Following on from the previous post, I’m going to attack the technical tests now.
Test protocol
The procedure is quite simple.
I used test accounts in most cases. For some, I had access to a paid account.
I configured SPF and DKIM for a test domain name.
Then I sent an email.
Finally, I looked at the source of the email to get all the metadata.
For each provider, you’ll find an extract of the part we’re interested in.
mailerlite
The company is based in Ireland.
Result:
Received-SPF: pass
(mailertest.superindependant.com: Sender is authorized to use 'bounce-118876959458461106a913310@mailertest.superindependant.com' in 'mfrom' identity (mechanism 'include:_spf.mlsend.com' matched))
receiver=mx3.messagingengine.com;
identity=mailfrom;
envelope-from="bounce-118876959458461106a913310@mailertest.superindependant.com";
helo=mail036.mlsend.com;
client-ip=185.225.161.36
Received: from mail036.mlsend.com (mail036.mlsend.com [185.225.161.36])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by mx3.messagingengine.com (Postfix) with ESMTPS id 3799119603D6
for <mailer.infra@superindependant.com>; Wed, 17 Apr 2024 12:05:10 -0400 (EDT)
DKIM-Signature: a=rsa-sha256; bh=U9qcp6+kPTm2FAk5yDt3jJrvq4ljVtMFIwtS6lzgZ6g=;
c=simple/simple; d=superindependant.com;
h=DKIM-Signature:X-Mailer-Info:Subject:From:To:Date:Message-ID:x-mailer-recipientid:Feedback-ID:List-Unsubscribe-Post:List-Unsubscribe:Precedence:X-Mailru-Msgtype:X-CampaignID:reply-to:MIME-Version:Content-Type;
s=litesrv; t=1713369903; v=1;
b=B5e2Ia0g3A8pNUCxfvoFD8JzcuUql5x9wDPdIRNwokXvE3kGwAfxu8G4P+npcxL/QJ6p2kxM
Yf66CnGE6kOR/DxJ98fh3O8rAQ5EPmfRZpOOouK9NqLapHI5RAl8hmHHmMbxhjWXjGxsA8buZBD
ohpb0m02SGErKRa3bEo91ifc=
The alignment is well respected 👍.
getresponse
The company is based in Poland.
Result:
Received-SPF: pass
(bounce.getresponse-mail.com: 104.160.65.38 is authorized to use 'bounce-168055602@bounce.getresponse-mail.com' in 'mfrom' identity (mechanism 'ip4:104.160.64.0/23' matched))
receiver=mx3.messagingengine.com;
identity=mailfrom;
envelope-from="bounce-168055602@bounce.getresponse-mail.com";
helo=mta-38.gamma.getresponse-mail.com;
client-ip=104.160.65.38
Received: from mta-38.gamma.getresponse-mail.com (mta-38.gamma.getresponse-mail.com [104.160.65.38])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by mx3.messagingengine.com (Postfix) with ESMTPS id 80E48196012B
for <getresponse.infra@superindependant.com>; Wed, 17 Apr 2024 11:41:03 -0400 (EDT)
Content-Type: multipart/alternative; boundary=33d803c81a8435963591b6db82693a50
Date: Wed, 17 Apr 2024 15:41:02 +0000
DKIM-Signature: a=rsa-sha256; b=P8S3wROLLNAK5HYKGKoIa/dE56o12xx2JtFtL62fth3B9R/MSILM3q2l02ClN9IHcco6vr5m+EI+9vkQUbdeJOGiczS8Mr7wq8RUM0YYRfmFdZhVxskO2XZ3iuHUfYekfZq30ENPIUkqEdF+MWfmlKkJgjCPwLYarL2vb3Jdhuo=; bh=l0VL05MiB34I5q4BYQwqEVESAOdnfRf7fZnx3apoQf0=; c=simple/simple; d=superindependant.com; h=Sender:From:From:To:To:CC:Subject:Subject:Message-ID:Message-ID:Form-Sub:Form-Sub:List-Unsubscribe:List-Unsubscribe:List-Unsubscribe-Post:List-Unsubscribe-Post:X-CSA-Complaints:X-CSA-Complaints; s=579c1688; t=1713368462; v=1; x=1713454862;
DKIM-Signature: a=rsa-sha256; b=YxKxHAznYp6OKQk/yEqDITtB9d4qby/ioUYH9BnpL/D/QectbVtzmc+D5eszurL4+Im5i5i5kUZM8XUu9+2ZE/yJYJes5IkiDGhfOKJsM9WTjCehOfoWRFq2FkjjNfyZknU8Sbw2Sz4yIyXfmQctNNUk3GGFMG71NAhtJFDMUjI=; bh=l0VL05MiB34I5q4BYQwqEVESAOdnfRf7fZnx3apoQf0=; c=simple/simple; d=getresponse-mail.com; h=Sender:From:From:To:To:CC:Subject:Subject:Message-ID:Message-ID:Form-Sub:Form-Sub:List-Unsubscribe:List-Unsubscribe:List-Unsubscribe-Post:List-Unsubscribe-Post:X-CSA-Complaints:X-CSA-Complaints; s=k1024e; t=1713368462; v=1; x=1713454862;
The alignment isn’t respected 👎.
mailgun
The company is based in USA.
Result:
Received-SPF: pass
(superindependant.com: Sender is authorized to use 'bounce+c7f3ac.8dac64-test=superindependant.com@superindependant.com' in 'mfrom' identity (mechanism 'include:mailgun.org' matched))
receiver=mx6.messagingengine.com;
identity=mailfrom;
envelope-from="bounce+c7f3ac.8dac64-test=superindependant.com@superindependant.com";
helo=m204-228.eu.mailgun.net;
client-ip=161.38.204.228
Received: from m204-228.eu.mailgun.net (m204-228.eu.mailgun.net [161.38.204.228])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by mx6.messagingengine.com (Postfix) with ESMTPS id 889435C00B8
for <test@superindependant.com>; Fri, 12 Apr 2024 08:03:56 -0400 (EDT)
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=superindependant.com; q=dns/txt; s=mailo; t=1714740990; x=1714748190;
h=Content-Type: MIME-Version: To: To: Reply-To: From: From: Subject: Subject: Date: Message-ID: Sender: Sender;
bh=WgYgOCsg0XsKpUjAHOhaDt/KomTxCxBP0vzLYShOJuQ=;
b=PACVgi9qCeDKVhNFTcboeAHmo1/ANnefbuD0Y98l1IrCi/2Y05a5oH7ogkFckdBh9dzMlxADB6kxGy7GG7IHt0fPOJRriEv3SfMALqPlttjrwX6b4BfNIijMBh6tXIXZ7ltDu1N9hOTyPc1E+rUAz06Wz4VzgXsnS5ogkDKsyYAHPKxgDoaNuiNQOyJRFTr87+fwvMzyB5uDYXQRErak4qPxs960vtJwa9344I5JfnnSXOrPzguVODDk5djZy2yMUXU08mzVgzF5ggLMNBikmjU45vKpeP8DOk5Lh74mwYnnK/IGRJwAU5JfTZWFrDDAADiJgHgLMCP9FO3gMIm9XQ==
The alignment is well respected 👍.
mailjet
The company is based in France, but with the acquisition by Sinch, it’s same company that Mailgun. From a legal point of view, it’s still France, but from an American legal point of view, I’m not sure…
Result:
Received-SPF: pass
(a2685795.bnc3.mailjet.com: Sender is authorized to use '0528c3ae.AUcAAD4PIuYAAchwB0wAAaPl8isAAYCup74An0xtACj7YwBmH80D@a2685795.bnc3.mailjet.com' in 'mfrom' identity (mechanism 'include:spf.mailjet.com' matched))
receiver=mx6.messagingengine.com;
identity=mailfrom;
envelope-from="0528c3ae.AUcAAD4PIuYAAchwB0wAAaPl8isAAYCup74An0xtACj7YwBmH80D@a2685795.bnc3.mailjet.com";
helo=o168.p9.mailjet.com;
client-ip=87.253.234.168
Received: from o168.p9.mailjet.com (o168.p9.mailjet.com [87.253.234.168])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by mx6.messagingengine.com (Postfix) with ESMTPS id E75285C007F
for <test@superindependant.com>; Wed, 17 Apr 2024 09:22:14 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; q=dns/txt;
d=bnc3.mailjet.com; i=test=3Dsuperindependant.com@a2685795.bnc3.mailjet.com; s=mailjet2; x=1713367331;
h=message-id:mime-version:from:from:to:to:subject:subject:date:date:list-id:list-unsubscribe:
list-unsubscribe-post:feedback-id:precedence:x-campaignid:x-csa-complaints:
x-mj-mid:x-mj-smtpguid:x-report-abuse-to:content-type;
bh=f98bp5cBVpbvy79vGJxFdyD3XfB1Qt0phBawMjyZmfg=;
b=fBbE7TX9TrFcw4JzJRcxn8DhfWb0YxEiDj/2ibnr1ZYhcoTzQNYUbRXfb
DdvSoXNzkZi0nkMdPTB4/uRetAmiTAj+rgWgaCC1JajPmHBpxD1hLh+NirfZ
k+faxsJLjNvsXyBI9ENA7XkZ82QxD6TjUlDKFLAwHuCe3CKApVEW14=
The alignment isn’t respected 👎. Which is particularly strange given the result compared to mailgun.
After an exchange with support, this isn’t the case for paid accounts, so I wasn’t able to test. A bit of a shame to have a test period, but not totally functional.
Nevertheless, support understood the technical point, and seemed to have a good knownledge of the subject.
So I’m willing to believe them.
brevo
Formerly known as Sendinblue, the company is based in France.
Result:
Received-SPF: pass
(in.d.sender-sib.com: Sender is authorized to use 'bounces-b55q5-test=superindependant.com@in.d.sender-sib.com' in 'mfrom' identity (mechanism 'include:spf.sendinblue.com' matched))
receiver=mx2.messagingengine.com;
identity=mailfrom;
envelope-from="bounces-b55q5-test=superindependant.com@in.d.sender-sib.com";
helo=in.d.sender-sib.com;
client-ip=77.32.148.66
Received: from in.d.sender-sib.com (in.d.sender-sib.com [77.32.148.66])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by mx2.messagingengine.com (Postfix) with ESMTPS id 5F1636A0433
for <test@superindependant.com>; Mon, 15 Apr 2024 10:02:36 -0400 (EDT)
DKIM-Signature: a=rsa-sha256; bh=hYpXY/BRawyqZfiamDhMgu095l3G61pd5zm+/MsBrjk=;
c=relaxed/relaxed; d=superindependant.com;
h=to:cc:from:reply-to:subject:date:mime-version:content-type:list-id:list-unsubscribe:x-csa-complaints:list-unsubscribe-post:message-id:sender:x-sib-id:x-mailin-client:x-mailin-campaign:feedback-id;
q=dns/txt; s=mail; t=1714750550; v=1;
b=eu+nmGUiSt4dgQhznTXznHfVJnOzaeMIDAcsICb3EvhJieyF3Jd1hBnCnrmQGgrKoAopauxS
79u7MsPtr+Q7VPYzEDL6kkTh4fqSjlswyov+kjX3NSfiOw4o17qvGDIeyAJrveEXQDOfbAfkG8F
KvlLhfUdRypeTHfjWOOS4oxQ=
The alignment isn’t respected 👎.
I also contacted support, and it was the opposite of mailjet. They wanted to prove to me that DKIM was more than enough. In fact, on their site, you have to contact support to find out how to configure SPF. This seems to have been resolved recently.
Nevertheless, this shows a certain amateurishness, and doesn’t inspire confidence at all.
Their documentation is also poor. With their various name changes and takeovers, what you can find on the web is often obsolete. It’s sadly, because there was a setting on one of the products they bought…
After insisting, someone competent told me that they only respected this if you had a dedicated IP with them…