Systematic SPF alignment issues with Zoho subdomains

Systematic SPF alignment issues with Zoho subdomains

Analysis Period: August 19 - September 1, 2025
PROBLEM SUMMARY

Multiple Zoho services are causing systematic SPF authentication failures in DMARC reports from major email providers (Google, Microsoft, Zoho). While emails are successfully delivered due to DKIM authentication, the persistent SPF failures may negatively impact sender reputation over time.

TECHNICAL EVIDENCE

Affected Zoho Subdomains:
1. user.zohobookings.com - 8+ SPF failures across multiple reports
2. notifications.zohoflow.com - 52+ SPF failures (highest volume)
3. public.zohoforms.com - 3+ SPF failures  
4. desk-mailer.zohodesk.com - 1+ SPF failure

Provider Confirmation:
- Google Gmail: 15+ DMARC reports showing SPF fail for these domains
- Microsoft Outlook: 3+ DMARC reports confirming same issue
- Zoho Mail: 4+ DMARC reports showing identical pattern

Sample DMARC Record:
```xml
<policy_evaluated>
  <disposition>none</disposition>
  <dkim>pass</dkim>
  <spf>fail</spf>
</policy_evaluated>
<auth_results>
  <dkim>
    <domain>XXXX.com</domain>
    <result>pass</result>
  </dkim>
  <spf>
    <domain>notifications.zohoflow.com</domain>
    <result>pass</result>
  </spf>
</auth_results>
```

**Analysis**: SPF passes for the Zoho subdomain but fails for domain alignment because `notifications.zohoflow.com` is not included in our SPF record for `DOMAIN XXX.com`.

## CRITICAL IPv6 ISSUE

IPv6 Range: `2600:1901:101::/48`  
Problem: Complete DKIM + SPF failure (not just alignment)  
Affected IPs: `::9`, `::15`, `::17`  
Impact: 6+ emails with total authentication failure

This represents a more serious configuration issue requiring immediate attention.

## CURRENT SPF RECORD

```
v=spf1 ip4:SERVERIP +a +mx include:_spf.google.com include:one.zoho.com ~all
```

**Issue**: `include:one.zoho.com` does not cover the subdomains listed above, which have independent SPF records that don't align with customer domains.

## ROOT CAUSE ANALYSIS

Architectural Problem: Zoho services use fragmented SPF architecture where:
- Customer includes `one.zoho.com` in SPF record
- Individual services use separate subdomains with independent SPF records
- No inheritance or redirect mechanism from parent to subdomains
- Results in SPF alignment failure for DMARC evaluation

## EMAIL DELIVERY CONFIRMATION

Emails are being successfully delivered. Example from Gmail logs:
- **Source IP**: 135.84.80.23
- **Status**: Successfully delivered to zoho-flow@DOMAIN.com
- **Authentication**: DKIM pass (prevents quarantine despite SPF fail)

## REQUESTED RESOLUTION

### Option 1 (Preferred): Zoho Infrastructure Fix
Update Zoho subdomain SPF records to include proper redirects or ensure `include:one.zoho.com` covers all service subdomains.

### Option 2: Customer Workaround Documentation  
Provide official list of all Zoho subdomains requiring SPF inclusion, with guidance on SPF flattening to avoid DNS lookup limits.

### Option 3: IPv6 Immediate Fix
Resolve complete authentication failures for IPv6 range `2600:1901:101::/48`.

## BUSINESS IMPACT

- Current: Functional email delivery with SPF failure noise in DMARC reports
- Future Risk: Potential sender reputation degradation with major providers
- Scope: Affects all customers using multiple Zoho services with DMARC monitoring

## SUPPORTING EVIDENCE

I have comprehensive DMARC reports from 20+ daily reports over 3 weeks showing consistent pattern across Google, Microsoft, and Zoho infrastructure. Available upon request for detailed technical analysis.

---

**Expected Resolution**: Technical clarification on proper SPF configuration OR infrastructure fix for subdomain alignment  
**Timeline**: Non-urgent but ongoing reputation concern requiring architectural solution
    • Sticky Posts

    • How to Add Users to your Organization in ZohoMail?

      A better clarity so you can create other users to start using Zoho Mail. You can directly Add Users from the Control Panel to your Organization. You can invite users with the existing email address. If the person (user) already uses ZohoCRM, then you can import users from Zoho CRM. You can also import them using a .csv file. (if you are planning to add them in Bulk)  In this topic, We will be discussing on how to Add and Invite users only.  The Import options are self explanatory. ____________________________________________________________________________________________________________
    • Recent Topics

    • Bug in Total Hour Calculation in Regularization for past dates

      There is a bug in Zoho People Regularization For example today is the date is 10 if I choose a previous Date like 9 and add the Check in and Check out time The total hours aren't calculated properly, in the example the check in time is 10:40 AM check
    • Cliq iOS can't see shared screen

      Hello, I had this morning a video call with a colleague. She is using Cliq Desktop MacOS and wanted to share her screen with me. I'm on iPad. I noticed, while she shared her screen, I could only see her video, but not the shared screen... Does Cliq iOS is able to display shared screen, or is it somewhere else to be found ? Regards
    • UPS Label size when generated via Zoho

      We've integrated UPS with Zoho inventory. When creating and downloading the shipping labels they are created in a larger paper size. I'd like them to be generated to print on a 4x6 printer. Zoho have told me I need to do this within our UPS portal. UPS
    • Canvas View in Zoho Recruit

      Is it possible or would it be possible to have the new 'Canvas View' in Zoho Recruit?
    • Narrative 12: Sandbox - Testing without the risk

      Behind the scenes of a successful ticketing system: BTS Series Narrative 12: Sandbox - Testing without the risk What is a sandbox environment? A sandbox environment is a virtual playground that allows you to test freely and experiment with various elements
    • Dynamically catching new file creations

      I have a team folder with many subfolders, and in those folders we add new documents all the time. I'd like to have a workflow or script to notify me (and then take other actions) when a file is added anywhere in that structure that ends in "summary.txt".
    • Announcing new features in Trident for Mac (1.27.0)

      Hello everyone! Trident for macOS (v1.27.0) is here with new features and enhancements to improve scheduling and managing your calendar events. Let's take a quick look at them. Stay aligned across time zones. Both the scheduled and original time zones
    • Branding of native system emails

      Make system emails adjustable in terms of branding. We want our system to be completely white label, because it is not a CRM anymore, it's way more than that. We are following the strategy of "CRM for everyone" to use the CRM in all departments, not only
    • Slow uploads of large files

      I'm wanting to use Workdrive for transferring large images and video (we're talking things from 100MB-5GB). I'm running solo on a 500MBit/sec fiber connection. I'm getting upload speeds to Workdrive of no more than about 1-3Mbytes/sec when going through
    • Notes of Tasks in Zoho CRM

      Hello, Is there a way to filter the Notes that appear on a Task to only show the notes related to that specific Task and not display all the Notes of the objects related to that Task (Accounts, Contacts, Deal, etc). In essence, our team struggles to understand
    • Migrate Your Notes from OneNote to Zoho Notebook Today

      Greetings Notebook Users, We’re excited to introduce a powerful new feature that lets you migrate your notes from Microsoft OneNote to Zoho Notebook—making your transition faster and more seamless than ever. ✨ What’s New One-click migration: Easily import
    • need to upload from airtable to google drive

      I have a zapier zap that automates between airtable and google drive. When a customer uploads a new file into airtable via a client portal interface, zapier uploads that file into a folder linked to that customer's project record. I need to replicate
    • Can't delete functions that are associated with deleted workflow rules

      We have a handful of functions that were once associated with a workflow rule, but the rule has been deleted. The function still thinks it is associated so I can't assign it to a new rule. It is starting to get really messy because we have a list of functions
    • Default Sorting on Related Lists

      Is it possible to set the default sorting options on the related lists. For example on the Contact Details view I have related lists for activities, emails, products cases, notes etc... currently: Activities 'created date' newest first Emails - 'created
    • Custom Modules - Where are Comments??

      In the standard ticket module and in the tasks module, we have an interactive comment box that we can post important details/notes and can tag others if needed. Where is this functionality for Custom Modules? Ideally, custom modules would have very similar,
    • Credit Management: #1 Credit You Owe vs Credits Owed to the Business

      Think about the last time you ordered food online. You might have paid in advance through your card, but you received a $20 refund because your order got delayed or cancelled. In most apps, refunds don't go into the bank account directly; instead, they're
    • Tip #46- Turn Every Session into an Insight with Zoho Assist survey report- 'Insider Insights'

      Delivering exceptional remote support isn’t just about resolving issues, it’s about understanding how both customers and technicians experience each session. That’s where Survey Report in Zoho Assist come in. You can configure and customize survey questions
    • Enhancing Zia's service with better contextual responses and article generation

      Hello everyone, We are enhancing Zia's Generative AI service to make your support experience smarter. Here's how: Increased accuracy with Qwen One of the key challenges in AI is delivering responses that are both contextually accurate and empathetic while
    • Allow the usage of Multi-Select fields as the primary field on "Layout Rules"

      We want to force our users to enter some explanation strings when a multi-select field has been utilized. I can't understand the reason for the usage restriction of Multi-Select fields as a primary field. This is a simple "Display hidden mandatory field
    • CRM/Bookings integration edits Contact names

      Hi there, I've installed the extension that connects Zoho CRM and Zoho Bookings. When we get a new appointment from Bookings from an existing Contact, that Contact's record shows this: First Name was updated from asd to blank value Last Name was updated
    • Domain Change

      “Please update my Email-in domain from @biginmail.biginmail.in to @biginmail.zoho.com. Messages to the .in domain are bouncing.”
    • Webhooks Limit Exceeded

      Today, I received an error message saying, 'Total number of Webhook call exceeded', but when I look at Manage > Billing, it doesn't look like any of my invokeURL calls are being logged. Following the advice from this thread: https://help.zoho.com/portal/en/community/topic/webhooks-daily-limits-in-zoho-creator
    • why cant i access my email account. it keeps asking me for reverifiying my account by entering my password.

      I cant access my account. it keeps asking me for reverifcaton by entering my password. once its entered it asks for it over and over.
    • Option to block bookings from specific email address or ip adresss in zoho booking

      Sometime few of our client keep booking irrelevant booking service just to resolve their queries and they keep booking it again and again whenever they have queries. Currently its disturbing our current communication process and hierarchy which we have
    • Auto select option in CRM after Zoho Form merge

      Hi, I have a dropdown field in Zoho CRM that is filled with a Zoho Form. The data is filled but not automatically shown. After selecting the right value in the dropdown the information a second field is shown. So the question is; how can I make the dropdown
    • Option to Customize Career Site URL Without “/jobs/Careers”

      Dear Zoho Recruit Team, I hope you are doing well. We would like to request an enhancement to the Career Site URL structure in Zoho Recruit. In the old version of the career site, our URL was simply: 👉 https://jobs.domain.com However, after moving to
    • スマホでキャンペンメールを見ると正しく表示されない

      キャンペーンのメール(HTML)を作成しましたが、スマホ表示に切り替えると正しく表示されません(添付参照)過去に作成したキャンペーンでは特に意識してませんでしたが、問題なく表示されていたようです。うまく表示される場合とされない場合の違いは何でしょうか?
    • Bring your CRM data straight into your presentations in Zoho Show

      Let's say you are working on a presentation about your team's sales pipeline for an upcoming strategy meeting. All the information you need about clients and leads is in Zoho CRM, but you end up copying details from the CRM into your slides, adjusting
    • Improved RingCentral Integration

      We’d like to request an enhancement to the current RingCentral integration with Zoho. RingCentral now automatically generates call transcripts and AI-based call summaries (AI Notes) for each call, which are extremely helpful for support and sales teams.
    • Introducing New APIs in Zoho Contracts

      We are excited to announce the release of new APIs in Zoho Contracts to help you automate and manage every stage of your contract lifecycle more efficiently. Here’s a quick overview of what’s new: 1. Complete Contract Draft You can use this API to complete
    • Vimeo

      For me Vimeo is the most important video social channel for media and filmmakers. Would others agree and like it added to Zoho Social.
    • Delete a department or category

      How do I delete a Department? Also, how do I delete a Category? This is pretty basic stuff here and it's impossible to find.
    • Organization Emails in Email History

      How can I make received Org Emails to show up here?
    • Create custom rollup summary fields in Zoho CRM

      Hello everyone, In Zoho CRM, rollup summary fields have been essential tools for summarizing data across related records and enabling users to gain quick insights without having to jump across modules. Previously, only predefined summary functions were
    • Editing the Ticket Properties column

      This is going to sound like a dumb question, but I cannot figure out how to configure/edit the sections (and their fields) in this column: For example, we have a custom "Resolution" field, which parked itself in the "Ticket Information" section of this
    • Deleting Fields in CRM Deletes Views in Analytics

      Hey friends! I'm having some issues when we modify some fields within ZohoCRM. There are times where we need to sunset a field and eventually completely remove it. In these instances, it seems like a lot of views are removed in Analytics. This ranges
    • Zoho Analytics Automatically Deletes Queries and Reports When a Synced CRM Field Is Removed

      We’ve encountered a serious and recurring issue that poses a massive data integrity risk for any Zoho Analytics customer using Zoho CRM integration. When a field is deleted in Zoho CRM — even an unused one — Zoho Analytics automatically deletes every
    • How to setup pricing in Zoho

      Hi everyone, I am relatively new here and have just moved from my old inventory system to the Zoho one. I am trying to get my head around how it all works. I am mostly setup connected to a shopify store, but I do manual sales also For manual invoicing,
    • Introducing the revamped What's New page

      Hello everyone! We're happy to announce that Zoho Campaigns' What's New page has undergone a complete revamp. We've bid the old page adieu after a long time and have introduced a new, sleeker-looking page. Without further ado, let's dive into the main
    • Prefilled Date fields auto-changed and then locked when using “Edit as new”

      If a document out for signature has date fields (not SignedDate fields) that were pre-filled before sending, and then you use “Edit as new” to create a new version of the same document, the value of those date fields gets automatically changed to today
    • Next Page