In the past we used a home-grown web application for on-line surveys, but it turned out to be too much work to make it do what we wanted.
We thought it would be a better approach to use a commercial service for, and picked Surveymonkey to conduct some on-line surveys.
This service seems to suffer from a serious flaw in its e-mail setup.
TERENA has been publishing SPF records for more than 4 years now.

The Surveymonkey survey tools allow you to configure a FROM address on survey invitations that get sent out by e-mail which - no prizes for guessing- in our case is set to <>.
Unfortunately the resulting e-mail is being sent with that very address as the envelop.
We publish SPF records with the "-all" flag (Allow domain's MXes to send mail for the domain, prohibit all others), so anyone that uses SPF is perfectly entitled to reject that mail.

Surveymonkey seems to be aware of this issue, as can be seen from the (brain-dead) explanation of the problem on their site.

The real fix would be of course to always sent invitation e-mail using a envelope address, and use the customer provider e-mail address as FROM address in the headers.

If you are a Surveymonkey employee and you are reading this, I can summarize this story: you're loosing revenue if you don't fix this.


  • No labels