By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS SES - authentication failure with vadesecure / open-exchange

0

Hello, On 17th Nov we started to get authentication failure reports (DMARC) from recipients / customers which are using services of vadesecure / open-exchange. I think open-exchange is mail provider and vadesecure provide some technology for mail filtration. We have DKIM records for aws ses domain and DMARC policy which state that failed authentication should got to junk. (soft) It was working fine until 17th November. We did not have any recent changes to mail content, domain or aws ses configuration. We contacted customer (using domain pointed to open-exchange MX servers) which is not tech savy. Because that emails are core of product we are offering their failure is not great. On 21st i send email to open-exchange but there is no answer from them. Today i contacted vadesecure but their support said that abuse team is processing only requests from their online form WHICH require to verify ip address of sender e.g. (AWS SES IP) which is obviously not possible. We do not have any paid support from AWS and it was never required for anything for far.

We only get report like that:

Feedback-Type: auth-failure
User-Agent: mtabuilder/1.0
Version: 1
Original-Mail-From: XXXXXXX0@amazonses.com
Original-Envelope-Id: XXXXXXXXXXXXXX
Authentication-Results: oxsus-vadesecure.net; dmarc=fail (p=quarantine) header.from=XXXXXX <messages@XXXXXX.com>
Auth-Failure:
Arrival-Date: Sat, 19 Nov 2022 17:50:01 +0000
Source-IP: 54.240.8.195
Reported-Domain: XXXX

Received: from a8-195.smtp-out.amazonses.com ([54.240.8.195]) by oxsus1nmtai02p.internal.vadesecure.com with ngmta id a6942fe6-17290db34cc8b7bf; Sat, 19 Nov 2022 17:50:00 +0000

On 18th i got similar reports for different product which is using infusion soft for marketing emails but again from vadesecure. there we have DKIM authentication for domains too. We do not have issues with any other major mailbox provider (gmail, microsoft, yahoo and etc). Having different providers failing because of vadesecure filtering indicate that probably vadesecure has something special .. which is more strict than most of the world.

DMARC policy which we have for all domains is

v=DMARC1; p=quarantine; sp=quarantine; pct=100; adkim=r; aspf=r; rua=mailto:XXXXX; ruf=mailto:XXXXX; fo=1;

Any advices are appreciated.

Topics
Front-End Web & MobileBusiness Applications
Tags
Amazon Simple Email Service
Language
English
Dimitar Rekinov
asked a year ago297 views
1 Answer
0

Any update? I have started to receive the same messages for our outbound emails; also no changes in our MX config, and we've had a 100% score on mxtoolbox for over a year. Were you able to resolve this?

AppCollScott
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content