Damn Spaces

Today on "Things I learned", I find out spaces, when they want to, will 'eff up your DNS records.

How do I know this. I had a potential client come in and ask why their email platform kept reporting to them that their DMARC wasn't set up. 

Oooo, I know how to start this one (or so I thought)...

  1. Ask for a test message
  2. Proceed to check headers (as I'm using a Workspace, it's a super fast check-a-roo in the Authentication-Results: header)
  3. Double-check result against a couple online tools
Everything looked peachy on the surface. DNS tools were showing it as correct and passing. Gmail was reporting that it was passing.

But it still wasn't being sensed.

Well, maybe it's a UI bug...

Send a test to aboutmy.email. If that comes back as passing, it's gotta be the UI.

Oh dang, aboutmy.email is saying it fails DMARC too. NOTE: I should have scrolled down at this point to see the details of the report, but I didn't have the results, my potential client on the other side of the screen did.

Something is off, but I can't see it in the online tools nor does it look off in the DNS being shown to me. 

Let's mess with the DMARC record a bit just to see. Disclaimer: don't mess with the DNS. I'm being a little silly with my word choice for fun. In reality, we just made an update.

Perhaps these tests are marking it as failed because the verbiage in both mentions having v=, p=, and rua=, but the record only has v= and p=. Doesn't feel like a good enough answer, but what the hell, let's go with it for now and run another test this time with an RUA.

So in goes an RUA record.

WOW, UI is sensing the DMARC record and it's passing in aboutmy.email.

Ok, this still makes no sense because I know aboutmy.email knows rua is not required.

So off I go asking questions.

And here is where I find out spaces be damned!

After a bit of back-and-forth, low and behold there was a space at the START of the DMARC record. The online tools weren't showing it because starting spaces in HTML be hidden. I didn't even CONSIDER how HTML could influence the output of a result - yet another learning from this one exercise caused by damn spaces. 

When this was run with dig or even host via the terminal, that space is a slap in the face...assuming you're wearing glasses to see it.

_dmarc.clientdomain.org. 13366 IN TXT " v=DMARC1; p=none;"

See it? Right there, before the 'v'.

Spaces in the front of the DMARC record prevented it from being sensed (not by everyone, but by enough to flag it as incorrect.)

And that right there is another thing I learned. One result is not enough, do it in MANY forms, especially if there is a problem that is fine on the surface, but you just know something is off. 

And pay attention to the details! I think that is my biggest 'damn it, I should have looked closer' moments here.

So what about the rua thing? Well the rua didn't do anything. The fix was updating the DMARC record. Somehow that mysterious space was in there, but was not visible in the UI (likely HTML having it's way with it) and by making an update to the record, that space was removed. We likely could have made a simple change to a semi-colon and had the same result (removing the space.)

And spaces (or the lack thereof) can plague you anywhere you go! Al Iverson, over at SpamResource, shares his story about how a missing space caused a spam filter to go haywire.

DAMN SPACES

Comments

Post a Comment

Popular posts from this blog

WELCOME TO ISKTBN!

Welcome to ISKTBN! ISKTBN  = I Should Know This By Now! This is a blog about those little things that leave you slapping your forehead going, "I KNEW THAT!" If you've ever had those moments, you are at home here. For the last couple years, a good friend has been telling me I should start a blog...get my name out there. Writing is hard so I put it off. Plus, so many others put out amazing content. Rich, educational, succinct, and just what you need. What more could I give or have time for beyond what I provide in my current role under my company's blog? Probably nothing that will change how people think.  BUT, after I had a moment of "DAMN, I should know this by now (ISKTBN)!" I realized I might have something I could share. Perhaps it'll give readers a chuckle...although maybe only those that know me. If not, perhaps they'll leave with the notion that I love the word 'DAMN' (I don't, but it's fun to type) and a nugget of knowledge tha...
Read more

DNS: It's Damn Hard

Image
It's Damn AWESOME Deliverability Week (don't forget to follow #deliverabilityweek on LinkedIn)! I'm diving into the DNS yet again because it's been the thorn in the side of small senders who venture my way so it's naturally top of mind. Join me on this ride to discover why the DNS is so damn hard! Today on "Things the Industry Learned" a LONG time ago (but we, alas, only mere mortals, painfully learn daily), the DNS (Domain Name System) is a beast. It's the root of all issues  (Almost all? Ok, fine. Not all, but a lot.)  and, when it wants to, will 'eff up your deliverability. In my long tenured position as a deliverability blogger of a whopping 3 to 4 months, 50% of my posts have something related to the DNS as the culprit behind the issue at hand! FIFTY PERCENT! Ok, fine, 4 issue-focused articles aren't much to be exasperated about. BUT I have been in this beautiful field of deliverability since (checks her resume...
Read more

DAMN Redirects

Image
Today on "Things my client and I learned", we find out the internet (via redirects), when it wants to, will 'eff up your sanity. I've been on a bender with so many of my stories focusing on DNS, but it's the backbone of the internet so it can't help but get in the way. And although the issue here isn't a DNS issue (that I can identify,) I bring it up because the story starts with a change made to the DNS. First, if you don't know anything about DNS other than it means "Domain Name System," know that DNS is damn hard and easy to mess up. Making changes to the DNS can be flat out terrifying. So after you make changes, if you find out something isn’t working (related to changes or not,) you immediately ask for help (or in my case a casual, "I noticed when I got to my site, it's not my site.") But you're not always able to explain what happened or why, all you can say is that things aren't working as they should. I will sa...
Read more