Questions tagged [spf]
Sender Policy Framework is a standard by which the owner of a domain uses a specially formed DNS record to advertise which hosts are authorized to send email for the domain.
898
questions
0
votes
0
answers
21
views
Should smtp_helo_name always be the same as your MX record?
I can't seem to satisfy HELO checks on SPF records in all cases. I have an SPF record for my domain like this:
"v=spf1 mx -all"
The MX records in the zone are:
mx0.mydomain.org.uk. ...
0
votes
2
answers
55
views
How to put a No-ip dns in SPF
I want to whitelist my No-Ip DNS on my SPF record because sometimes it gets targeted as spam because is not listed in permitted senders.
Reading the No-Ip FAQ, it says that I have only to put include:...
1
vote
1
answer
117
views
Understanding DMARC report - DKIM pass on SPF fail
I am looking for some help understanding a DMARC report for my email server. The xml content looks like the following:
<?xml version="1.0" encoding="UTF-8" ?>
<feedback>...
0
votes
2
answers
242
views
SPF include for cloudfilter.net relay server
I'm helping out a not for profit whose site is hosted on Bluehost. Their primary broadcast email is getting mail delivery failures to Gmail address of the type SMTP error from remote mail server after ...
0
votes
1
answer
101
views
SPF record is set, but mail testers are giving me high severity risk
I'm using sendmail and I have the following SPF record:
"v=spf1 a mx a:hostinger.com ip4:ip_here -all"
And it gives me this description:
domain.com. 14400 IN TXT v=spf1 a mx a:hostinger.com ...
0
votes
0
answers
70
views
What are these DMARC failures about?
I've been toying with dmarc off and on for the last couple of months. Currently I have no policy set. I am using URIReports for report collection and analysis. Most of the results are good. We use ...
-1
votes
1
answer
122
views
SPF Record - Over 10 lookups should include website hosting in SPF
SPF says over limit 11 lookups, 4 lookups are nested in website include hosting and 4 in google (gmail gsuite), 1 mailerlite newsletter, 1 +a, 1 +mx, 0 +ip4.
Absolute must keep: google (gmail gsuite) ...
0
votes
0
answers
72
views
DMARC, SPF and DNS wildcards
My domain configuration has one domain and three subdomains, one of which is identical to the mail server's hostname:
example.com
sales.example.com
internal.example.com
mail.example.com
I initially ...
-2
votes
1
answer
59
views
Set up SPF: Facing an error for MX and TXT record
Our DNS is managed through Microsoft. I need to set up a new record to allow a new website to send email. Here is what I did.
Kindly assist. I face the same issue with the TXT record as well.
3
votes
1
answer
533
views
How to get SPF alignment to pass DMARC for a subdomain?
I have the following DNS configuration:
$ dig +noall +answer -t txt example.com
example.com. 626 IN TXT "v=spf1 +a +mx include:sendgrid.net include:_spf.google.com -all"
$ dig +noall +...
0
votes
0
answers
176
views
This relay isn't allowed to send mail "From" gmail.com
I'm on GoDaddy and since about January 2024, I've been getting this message from various gmail and yahoo accounts: ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after end ...
0
votes
1
answer
169
views
SPF failing even though source IP is in the SPF record
I've seen (and think I understand) when DMARC checks fail on SPF because, e.g. the email has been forwarded and such like. But I don't think this is the case here. All checks on sites like MXtoolbox ...
0
votes
1
answer
184
views
Adding SPF records when using both Google Workspace and SendGrid
I previously didn't have any SPF set up on my domain. I use Google Workspace. I now use the SendGrid API.
This is what I set as the SPF record
v=spf1 include:_spf.google.com include:_mailcust.gandi....
-1
votes
1
answer
88
views
Phishing email but with SPF, DKIM and DMARC in "PASS" status
I received an email from a company that looked fine. Gmail deemed it ok. I checked the domain and the various DMARC, DKIM and SPF headers: they are all in "PASS" status. The sender's IP also ...
0
votes
1
answer
554
views
SPF spf.protection.outlook.com is invalid for messages within tenant
When sending mails through our Exchange 365 service those mails get through successfully, but if we look at the mail headers we see that where the sender and recipient are in our tenant the mail's ...
1
vote
1
answer
1k
views
Is it a good idea to add `calendar-server.bounces.google.com` to my SPF record?
I'm trying to maximize my company's email deliverability and DMARC reports tell me we are failing DMARC SPF alignment with calendar-server.bounces.google.com which I suspect is the email server ...
0
votes
1
answer
147
views
Combining 2 Hosts for TXT SPF Records
Related to that question from @Jaeho Lee, Someone figured out a solution for the Host issue when you combined the two spf records? I am having the same issue; if so, can someone please advise?
I have ...
0
votes
1
answer
198
views
Combining 2 SPF records with 2 different host names
I have 2 spf records I need to combine.
1st spf record is:
Host: front-mail Value: v=spf1 include:sendgrid.net ~all
2nd spf record is:
Host: @ Value: v = spf1 include:zoho.jp ~all
I've tried to ...
0
votes
1
answer
267
views
SPF records pass in Gmail sends but show failure in Postmaster
I'm using Sparkpost as the ESP to warm up a secondary domain. We've used this Sparkpost IP for our primary domain for a few months without a problem. I've been tracking the deliverability of the ...
0
votes
1
answer
221
views
Why do I need to add third party senders to my domain's SPF record?
It's my understanding that SPF works on the envelope sender/return-path/RFC5321.MailFrom domain. We use a third party email service called Campaign Monitor and their domain has the required SPF record....
0
votes
2
answers
239
views
postfix + spamassassin check SPF from the email headers
I have postfix + spamassassin.
Spamassassin suppose to check the SPF of the sender, but I received following spam:
[email protected] = this is the email on my postfix
Return-Path: <leonah@betterway....
0
votes
2
answers
130
views
Postfix spuriously checks SPF policy for authenticated, submitting mail clients
I am running Postfix 3.8.1 on Ubuntu 23.10. Postfix serves port 25 for incoming mail from other MTAs and port 587 for authenticated MUAs.
Postfix is supposed to check SPF for mails from other MTAs on ...
3
votes
1
answer
1k
views
SPF record in DNS sending via Gmail
I have an old domain that I want to re-purposes for a new website which will send emails. I'm using Asp.Net Core, if that makes a difference (I do not think it does). I've written several apps that ...
0
votes
2
answers
122
views
Should we add SPF records of popular email providers?
DMARC is reporting that a small fraction of our emails originate from google, microsoft, and some other providers.
DMARC is also reporting that a good chunk of those emails fail both SPF and DKIM, and ...
0
votes
0
answers
176
views
DMARC and Postfix delivery reports
I successfully set up DMARC, DKIM and SPF for my mailserver's domain, but delivery reports created by Postfix fail the DKIM/SPF tests.
The headers of regular messages (sent via my mailserver) look ...
3
votes
1
answer
536
views
SPF failure when sending to Google despite server being authenticated
I have encountered this issue several times recently and I've been struggling to confirm the source of the problem.
Most recently, I saw this on a domain that uses Kerio for email. We'll call their ...
0
votes
0
answers
463
views
Howto Whitelist incoming mails Docker-Mailserver (=Postfix)
I recently set up the Docker-Mailserver for our company (v. 12.1.0). It's working well so far, except for one thing: We receive automated emails from a customer's Redmine system. These emails are not ...
0
votes
2
answers
150
views
A Non-MX mail server + Google Workspace, is this viable?
I have a domain (example.com) configured for sending and receiving mail using Google Workspace. I need to launch additionally a separate (own) mail server. Switching completely to the new server is ...
0
votes
1
answer
947
views
Should HELO, MAILFROM and From use the same domain?
I configured a mail server a couple of times before and I believe back then I thought
that the answer is "yes."
But I'm about to configure another one, and it seems that I was wrong. Let's ...
0
votes
1
answer
211
views
Exchange 2016 returning 550 5.7.1 when sending to our domain using 3rd party email sender sending on behalf of our domain
We have an on-premise Exchange 2016 server. Mail flow is normal. However, recently we started using a 3rd party email service to send out our newsletters (Klaviyo). When we send out campaigns our ...
0
votes
1
answer
127
views
SPF record for multiple mail origins
How do I craft a SPF record for mail.example.com when mail for the domain is sent from two locations:
The mail server located at public IP address 198.51.100.111 aka
mail.example.com.
The web server ...
1
vote
2
answers
420
views
Email message headers pass SPF check after failing earlier SPF checks. Will this result in spam?
I have an issue where email is being marked as spam by Gmail/Google Apps systems.
When reading the mail headers, the most recent SPF check in the mail chain passes, but earlier checks fail. That is, ...
0
votes
0
answers
82
views
Change mail from header in sendmail
We have two separate RTs (request trackers) configured on one server. They both are configured to send the emails through sendmail.
We are trying to configure now SPF and DMARC records for these DNS ...
0
votes
2
answers
582
views
Spammers slipping through SPF
One of the subscribers on the mailhost I run has been receiving scads of spam mail "from himself." With SPF set up and validated on the domain (wickenburg.us) this should not be happening. ...
0
votes
1
answer
1k
views
Postfix - can't send emails to gmail addresses via terminal
I have the following errors when trying to send emails to gmail addresses via my terminal:
sudo tail /var/log/mail.log
Jul 19 13:19:44 ubuntu-4gb-fsn1-1 postfix/cleanup[5780]: B4B8C5F4A3: message-id=&...
0
votes
1
answer
1k
views
Gmail adds multiple SPF records
When I connected my domain to gmail, it added two records to my DNS:
TXT
@
v=spf1 include:dc-aa8e722993._spfm.mydomainhere.com ~all
TXT
dc-aa8e722993._spfm
v=spf1 include:_spf.google.com ~all
But ...
0
votes
1
answer
167
views
Mail server running on a subdomain - how could email acceptance by other servers be influenced by dns records for different ips?
I started to run a self-hosted mail server which I want to be reachable via a subdomain only. I have an A record for mail.sub.domain.tld and an MX record for sub.domain.tld /edit: which points to mail....
0
votes
2
answers
2k
views
How to setup DMARC for both AWS SES and Office 365
I'm trying to get DMARC working for the emails I send via Office 365 as well as Amazon SES. It's working for Office 365 because I setup the SPF and DKIM records in my DNS but it's failing for the ...
0
votes
2
answers
356
views
Changing SPF record from ~all to -all where employee inboxes are with Google and Amazon SES is used for website transactional emails
I'm interested in moving from ~all to -all in my SPF record in order to lock down my domain emails a bit more, but I want to know what the impacts might be (I do understand at ~ is SOFTFAIL and - is ...
0
votes
1
answer
681
views
SPF records. Allow HELO/EHLO but not sending emails
I have a mail server, let's say mail.example.com
The PTR records connect mail.example.com with my server's ips (ipv4,v6).
The HELO/EHLO response is mail.example.com
Now I want to send letters like ...
1
vote
1
answer
557
views
Is it still possible to use a catch-all email forwarder to gmail, and how?
Since ever, I've been using a catch-all email forwarder at a domain I hold, *@mydomain.net, and sending the email to my personal gmail account, [email protected]. I've just been ousted from my domain ...
0
votes
2
answers
536
views
Gmail reports SPF issues with emails sent from Thunderbird via postfix
This question is similar to the following question in the Mozilla forum. However, the answer given there to this question doesn't address the issue that I am seeing.
Question in Mozilla forum: https://...
0
votes
1
answer
261
views
Mail being rejected despite SPF record specifying envelope IP address
I have a mail server with a bridged DSL modem connection; the domain's SPF record looks like this:
"v=spf1 +mx +aa.bb.cc.dd -all"
where the aa.bb.cc.dd is the IP address for my end of the ...
0
votes
2
answers
2k
views
SMTP Relay - Keep sender SPF valid
We use a email setup (incoming mails) in the following order:
Internet -> on premises mailserver (=> attachment filter, antivirus, spam filter) -> forward to Microsoft 365 Exchange Online ...
1
vote
2
answers
3k
views
Why does DMARC fail for forwarded emails from this particular domain when it passes for all other domains?
I run a virtual mail server that forwards emails to my domain to a Gmail address, and I use PostSRSd to rewrite the addresses. For example, if someone sends an email to [email protected], my mail ...
0
votes
1
answer
425
views
Hotmail does not flag or remove phishing messages from email addresses on a domain with SPF enabled [closed]
The email address of the sender of our newsletter is used for phishing purposes. We do have a valid SPF record (ends with -all) and dmarc on our domain (confirmed by mxtoolbox.com : every checks are ...
5
votes
2
answers
1k
views
Does adding another TXT record affect SPF authentication?
I am using multiple mail services for my domain sliver.proteuslake.asia, such as Mailjet, Google, and Atlassian. I have already added three TXT records for my domain:
"v=spf1 include:spf.mailjet....
0
votes
1
answer
439
views
Confused About Why SPF Needs My Email Apps Domain
FYI:
we have a custom domain and we pay for Google Workspace to use that domain for our email/gmail.
i have SPF, DKIM, & DMARC all setup, and a Google tek support person verified it was correct ...
0
votes
1
answer
206
views
Mail proxy with SPF and DMARC without changing FROM headers
Here is my situation.
We have internal network, with lots of 2nd level subdomains - foo.internal.domain.ltd as example.
Those subdomains may or may not have public DNS records with Class A IPs.
Then, ...
0
votes
1
answer
476
views
SPF-record for domain vs. sub-domain
For historical reasons my e-mail address uses a subdomain: [email protected].
My sending (and receiving) servers are completely different from those of the top-level example.com itself. Recently, the ...