Date: Fri, 29 Mar 2024 12:33:27 +0000 (UTC) Message-ID: <206408991.6150.1711715607551@fra-prod-wiki01.geant.org> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6149_1450146486.1711715607549" ------=_Part_6149_1450146486.1711715607549 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
In the past we used a home-grown web application for on-line sur=
veys, but it turned out to be too much work to make it do what we wanted.
We thought it would be a better approach to use a commercial service for, =
and picked Surveymonkey to conduct some on-line surveys.
This service seems to suffer from a serious flaw in its e-mail setup.
TERENA has been publishing SPF records=
a> for more than 4 years now.
The Surveymonkey survey tools allow you to configure a FROM address on s=
urvey invitations that get sent out by e-mail which - no prizes for guessin=
g- in our case is set to <survey@terena.org>.
Unfortunately the resulting e-mail is being sent with that very address as=
the envelop.
We publish SPF records with the "-all" flag (Allow doma=
in's MXes to send mail for the domain, prohibit all others), so anyone =
that uses SPF is perfectly entitled to reject that mail.
Surveymonkey seems to be aware of this issue, as can be seen from the (b= rain-dead) explanation o= f the problem on their site.
The real fix would be of course to always sent invitati= on e-mail using a surveymonkey.com envelope address, and use the customer p= rovider e-mail address as FROM address in the headers.
If you are a Surveymonkey employee and you are reading this, I can summa= rize this story: you're loosing revenue if you don't fix this.