Questions tagged [spf]
Sender Policy Framework is a standard by which the owner of a domain uses a specially formed DNS record to advertise which hosts are authorized to send email for the domain.
84
questions
60
votes
2
answers
25k
views
What are SPF records, and how do I configure them?
This is a canonical question about setting up SPF records.
I have an office with many computers that share a single external ip (I'm unsure if the address is static or dynamic). Each computer ...
111
votes
6
answers
67k
views
Fighting Spam - What can I do as an: Email Administrator, Domain Owner, or User?
This is a Canonical Question about Fighting Spam.
Also related:
How to stop people from using my domain to send spam?
What are SPF records, and how do I configure them?
There are so ...
28
votes
4
answers
15k
views
Best Practices for preventing you from looking like a spammer [duplicate]
I'd like to feel more confident setting up mail for my clients with regards to false positives. Here's what I know:
SPF records are good, but not every spam filter service/software (SFSS) uses them.
...
29
votes
2
answers
28k
views
Is the 10-DNS-lookup limit in the SPF spec typically enforced?
My understanding is that the SPF spec specifies an email receiver shouldn't have to do more than 10 DNS lookups in order to gather all the allowed IPs for a sender. So if an SPF record has include:foo....
11
votes
3
answers
5k
views
Failed SPF for email imported to Gmail because of client IP instead of server's in message when sent through SMTP from one local box to another
We have a linux (Debian) VPS with domain (let's say example.com with MX mail.example.com) that has SPF set up. There is dovecot+exim running. There is also Direct Admin on top of that.
When I send a ...
83
votes
6
answers
119k
views
Do SPF Records For Primary Domain apply to subdomains?
I have a quick question regarding SPF records: Do they need to be present for all subdomains?
Lets say that I have a TXT record with SPF info for domain.com
Let's also say that I have a seperate ...
44
votes
7
answers
3k
views
Is it becoming impossible to be a small mail provider?
I operate a small mail server for my private emails, some friends who have websites and two NGOs. In total my server sends between 60 and 400 messages a day. Now a lot of these emails are personal ...
18
votes
1
answer
9k
views
How can I have an SPF record longer than 255 characters?
So, I have been under the impression that individual SPF entries had to fit in 255 chars, or use the include operator to link together multiple entries forming a chain. However, RFC 4408 3.1.3. ...
10
votes
5
answers
18k
views
How do I configure SPF for multiple domains on a server? (also allowing gmail as a sender)
SPF (Sender Policy Framework) seems like a good way to combat spammers/spoofing.
However, despite reading the explanations several times, I'm not quite understanding how to configure it correctly.
...
5
votes
1
answer
5k
views
Postfix as email forwarder to gmail, SPF problems
I'm trying to configure postfix as forwarder to Gmail. I've successfully configured the virtual aliases for the domains I'm hosting and that I want to redirect, but the Gmail Sender Policy Framework (...
3
votes
3
answers
7k
views
CNAME domain to another domain, but keep different SPF records for the two?
SCENARIO:
mydomain.com is the main website, we do send/receive mail using
[email protected]. mydomain.com DNS has got an SPF record "v=spf1 a mx ~all"
mydomain.net is just an alias for mydomain....
38
votes
4
answers
29k
views
Is using SOFTFAIL over FAIL in the SPF record considered best practice?
Or put another way, is using v=spf1 a mx ~all recommended over using v=spf1 a mx -all? The RFC does not appear to make any recommendations. My preference has always been to use FAIL, which causes ...
11
votes
2
answers
47k
views
How do I prevent the SPF_HELO_NONE warning when sending from Postfix?
When using a tool like https://dkimvalidator.com/ to verify configuration of DKIM, SPF, DMARC, etc. for sending mail from a web server, I get a warning like this:
0.0 SPF_HELO_NONE SPF: HELO does not ...
11
votes
1
answer
17k
views
Why is Google rejecting mails forwarded from my Postfix server?
I've set up Postfix and created an alias that maps to a gmail account. When I mail from one of my own (google mail) accounts, it goes through, but if someone from the outside mails me, Google won't ...
8
votes
5
answers
1k
views
SPF - should I implement?
A request has been made by a web developer for our domain DNS records to include SPF TXT records. I found differing opinions on this out there...
Any comments or insights you can offer will be highly ...
6
votes
3
answers
9k
views
SMTP host name vs. domain in "From:" address vis-a-vis Email Deliverability
I'm trying to implement (or make sure that I'm correctly following) email sending best practices to improve deliverability, but the role of the smtp server's host name vs the domain name of the From: ...
6
votes
2
answers
3k
views
What's the benefit of SPF HELO Identity
I'm try to understand the benefit of the HELO Identity defined in RFC7208 (SPF).
There is a mail server, let's say mail.example.com. This server is used as relay for
different domains.
In Section 2.4:
...
5
votes
1
answer
2k
views
NOT receiving DMARC reports from AOL / HOTMAIL / MSN / OUTLOOK / LIVE
My DMARC DNS record looks like this: (domain name is redacted)
_dmarc.domain.com TXT "v=DMARC1; p=none; sp=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; rf=afrf;
pct=100; ri=...
5
votes
2
answers
2k
views
Forwarding to Gmail account via Postfix: SPF record with a hard fail
I run a Postfix server which forwards one address to a gmail address.
# /etc/aliases
localuser: [email protected]
This works since several months. But if a sender has a SPF record with a hard ...
4
votes
1
answer
2k
views
How to prevent emails from my domain through mailing lists to be rejected due to DMARC
I operate my own mail server at speedofsoundgaming.com and mwtd.net. I recently added a DMARC record to my domain to help prevent spam, and once seeing that things seemed to be working, upped the ...
3
votes
3
answers
9k
views
How to set SPF record?
I have configured postfix to use mail.example.com
I have many virtual domains, like:
domain1.com
domain2.com
domain3.com
My question is, how to set the SPF? Do I have to set SPF for each domain or ...
1
vote
1
answer
92
views
Originating (non-critical) emails from a "less-trusted" host
Background
We have a webapp running on webapp.example.com that (amongst other things) sends messages by email from time to time. These messages are non-critical: whilst we would like to make a best ...
1
vote
1
answer
1k
views
Azure DNS does not lookup SPF policies for certain domains
I run my own mail server on an Azure Linux VM with Postfix. Since I was under heavy spam attack I reinforced my mail server security measures.
Without going into the security things, today I noticed ...
1
vote
1
answer
877
views
PermError SPF Too Many Lookups and Reduction
My current SPF record is as follows:
v=spf1 mx include:servers.mcsv.net include:xero.com -all
The above cause the SPF validation to fail.
Using http://mxtoolbox.com/SuperTool.aspx?action=txt, I can ...
0
votes
1
answer
880
views
Email authentication without modifying DNS records
Can someone explain how Mailchimp does email authentication without user having to update SPF or DKIM records?
Quote from Mailchimp:
When you use MailChimp's authentication, campaigns will pass ...
256
votes
3
answers
436k
views
How to include multiple domains in an spf TXT Record
I am looking to setup a TXT spf record that has 2 included domains... individually:
v=spf1 include:_spf.google.com ~all
and
v=spf1 include:otherdomain.com ~all
What is the proper way of combining ...
91
votes
3
answers
112k
views
Multiple TXT fields for same subdomain
I would like to understand if multiple TXT records for the same subdomain are ok or could lead to issues. In particular, we have the requirement for one SPF record and one Google Domain Verification ...
40
votes
6
answers
6k
views
Are SPF records legacy?
I am responsible for a domain which has an SPF record as recommended by various other services that send mail on this domain's behalf.
When setting up Mailchimp, I was surprised to find no ...
26
votes
1
answer
38k
views
Multiple SPF records for multiple domains
We have recently started using Office 365 for our email, which requires us to add a DNS TXT record with the value v=spf1 include:spf.protection.outlook.com -all. We already have an SPF record with the ...
26
votes
3
answers
20k
views
SPF vs. DKIM - The exact use cases and differences
I'm sorry for the vague title. I don't fully understand why SPF and DKIM should be used together.
First: SPF can pass where it should fail if the sender or DNS is "spoofed" and it can fail where it ...
18
votes
3
answers
29k
views
Do changes in SPF records take time to propagate?
I'm setting up SPF records for my domain, and am not getting the results that I expect. It's quite possible I'm making some sort of mistake, but first I'd like to ask: does it take time for the ...
17
votes
2
answers
19k
views
SPF fail vs. soft-fail pros and cons
Question
What are the advantages and disadvantages of using Fail vs. a SoftFail in my SPF record?
What I found on the topic
Back in 2007, knowledgeable-seeming folks seem to have said SoftFail was ...
16
votes
1
answer
23k
views
PermError SPF Permanent Error: Void lookup limit of 2 exceeded
I am trying to setup SPF on a server - mail works fine and validates according to mxtoolbox and other online checks but when I check it using http://www.kitterman.com/spf/validate.html I get an error:
...
16
votes
4
answers
9k
views
Workarounds for maximum DNS-Interactive terms limit exceeded in SPF record?
As a hosting provider, we send email on behalf of our clients, so we help them set up DKIM and SPF email records in their DNS to get email deliverability just right. We've been advising them to use ...
15
votes
3
answers
7k
views
DMARC Alignment: Enforce messages pass BOTH SPF and DKIM
Is there a way to enforce DMARC to fail/reject mail that doesn't pass BOTH DKIM and SPF?
We have been narrowing the number that are failing, but there are some domains in our aggregate (rua) report ...
14
votes
1
answer
43k
views
How to resolve problems with spf / softfail?
I'm having problems with Google rejecting mail because of SPF problems. I thought I had this fixed, but evidently not...
The mail is being sent from a Drupal site running mimemail. A message that ...
12
votes
4
answers
8k
views
Why is my opendmarc failing pretty much everything that comes through?
I have this domain for which I set up SPF, DKIM, and DMARC stuff. Let's pretend the domain is example.com which has the following entries in its DNS zone:
example.com. 600 IN MX ...
11
votes
4
answers
9k
views
Gmail SPF fail based on client IP
Gmail is failing SPF check based on the client IP. These are the relevant headers:
Received-SPF: fail (google.com: domain of [email protected] does not designate 164.77.240.58 as permitted sender) ...
11
votes
2
answers
22k
views
DMARC failed, but SPF pass
If i sent a mail from my website (on a private server) to [email protected], i have this report :
<record>
<row>
<source_ip>x.x.x.x</source_ip>
<count>1&...
8
votes
1
answer
5k
views
Amazon SES e-mails ending in Yahoo & Hotmail Spam folders, even though SPF and SenderID and DKIM are set correctly
This is incredibly frustrating. My Amazon SES e-mails are ending in Yahoo & Hotmail Spam folders, even though my SPF, SenderID, and DKIM are setup correctly. Since this particular site requires ...
8
votes
1
answer
17k
views
DKIM and SPF for a subdomain
I manage a VPS on Linode accessed through subdomain.example.com and I need to send email from this subdomain. I can't set any TXT records in Linode DNS manager because the name servers for example.com ...
7
votes
5
answers
7k
views
Email sent from server with rDNS & SPF being blocked by Hotmail
I have been unable to send email to users on hotmail or other Microsoft email servers for some time. Its been a major headache trying to find out why and how to fix the issue.
The emails being sent ...
7
votes
2
answers
1k
views
How can I create and update the existing SPF record to allow more than 10 entries?
How can I include another SPF record if my existing domain already has 10 lines of SPF records in the TXT record?
I wanted to add these two:
include:mailgun.org
include:sendgrid.net
This is my ...
6
votes
1
answer
1k
views
Should SPF records provided by ISPs contain "all" at the end?
This seems obvious or something I just don't understand.
I want to build SPF records for my clients. Most of the email providers provide an SPF record that I can "include" in mine, but they all ...
6
votes
2
answers
18k
views
SPF softfail for forwarded emails to Gmail account
I've been able to make SPF pass on all the sent emails from my Postfix server. But for forwarded domains which simply redirect email to my gmail id I see softfail in the SPF.
For example if I send ...
6
votes
1
answer
3k
views
Why is SPF being validated against my mail server's IP instead of sender's IP?
I have a mail server "example.com" which forwards all emails with recipient "[email protected]" to "[email protected]". My mail server runs Postfix and it uses the virtual_alias_maps mechanism to perform the ...
5
votes
6
answers
10k
views
Emails going to Junk for Hotmail recipients [duplicate]
We send daily mass emails to our customers (~30,000+ emails per day). We have problems with Hotmail users receiving our emails. Sometimes the email goes to the Junk folder, but often it will got to ...
5
votes
1
answer
7k
views
Allowing a domain to send emails via another domain
I have two servers:
www.website1.com
www.website2.com
I have another server www.website3.com which I want to be allowed to send emails in behalf of the first two websites. How do I do this?
5
votes
2
answers
5k
views
`connect to private/policy-spf: No such file or directory` when receive mail by postfix in centos 7
My system is centos 7 with postfix,dovecot,pypolicyd-spf, opendkim.
I can send mail but cannot receive mail,
I notice warnings as below:
Feb 6 20:01:09 srv-8327 postfix/smtpd[20391]: warning: ...
5
votes
2
answers
17k
views
how to configuration dkim on exchange email server
Mails sent from our internal email server to public servers such as Gmail, Yahoo and all other external organizations are delivering to spam. We currently use exchange server, in order to tackle above ...