0

I'm helping out a not for profit whose site is hosted on Bluehost. Their primary broadcast email is getting mail delivery failures to Gmail address of the type SMTP error from remote mail server after end of data:550 .... sender rejected AUP#DNS Other emails on the same domain deliver OK to Gmail but get SPF softfails from Gmail due to cloudfilter.net, which I assume is a relay service used by Bluehost (and possibly other hosts) .

The softfails mention:

omta34.uswest2.a.cloudfilter.net. [35.89.44.33]
omta40.uswest2.a.cloudfilter.net. [35.89.44.39]

The bounces mention:

eig-west.smtp.a.cloudfilter.net [34.217.196.71]
eig-east.smtp.a.cloudfilter.net [18.215.58.191]

Can I create a single SPF include that covers the variants like the above?

DKIM and DMARC seem OK, is there anything else I need to check for the bounce errors? Thanks.

2 Answers 2

1

It is hard to find any official documentation for SPF with cloudfilter.net, but their own SPF record suggests it would be a Cloudmark solution, and the site has a support contact form.

That said, their own SPF record doesn't contain the IP addresses listed in this question. The closest hit on Google is this Reddit discussion that suggests include:eig.spf.a.cloudfilter.net. However, that only seems to cover the *.uswest2.a.cloudfilter.net from the 35.89.44.32/29, but not the eig-west and eig-east regions:

$ dig +short eig.spf.a.cloudfilter.net TXT
"v=spf1 ip4:35.89.44.32/29 ip4:44.202.169.32/29 ~all"

Luckily, those seem to have a limited set of IP addresses:

$ dig +short eig-west.smtp.a.cloudfilter.net
34.223.136.48
34.217.196.71
$ dig +short eig-east.smtp.a.cloudfilter.net
18.215.58.191
3.228.35.199

With the information available, you could add those and see whether you still get failures, but it would still be best to ask your provider for comprehensive instructions.

IN TXT "v=spf1 +ip4:34.223.136.48 +ip4:34.217.196.71 +ip4:18.215.58.191 +ip4:3.228.35.199 include:eig.spf.a.cloudfilter.net ~all"

2
  • Thanks Esa. Yes easydmarc.com SPF record check said cloudfilter.net has 3 nested lookups to _spf.cloudmark.com but I'm straining my brain with this stuff. I think what you're suggesting would be a good test as it seems to have reasonably broad coverage. If that doesn't work I'll go back to the provider and see if they have a catchall. But its good to know how to assemble SPF strings.
    – Rusty99
    Commented Apr 28 at 11:48
  • 1
    I was chatting to Bluehost support and they said v=spf1 a mx include:websitewelcome.com ~all is their recommended SPF string that covers the outgoing cloudfilter.net relay servers, though there are a lot of lookups in that.
    – Rusty99
    Commented May 2 at 7:31
0

The official Bluehost SPF TXT string is:

v=spf1 a mx include:websitewelcome.com ~all

That I gather covers all their outgoing cloudfilter.net relay servers, though there are a lot of lookups in that.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .