Autoreplies and NDRs through Vipre

A substantial number of unaligned mails for some of our domains are reported under Forwarders-Vipre-*.electric.net. These mails have no DKIM signature, and SPF Domain is typically bounceXXX .electric .net.

Examining DMARC failure reports, these mails appear to be autoreplies and NDRs, i.e. mails with no RFC5321.From/envelope-from/return-path headers, so the receiver is using the delivering server’s HELO/EHLO as the SPF Domain which does not align with the RFC5322.From address (user@domain.dk for autoreplies or postmaster@domain.dk for NDRs).

Has anyone else noticed something similar?
How can we improve deliverability of these mails?

Best regards,
Niels

Based on the information provided it appears the sender may be using a Vipre e-mail security product. Does that seem right? If so this may be something to check with Vipre support about.

Vipre aside, I have observed what you mentioned about some auto replies not properly authenticating but I have not looked into what, if anything, can be done about it.

Sorry I’m not much help.

-Eric

Hi Eric,
Thank you for sharing your thoughts on this :slight_smile:
Yes, the senders are using a Vipre e-mail security feature, e.g. encrypting sensitive e-mail.

Trouble is that Vipre does not DKIM sign autoreplies or NDRs, and SPF based on server HELO/EHLO (*.electric.net) does not align with RFC5322 From.

Just a follow-up:
As of 2020-10-01 Vipre has fixed the issue, and mails delivered though the customer’s mail connector are now signed using the sender domain (RFC5322 From).

1 Like