Notification eMails failing: this can be the reason

Dewege · December 12, 2013, 8:37am

If your receiving mail server follows SPF rules, the notifications are rejected, because of a configuration flaw in the wdc.com domain records.

SPF is a system to reduce spam: the domain-owner (eg. wdc.com) defines in his domain records the ip-addresses of mail servers in order to authorize them to send eMails from this domain (eg. from sender@wdc.com).
Receiving mail servers can now check, if an email is coming from an authorized server by checking the SPF-entry of the senders domain. If an mail is beein delivered from a non authorized server it is probably spam and will be rejected.
(Further reading here: http://en.wikipedia.org/wiki/Sender_Policy_Framework))

Notifications of MyBookLive with a sender address of nas.alert@wdc.com are sent by notify.senvid.net which is NOT authorized by wdc.com! If your mail server adheres to SPF, the mail is rejected because notify.senvid.net is not listed as an authorized server in the wdc.com domain records (see here: http://network-tools.com/nslook/Default.asp?domain=Wdc.com&type=16&server=67.222.132.198&class=1&port=53&timeout=5000&go.x=14&go.y=6))

I’ve filed a support ticket at wd-support a week ago, but no solution yet.
In the wdc.com domain record this server simply needs to be added.

If the notifications dont reach you, there’s a high possibility that this is the reason.
Try sending a notification to a gmail-address. Then look at the detailed headers of the received email: gmail detects the non SPF-authorized server, logs the error to the mail header, but lets the email pass anyway.

Do you have the same problem?
Dewege

TonyPh12345 · December 12, 2013, 2:59pm

I think there’s something else at work – not just simple SPF.

Both my corporate domain MX’s and my GoDaddy MX (which I configured myself) have SPF rules – and notifications arrive safely to both.

Hmmm.

Dewege · December 12, 2013, 4:45pm

The SPF of your own domains have only an effect when mail is sent with your domain as a sender. Other recievers can then check, if the sending server was authorized. When you are receiving mail your own SPF record has no effect.

If your own receiving server would check or not check a sender servers authorization is configured only in your mail server installation. This then uses the senders domain SPF record to check aganst.

So for notifications to fail it is sufficient to have a receiving mail server which checks SPF authorization of the sending server (and WDs misconfiguration of the domain wdc.com, which is not including/authorizing notify.senvid.net from which the alerts are sent.)

WD could fix this in three ways

add notify.senvid.net (198.107.148.103) to the SPF record
change the firmware to use an authorized server for @wdc.com sender
change the firmware to use a sender address which notify.senvid.net is authorized for
Or simply allow us to configure sender address and SMTP server ourselves

Dewege

TonyPh12345 · December 12, 2013, 4:49pm

D’oh – you’re right of course… I’m using SPF to block the SPAM that uses FROM addresses in my own domain.

techguytn1975 · January 11, 2014, 12:31am

I’ve tried sending to my gmail.com address, nothing… Thanks for the info though, it does explain alot