johnny Lee Conroy

Johnny Lee Conroy
  • Members
  • 28 posts

Posted 06 April 2018 - 01:01 PM

We recently turned on blocking for SPF hard failures.  We were tagging these messages before and could use the "View Message" and "View Source" information to diagnose why the messages were being tagged, which helped a lot with resolving issues with valid senders who just needed to update their SPF records.

 

Now that we are blocking these messages instead of tagging them, we get no information about the messages other than the from/to addresses and timestamp.  The subjects are blank and there is nothing in either the Message Log Details, View Message or View Source windows so we've got nothing to work with.

 

I opened a ticket with Barracuda support and the technician said that this is by design and that some other message blocks have the same result, but I find it to be inconsistent depending on the reason for the block.  Barracuda Reputation blocks also have a blank subject line, View Message and View Source window, but the Message Log Details window is populated.  ZeroHour Intent blocks populate everything.  Invalid Recipient blocks don't populate the View windows, but they do populate the Message Log Details.

 

I realize that some of these differences have to do with when in the workflow the message gets blocked, but no matter how early that happens with SPF blocks, the gateway must have enough information to populate at least the Message Log Details window and maybe even the View Source window.  That information is crucial for diagnosing SPF failures and providing senders with information they can use to resolve the issue.

 

The only workaround we know of so far is to temporarily change the SPF setting to something other than Block and have the user re-send the message so we can get access to these details.

 

It would be really helpful to have Barracuda change how SPF failures get logged.



#2 Steve Dunn

Steve Dunn
  • Members
  • 4 posts

Posted 25 May 2018 - 09:49 AM

"I realize that some of these differences have to do with when in the workflow the message gets blocked"

 

Exactly.  SPF requires two pieces of information:  the IP address (which is known as soon as the connection is initiated) and the envelope sender (which is provided before the message).  At that point, there is no email to show - no headers (including the Subject: header), no body, nothing.  To use a phone analogy, here's the conversation as it is:

 

[caller display shows number]

You:  Hello

Caller:  I'm calling from [name]

You:  [looks up name, sees it doesn't match number] No. [hangs up]

 

What you're asking for would require it to be:

 

[caller display shows number]

You:  Hello

Caller:  I'm calling from [name]

You:  [looks up name, sees it doesn't match number] OK

Caller:  May I speak to [you]?

You:  OK

Caller:  [wastes your time telling you how great their fake Ray-Bans are]

You:  No. [hangs up]



#3 Amit Patel

Amit Patel
  • Members
  • 8 posts

Posted 03 July 2018 - 08:46 AM

One other customers would like to have additional information regarding SPF checks. They would like to have check or validation when SPF passes in the header information. They would also like why is the Header not including Received-SPF: TempError or PermError results are not shown .  They would like to add these features in the next firmware.