Back to Community Threads
1
Comcast users and GMail
Question asked by Diego Discacciati - 1/16/2025 at 7:23 AM
Unanswered
I have some users that are comcast customers. They are forced to use comcast server for outbound emails. Of course... comcast servers are not listed in our spf records (and it seems a bad idea to authorize comcast to send message for our domain, it defies the porpouse of SPF check) I tried to see if it worked and used include:spf.comcast.net 

Mail sent from comcast is still flagged... anybody solved this problem?

this is what I get from gmail reports:

<source_ip>2001:558:fd01:2bb4::6</source_ip> (this is a comcast IP address)
      <count>1</count>
      <policy_evaluated>
        <disposition>quarantine</disposition>
        <dkim>fail</dkim>
        <spf>fail</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>MYDOMAIN.com</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>comcastmailservice.net</domain>
        <result>pass</result>
        <selector>20211018a</selector>
      </dkim>
      <spf>
        <domain>MYDOMAIN.com</domain>
        <result>softfail</result>
      </spf>

even after including spf.comcast.net I still get an error. What do you do when you have users that are stuck with service providers like comcast that force all smtp messages to go through their servers with emails that have your header??? Any suggestion?

12 Replies

Reply to Thread
0
Tony Scholz Replied
1/16/2025 at 9:26 AM
Employee Post
Hello, 

Doing an SPF lookup on spf.comcast.net returns an empty string. Try including comcast.net. This looks to include that IPv6 address in your DMARC report. 

v=spf1 
ip4:96.103.146.48/28 
ip4:96.102.19.32/28 
ip4:96.102.200.0/28 
include:_spfv6.comcast.net 
include:_spf.mdp.comcast.net 
~all

Here is a lookup check using the IP address. 


~Tony
Tony Scholz System/Network Administrator SmarterTools Inc. www.smartertools.com
0
Diego Discacciati Replied
1/16/2025 at 10:12 AM
you are the best Tony...!!!

It seems to me this include process... defies the idea of spf... I mean, comcasts has millions of customer they all become authorized senders... same goes with the gmailers when we add gmail servers that control probabl;y 50% of the traffic? I am sure I am missing something in all of this...
2
Zach Sylvester Replied
1/16/2025 at 10:22 AM
Employee Post
Hey Diego, 

I might be misunderstanding but why are they forced to use Comcast servers? Are you referring to them having port 25 blocked? If so I would recommend having them try and connect through port 465 or 587 to your server if both those ports are blocked you can create a new binding for any port that isn't in use and assign that to the submission protocol. It sounds like they have their outlook configured to use your server for the incoming server and comast for the outgoing and are sending using their domain, which means it would likely fail DKIM and SPF. I recommend just having them connect directly to your server. 

Kind Regards, 
Zach Sylvester Software Developer SmarterTools Inc. www.smartertools.com
0
Heimir Eidskrem Replied
1/16/2025 at 11:01 AM
I had a Comcast business connection and so does several customers, I also have a Comcast residential account but never was I forced to use their SMTP.  

Are you sure your issue is not what Zach mentions above?  
0
Diego Discacciati Replied
1/16/2025 at 12:24 PM
Zach, yes, this user was complaining and sent me the email settings that is using. That is how I found out. And now I can explain all the fails in the gmail reports.

Heimir, I did have comcast few years ago and had a similar (most likely the same) problem, all standard ports blocked. Every time I was going from the office to the house I had to change my outgoing mail settings or nothing was going out. So I assume she is bound to do the same. From the screenshot I received I could not see the the advanced connection settings details like port.

I could only see user/ password/host for POP (to connect to our server) and user/ password/host for SMTP  (comcast). 

In any case including the comcast server should solve both our issues for the moment. If I have another younger user with a similar problem, will ask to play with connection ports.
0
Heimir Eidskrem Replied
1/16/2025 at 12:57 PM
What do you mean all standard ports are blocked.
Outing SMTP on 465 and 587 has been open on all residential Comcast connections I have used or managed.  Nothing is closed on comcast business.  
Same for POP3, MAPI, IMAP, etc.  

Which port are you using for outbound SMTP?

I have an Comcast residential and ATT fiber at my home office.  I
0
Diego Discacciati Replied
1/16/2025 at 2:40 PM
Heimir, lucky!!! I have no idea how it works now. When I was using Comcast back 8-9 years ago if you wanted to connect... you had to follow their directions... and I could connect to my server to retrieve messages but if I had to send anything out I had to use their settings, no going around it. I hope they changed... 
The only thing I can do is telling my user to try to use our connection settings instead of comcast... I assume she is not crazy, it is less complicated... than using 2 different settings for receiving and for sending...
0
Heimir Eidskrem Replied
1/17/2025 at 8:06 AM
@Diego
What port are you using for outbound SMTP on the Comcast connections.
Nothing lucky about the comcast residential connections.  They are set up to prevent users hosting servers like mail, web, etc  so they block outgoing port 25 and also incoming.  But we dont use port 25 for users sending emails.  
0
Diego Discacciati Replied
1/17/2025 at 9:16 AM
Thanks for the suggestion Heimir, but so far let's try Tony's suggestion first. I added Comcast to my spf.
It was the easiest solution. What do you use, because that might be the second best in case the spf trick does not work?
0
Heimir Eidskrem Replied
1/17/2025 at 9:46 AM
Why dont you answer the port question?
I wouldnt use comcast for anything.

Im on residential comcast here.  Using 465/587 for outbound SMTP and it works on every single comcast connection I have worked on for probably 2 decades.  
0
Diego Discacciati Replied
1/17/2025 at 10:03 AM
Sorry, I did answer, my answer is "I have no idea". I am not on comcast. The user is using MaxOS mail application with automatic connection settings so I have no idea what port she is using. Yesterday I tried to tell her to use our settings removing "automatically manage connection setting option" she could specify port, encryption andauthentication, but she was not able to use port 25 nor 587... but I was not phisically there to troubleshoot.

0
Heimir Eidskrem Replied
1/17/2025 at 11:28 AM
So  no problem with Comcast but  with the setup of the client.  
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Messages from Trusted Senders are going to my Junk folderSmarterMail > Troubleshooting
554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
SPF - In Simple TermsSmarterMail > Antispam and Antivirus