0

We have an on-premise Exchange 2016 server. Mail flow is normal. However, recently we started using a 3rd party email service to send out our newsletters (Klaviyo). When we send out campaigns our Exchange server is rejecting the emails that are being sent to our own domain. This is what I see in our Exchange logs.

{[{LED=550 5.7.1 Send ID (PRA) Not permitted};{MSG=};{FQDN=};{IP=192.xxx.xxx.xxx};{LRT=}]}

I have an SPF record set up, however, Kalviyo uses dynamic IPs and I can't add them to the SPF record. They are sending from send.ourdomain.com. It's possible my SPF record is incorrect.

v=spf1 ip4:xxx.xxx.xxx.xxx ip4:xxx.xxx.xxx.xxx include:servers.mcsv.net -all include:send.ourdomain.com -all

I didn't set up the Exchange server, so I don't know if the issue is with an Exchange setting, or with our SPF record.

Where are all the places I need to look that would be able to create this reject error so I can resolve this issue?

1 Answer 1

4

If your SPF record is indeed the following:

v=spf1 ip4:xxx.xxx.xxx.xxx ip4:xxx.xxx.xxx.xxx include:servers.mcsv.net -all include:send.ourdomain.com -all

Then it is malformed. The -all should only be at the end. You have it in the middle and at the end. If you provide your actual domain name we can look up your SPF record to verify that it's malformed or if that was just a typo in your question.

4
  • Here is the domain name: murphysmagic.com. I hope what you mentioned is the only problem. I won't change it until you can verify the SPF record. Thank you in advance for your help. Commented Sep 21, 2023 at 19:09
  • Your SPF record is definitely malformed. The syntax is incorrect. You need to remove the -all from the middle. - mxtoolbox.com/…
    – joeqwerty
    Commented Sep 21, 2023 at 19:18
  • 1
    Fantastic! I remove the -all from the middle of the SPF record leaving only the -all at the very end. Things seem to be working now!! Thank you for your assistance. That was a very simple fix! Commented Sep 21, 2023 at 19:54
  • Glad to help...
    – joeqwerty
    Commented Sep 21, 2023 at 20:51

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .