Fix SPF Verification #3971

nickumia-reisys · 2022-09-26T13:25:19Z

datagov-brokerpak-smtp @ main
datagov-ssb @ main
catalog.data.gov @ main

How to reproduce

Look at the DMARC report from google.com (sent to datagovhelp@gsa.gov)

Expected behavior

Everything passing

Actual behavior

SPF Failing

Sketch

[Notes or a checklist reflecting our understanding of the selected approach]

Fix the organizational domain in the SPF record?

References:

nickumia-reisys · 2023-03-07T15:45:23Z

Depends on

Understand SPF as it relates to DMARC Reports #4228

nickumia-reisys · 2023-03-09T14:31:05Z

Having manually implemented this on prod, here are the results and considerations for implementing the "permanent" fix:

In the old failing report from google
- there were 9 mail servers based at the amazonses.com domain
- all failing SPF.
In the new report from google, there are 18 servers
- 9 based at the amazonses.com domain
- 9 based at the ses-513xxx.ssb.data.gov domain
- The amazonses.com servers are failing, the ses-513xxx.ssb.data.gov servers are passing (i.e. 50% passing rate).
To get a 100% passing rate, we could disable the "fallback" option that keeps the amazon domain servers around if the ssb.data.gov servers are no responding.

Based on this decision, we can,

Try to upgrade the ssb and then update each service instance
Try to upgrade the ssb and then recreate new smtp services for catalog
Just forget about the ssb and manually edit the setting in AWS. If the service instance ever gets changed, this would need to be reimplemented. But it is the quickest implementation (minutes vs. hours).

nickumia-reisys · 2023-03-09T23:03:42Z

The manual fix has been implemented for catalog-smtp (prod). A new issue has been created to make the fix permanent for all new smtp instances

Update datagov-brokerpak-smtp #4232

nickumia-reisys added the bug Software defect or bug label Sep 26, 2022

nickumia-reisys mentioned this issue Sep 26, 2022

Add DMARC report triage #3972

Merged

nickumia-reisys mentioned this issue Mar 8, 2023

Understand SPF as it relates to DMARC Reports #4228

Closed

1 task

nickumia-reisys self-assigned this Mar 9, 2023

nickumia-reisys added this to data.gov team board Mar 9, 2023

nickumia-reisys moved this to 👀 Needs Review [2] in data.gov team board Mar 9, 2023

nickumia-reisys mentioned this issue Mar 9, 2023

Update datagov-brokerpak-smtp #4232

Open

5 tasks

nickumia-reisys closed this as completed Mar 9, 2023

github-project-automation bot moved this from 👀 Needs Review [2] to ✔ Done in data.gov team board Mar 9, 2023

nickumia-reisys mentioned this issue Mar 9, 2023

O+M 16-3-2022 #4224

Closed

8 tasks

nickumia-reisys added component/ssb Testing labels Oct 9, 2023

nickumia-reisys moved this from ✔ Done to 🗄 Closed in data.gov team board Oct 9, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix SPF Verification #3971

Fix SPF Verification #3971

nickumia-reisys commented Sep 26, 2022

nickumia-reisys commented Mar 7, 2023 •

edited

Loading

nickumia-reisys commented Mar 9, 2023 •

edited

Loading

nickumia-reisys commented Mar 9, 2023

Fix SPF Verification #3971

Fix SPF Verification #3971

Comments

nickumia-reisys commented Sep 26, 2022

How to reproduce

Expected behavior

Actual behavior

Sketch

nickumia-reisys commented Mar 7, 2023 • edited Loading

nickumia-reisys commented Mar 9, 2023 • edited Loading

nickumia-reisys commented Mar 9, 2023

nickumia-reisys commented Mar 7, 2023 •

edited

Loading

nickumia-reisys commented Mar 9, 2023 •

edited

Loading