Skip to main content

Questions tagged [spf]

Sender Policy Framework is a standard by which the owner of a domain uses a specially formed DNS record to advertise which hosts are authorized to send email for the domain.

Filter by
Sorted by
Tagged with
60 votes
2 answers
25k views

What are SPF records, and how do I configure them?

This is a canonical question about setting up SPF records. I have an office with many computers that share a single external ip (I'm unsure if the address is static or dynamic). Each computer ...
vulgarbulgar's user avatar
111 votes
6 answers
67k views

Fighting Spam - What can I do as an: Email Administrator, Domain Owner, or User?

This is a Canonical Question about Fighting Spam. Also related: How to stop people from using my domain to send spam? What are SPF records, and how do I configure them? There are so ...
Chris S's user avatar
  • 78.2k
28 votes
4 answers
15k views

Best Practices for preventing you from looking like a spammer [duplicate]

I'd like to feel more confident setting up mail for my clients with regards to false positives. Here's what I know: SPF records are good, but not every spam filter service/software (SFSS) uses them. ...
gravyface's user avatar
  • 14k
29 votes
2 answers
28k views

Is the 10-DNS-lookup limit in the SPF spec typically enforced?

My understanding is that the SPF spec specifies an email receiver shouldn't have to do more than 10 DNS lookups in order to gather all the allowed IPs for a sender. So if an SPF record has include:foo....
John Bachir's user avatar
  • 2,374
11 votes
3 answers
5k views

Failed SPF for email imported to Gmail because of client IP instead of server's in message when sent through SMTP from one local box to another

We have a linux (Debian) VPS with domain (let's say example.com with MX mail.example.com) that has SPF set up. There is dovecot+exim running. There is also Direct Admin on top of that. When I send a ...
Zbyszek's user avatar
  • 175
83 votes
6 answers
119k views

Do SPF Records For Primary Domain apply to subdomains?

I have a quick question regarding SPF records: Do they need to be present for all subdomains? Lets say that I have a TXT record with SPF info for domain.com Let's also say that I have a seperate ...
Mike B's user avatar
  • 12.1k
44 votes
7 answers
3k views

Is it becoming impossible to be a small mail provider?

I operate a small mail server for my private emails, some friends who have websites and two NGOs. In total my server sends between 60 and 400 messages a day. Now a lot of these emails are personal ...
Stefan Seidel's user avatar
18 votes
1 answer
9k views

How can I have an SPF record longer than 255 characters?

So, I have been under the impression that individual SPF entries had to fit in 255 chars, or use the include operator to link together multiple entries forming a chain. However, RFC 4408 3.1.3. ...
gnkdl_gansklgna's user avatar
10 votes
5 answers
18k views

How do I configure SPF for multiple domains on a server? (also allowing gmail as a sender)

SPF (Sender Policy Framework) seems like a good way to combat spammers/spoofing. However, despite reading the explanations several times, I'm not quite understanding how to configure it correctly. ...
Peter Boughton's user avatar
5 votes
1 answer
5k views

Postfix as email forwarder to gmail, SPF problems

I'm trying to configure postfix as forwarder to Gmail. I've successfully configured the virtual aliases for the domains I'm hosting and that I want to redirect, but the Gmail Sender Policy Framework (...
Laurent's user avatar
  • 283
3 votes
3 answers
7k views

CNAME domain to another domain, but keep different SPF records for the two?

SCENARIO: mydomain.com is the main website, we do send/receive mail using [email protected]. mydomain.com DNS has got an SPF record "v=spf1 a mx ~all" mydomain.net is just an alias for mydomain....
Marco Demaio's user avatar
38 votes
4 answers
29k views

Is using SOFTFAIL over FAIL in the SPF record considered best practice?

Or put another way, is using v=spf1 a mx ~all recommended over using v=spf1 a mx -all? The RFC does not appear to make any recommendations. My preference has always been to use FAIL, which causes ...
Michael Kropat's user avatar
11 votes
2 answers
47k views

How do I prevent the SPF_HELO_NONE warning when sending from Postfix?

When using a tool like https://dkimvalidator.com/ to verify configuration of DKIM, SPF, DMARC, etc. for sending mail from a web server, I get a warning like this: 0.0 SPF_HELO_NONE SPF: HELO does not ...
Walf's user avatar
  • 438
11 votes
1 answer
17k views

Why is Google rejecting mails forwarded from my Postfix server?

I've set up Postfix and created an alias that maps to a gmail account. When I mail from one of my own (google mail) accounts, it goes through, but if someone from the outside mails me, Google won't ...
troelskn's user avatar
  • 229
8 votes
5 answers
1k views

SPF - should I implement?

A request has been made by a web developer for our domain DNS records to include SPF TXT records. I found differing opinions on this out there... Any comments or insights you can offer will be highly ...
Manca Weeks's user avatar
6 votes
3 answers
9k views

SMTP host name vs. domain in "From:" address vis-a-vis Email Deliverability

I'm trying to implement (or make sure that I'm correctly following) email sending best practices to improve deliverability, but the role of the smtp server's host name vs the domain name of the From: ...
Jared Duncan's user avatar
6 votes
2 answers
3k views

What's the benefit of SPF HELO Identity

I'm try to understand the benefit of the HELO Identity defined in RFC7208 (SPF). There is a mail server, let's say mail.example.com. This server is used as relay for different domains. In Section 2.4: ...
Alex's user avatar
  • 63
5 votes
1 answer
2k views

NOT receiving DMARC reports from AOL / HOTMAIL / MSN / OUTLOOK / LIVE

My DMARC DNS record looks like this: (domain name is redacted) _dmarc.domain.com TXT "v=DMARC1; p=none; sp=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; rf=afrf; pct=100; ri=...
whallz's user avatar
  • 103
5 votes
2 answers
2k views

Forwarding to Gmail account via Postfix: SPF record with a hard fail

I run a Postfix server which forwards one address to a gmail address. # /etc/aliases localuser: [email protected] This works since several months. But if a sender has a SPF record with a hard ...
guettli's user avatar
  • 3,893
4 votes
1 answer
2k views

How to prevent emails from my domain through mailing lists to be rejected due to DMARC

I operate my own mail server at speedofsoundgaming.com and mwtd.net. I recently added a DMARC record to my domain to help prevent spam, and once seeing that things seemed to be working, upped the ...
Michael Taboada's user avatar
3 votes
3 answers
9k views

How to set SPF record?

I have configured postfix to use mail.example.com I have many virtual domains, like: domain1.com domain2.com domain3.com My question is, how to set the SPF? Do I have to set SPF for each domain or ...
user avatar
1 vote
1 answer
92 views

Originating (non-critical) emails from a "less-trusted" host

Background We have a webapp running on webapp.example.com that (amongst other things) sends messages by email from time to time. These messages are non-critical: whilst we would like to make a best ...
eggyal's user avatar
  • 422
1 vote
1 answer
1k views

Azure DNS does not lookup SPF policies for certain domains

I run my own mail server on an Azure Linux VM with Postfix. Since I was under heavy spam attack I reinforced my mail server security measures. Without going into the security things, today I noticed ...
usr-local-ΕΨΗΕΛΩΝ's user avatar
1 vote
1 answer
877 views

PermError SPF Too Many Lookups and Reduction

My current SPF record is as follows: v=spf1 mx include:servers.mcsv.net include:xero.com -all The above cause the SPF validation to fail. Using http://mxtoolbox.com/SuperTool.aspx?action=txt, I can ...
morleyc's user avatar
  • 1,130
0 votes
1 answer
880 views

Email authentication without modifying DNS records

Can someone explain how Mailchimp does email authentication without user having to update SPF or DKIM records? Quote from Mailchimp: When you use MailChimp's authentication, campaigns will pass ...
arnaslu's user avatar
  • 137
256 votes
3 answers
436k views

How to include multiple domains in an spf TXT Record

I am looking to setup a TXT spf record that has 2 included domains... individually: v=spf1 include:_spf.google.com ~all and v=spf1 include:otherdomain.com ~all What is the proper way of combining ...
tgriesser's user avatar
  • 2,952
91 votes
3 answers
112k views

Multiple TXT fields for same subdomain

I would like to understand if multiple TXT records for the same subdomain are ok or could lead to issues. In particular, we have the requirement for one SPF record and one Google Domain Verification ...
chrisvdb's user avatar
  • 1,329
40 votes
6 answers
6k views

Are SPF records legacy?

I am responsible for a domain which has an SPF record as recommended by various other services that send mail on this domain's behalf. When setting up Mailchimp, I was surprised to find no ...
RomanSt's user avatar
  • 1,217
26 votes
1 answer
38k views

Multiple SPF records for multiple domains

We have recently started using Office 365 for our email, which requires us to add a DNS TXT record with the value v=spf1 include:spf.protection.outlook.com -all. We already have an SPF record with the ...
Swisher Sweet's user avatar
26 votes
3 answers
20k views

SPF vs. DKIM - The exact use cases and differences

I'm sorry for the vague title. I don't fully understand why SPF and DKIM should be used together. First: SPF can pass where it should fail if the sender or DNS is "spoofed" and it can fail where it ...
deleted user 42's user avatar
18 votes
3 answers
29k views

Do changes in SPF records take time to propagate?

I'm setting up SPF records for my domain, and am not getting the results that I expect. It's quite possible I'm making some sort of mistake, but first I'd like to ask: does it take time for the ...
Daniel Griscom's user avatar
17 votes
2 answers
19k views

SPF fail vs. soft-fail pros and cons

Question What are the advantages and disadvantages of using Fail vs. a SoftFail in my SPF record? What I found on the topic Back in 2007, knowledgeable-seeming folks seem to have said SoftFail was ...
sondra.kinsey's user avatar
16 votes
1 answer
23k views

PermError SPF Permanent Error: Void lookup limit of 2 exceeded

I am trying to setup SPF on a server - mail works fine and validates according to mxtoolbox and other online checks but when I check it using http://www.kitterman.com/spf/validate.html I get an error: ...
bhttoan's user avatar
  • 650
16 votes
4 answers
9k views

Workarounds for maximum DNS-Interactive terms limit exceeded in SPF record?

As a hosting provider, we send email on behalf of our clients, so we help them set up DKIM and SPF email records in their DNS to get email deliverability just right. We've been advising them to use ...
Jeff Atwood's user avatar
  • 13.2k
15 votes
3 answers
7k views

DMARC Alignment: Enforce messages pass BOTH SPF and DKIM

Is there a way to enforce DMARC to fail/reject mail that doesn't pass BOTH DKIM and SPF? We have been narrowing the number that are failing, but there are some domains in our aggregate (rua) report ...
Noah Hall-Potvin's user avatar
14 votes
1 answer
43k views

How to resolve problems with spf / softfail?

I'm having problems with Google rejecting mail because of SPF problems. I thought I had this fixed, but evidently not... The mail is being sent from a Drupal site running mimemail. A message that ...
Jim Miller's user avatar
12 votes
4 answers
8k views

Why is my opendmarc failing pretty much everything that comes through?

I have this domain for which I set up SPF, DKIM, and DMARC stuff. Let's pretend the domain is example.com which has the following entries in its DNS zone: example.com. 600 IN MX ...
Morpheu5's user avatar
  • 279
11 votes
4 answers
9k views

Gmail SPF fail based on client IP

Gmail is failing SPF check based on the client IP. These are the relevant headers: Received-SPF: fail (google.com: domain of [email protected] does not designate 164.77.240.58 as permitted sender) ...
Max Toro's user avatar
  • 211
11 votes
2 answers
22k views

DMARC failed, but SPF pass

If i sent a mail from my website (on a private server) to [email protected], i have this report : <record> <row> <source_ip>x.x.x.x</source_ip> <count>1&...
griotteau's user avatar
  • 271
8 votes
1 answer
5k views

Amazon SES e-mails ending in Yahoo & Hotmail Spam folders, even though SPF and SenderID and DKIM are set correctly

This is incredibly frustrating. My Amazon SES e-mails are ending in Yahoo & Hotmail Spam folders, even though my SPF, SenderID, and DKIM are setup correctly. Since this particular site requires ...
ProgrammerGirl's user avatar
8 votes
1 answer
17k views

DKIM and SPF for a subdomain

I manage a VPS on Linode accessed through subdomain.example.com and I need to send email from this subdomain. I can't set any TXT records in Linode DNS manager because the name servers for example.com ...
hiirulainen's user avatar
7 votes
5 answers
7k views

Email sent from server with rDNS & SPF being blocked by Hotmail

I have been unable to send email to users on hotmail or other Microsoft email servers for some time. Its been a major headache trying to find out why and how to fix the issue. The emails being sent ...
Canadaka's user avatar
  • 361
7 votes
2 answers
1k views

How can I create and update the existing SPF record to allow more than 10 entries?

How can I include another SPF record if my existing domain already has 10 lines of SPF records in the TXT record? I wanted to add these two: include:mailgun.org include:sendgrid.net This is my ...
Senior Systems Engineer's user avatar
6 votes
1 answer
1k views

Should SPF records provided by ISPs contain "all" at the end?

This seems obvious or something I just don't understand. I want to build SPF records for my clients. Most of the email providers provide an SPF record that I can "include" in mine, but they all ...
Waivej's user avatar
  • 61
6 votes
2 answers
18k views

SPF softfail for forwarded emails to Gmail account

I've been able to make SPF pass on all the sent emails from my Postfix server. But for forwarded domains which simply redirect email to my gmail id I see softfail in the SPF. For example if I send ...
user5858's user avatar
  • 283
6 votes
1 answer
3k views

Why is SPF being validated against my mail server's IP instead of sender's IP?

I have a mail server "example.com" which forwards all emails with recipient "[email protected]" to "[email protected]". My mail server runs Postfix and it uses the virtual_alias_maps mechanism to perform the ...
Hongli Lai's user avatar
  • 2,262
5 votes
6 answers
10k views

Emails going to Junk for Hotmail recipients [duplicate]

We send daily mass emails to our customers (~30,000+ emails per day). We have problems with Hotmail users receiving our emails. Sometimes the email goes to the Junk folder, but often it will got to ...
David Mathis's user avatar
5 votes
1 answer
7k views

Allowing a domain to send emails via another domain

I have two servers: www.website1.com www.website2.com I have another server www.website3.com which I want to be allowed to send emails in behalf of the first two websites. How do I do this?
Dave's user avatar
  • 225
5 votes
2 answers
5k views

`connect to private/policy-spf: No such file or directory` when receive mail by postfix in centos 7

My system is centos 7 with postfix,dovecot,pypolicyd-spf, opendkim. I can send mail but cannot receive mail, I notice warnings as below: Feb 6 20:01:09 srv-8327 postfix/smtpd[20391]: warning: ...
kittygirl's user avatar
  • 985
5 votes
2 answers
17k views

how to configuration dkim on exchange email server

Mails sent from our internal email server to public servers such as Gmail, Yahoo and all other external organizations are delivering to spam. We currently use exchange server, in order to tackle above ...
enkhtuvshin's user avatar