Scoutbook IP has not been added as permitted sender from scouting.org

original topic : Scoutbook emails fail SPF/DKIM

this remains broken as of Feb 15 2023:

image972×482 86.9 KB

This is likely why 1) GMail marks scoutbook messages as suspicious, 2) many email providers mark scoutbook emails as spam (per your post below).

Scouting_Forums1122×445 98.3 KB

If you do not fix this properly, email providers will add you to their blacklist again. It’s an automated thing.

Please listen to me. I oversaw email deliverability for a web property that sent millions of emails a day. I am not making this up. If you “report to BSA IT”, please CC me this time so I can help them with their DNS settings.

Specifically, you need:
1. add the IP address of your email service to your domain’s SPF record (scouting.org); If your email service has not given you a dedicated IP address, you should upgrade to a plan that gives you one. Cost is usually $50-80/month.
2. make sure that IP address is added for all of the domains you’re sending email from, eg scouting.org, but maybe there’s more.

specifically, your SPF record for scouting.org is v=spf1 ip4:209.246.150.0/24 include:spf.protection.outlook.com include:spf.constantcontact.com include:cust-spf.exacttarget.com include:zcsend.net include:_spf.stgi.net ip4:204.28.10.0/23 ip4:69.174.82.0/23 ip4:50.97.178.240 ~all

but you’re sending email from 209.85.220.41, which is not within one of the CIDR blocks you list there.

That’s why, if you inspect raw email content that a recipient gets, you’ll see a header as follows:

Received-SPF: softfail (google.com: domain of transitioning scoutbook.donotreply@scouting.org does not designate 209.85.220.41 as permitted sender) client-ip=209.85.220.41;

BTW, you should also review those other CIDR blocks. In aggregate, they allow > 1000 IPs to send email on behalf of scouting.org; that is likely to be far more than you need. Even if you control those entire blocks, it’s a security risk.

I hope they listen. It sounds like you know what you are talking about!

BSA IT is aware of the cause of the blacklisting and is working to fix it. It is not related to the situation described in the above post.

I took a survey of our parents and found that Comcast, MSN, and Outlook were all blocking. Protonmail marks it as spam for me (my own email), but still lets it through to my inbox.

Thanks Ed - can you please provide the root cause analysis of the email deliverability problem? If it’s not the SPF misconfiguration, perhaps I can help with some other issue.

Our pack is resorting to the people who do receive emails forwarding them around to others. But this is an imprecise and tedious solution.

I had a scout not show up to an required advancement activity yesterday, despite scheduled emails in Scoutbook. Their parents are normally very proactive as to communicating with me if they’re going to be absent - but I heard nothing in this case. Now I have a scout who’s not going to receive their advancement when everyone else does at the next Pack meeting and it’s likely through no fault of their own.

So I’m pretty frustrated with a lack of responsiveness to a clear error, that in my professional judgment is resulting in a failure of Scoutbook’s primary functionality.

I have provided all the information I can.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.