-
Given all that... what do I need to change? Just the aspf=s to aspf=r?
Exactly that, or remove the aspf tag entirely as the implied default is aspf=r so we don't even bother telling people to use the tag at all (same with adkim, but your DKIM is strictly aligned so fine for that to stay).
em8141.microcosm.app. 1 IN CNAME u151537.wl038.sendgrid.net. is the record that is covering your SPF for the dedicated IP currently.
Authentication-Results: mx.google.com;
dkim=pass header.i=@microcosm.app header.s=s1 header.b=s5EMKk8t;
dkim=pass header.i=@sendgrid.info header.s=smtpapi header.b=XTesXENi;
spf=pass (google.com: domain of bounces+151537-6093-ams.stevenson=googlemail.com@em8141.microcosm.app designates 192.254.117.114 as permitted sender) smtp.mailfrom="bounces+151537-6093-ams.stevenson=googlemail.com@em8141.microcosm.app";
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microcosm.appI would ideally need to see DMARC reporting to be fully confident to shit-can the "permit ALL of Sendgrid" records from 151537.microcosm.app. and the org domain. They won't be breaking anything, just being over permissive. 99.9% of the time, Sendgrid will use a subdomain for the Mail From so they can specifiy themselves in the MX (by way of the above CNAME) so they can handle bounce processing.
You are reading a single comment by @stevo_com and its replies.
Click here to read the full conversation.
stevo_com
Thanks,
I use Fastmail to be able to reply authoritatively from the domain.
I use SendGrid to send email from the websites and also from Auth0.
SendGrid is configured with a custom IP, which is 192.254.117.114 as seen below.
This is what I've currently got:
I would like strict alignment in SPF, and when achieved do want DMARC enforcement. I pay for nothing that gives me insight into DMARC so once semi-confident I chose to fail fast and hard so that someone just screams if something were amiss.
Given all that... what do I need to change? Just the
aspf=stoaspf=r?