Questions tagged [spf]
Sender Policy Framework is a standard by which the owner of a domain uses a specially formed DNS record to advertise which hosts are authorized to send email for the domain.
898
questions
40
votes
6
answers
6k
views
Are SPF records legacy?
I am responsible for a domain which has an SPF record as recommended by various other services that send mail on this domain's behalf.
When setting up Mailchimp, I was surprised to find no ...
6
votes
1
answer
637
views
Is email deliverability impossible with a .name email address?
I have a dot name domain. .name is an odd TLD: they originally only offered third level domains, eg first.last.name, so that more people could get their own name. They also included the first@last....
1
vote
2
answers
2k
views
DNS MX record and SMTP server
I have a SMTP server. DKIM is setup and working and have also setup SPF.
The SMTP host is smtp.domain.com
On the DNS I have a A record with smtp pointing to the IPv4 and a AAAA record with smtp ...
1
vote
1
answer
176
views
Add SPF record for multiple systems in different servers
I have a domain with a published SPF record (v=spf1 a mx ip4:xx.xxx.xxx.25 ~all) for it (e.g: xyz.com) also this domain has four subdomains:
sub1.xyz.com xx.xxx.xxx.29
sub2.xyz.com xx.xxx.xxx.30
...
0
votes
1
answer
2k
views
SPF SOFTFAIL domain of transitioning [email protected] does not designate X.X.X.X as permitted sender)
in my company I have the following error.
softfail (google.com: domain of transitioning [email protected] does not designate X.X.X.X as permitted sender) client-ip=X.X.X.X;
Let's say my mail....
1
vote
1
answer
3k
views
Forward messages to Gmail (postfix+SRS) has DMARC failure even though SPF and DKIM succeed
I run my own domain, but forward many email addresses to my gmail account. Recently, I started seeing a lot of messages marked by gmail as spam. I have SPF set for my outgoing email, and use SRS to ...
0
votes
2
answers
532
views
Email protected with SPF but received valid signature from other IP anyway
I've received an email in spam from [email protected] to [email protected], but the "sent by" came from rec15.appleandrdoidmail.mx. [email protected] is an alias. Weird thing is that it says ...
2
votes
3
answers
3k
views
AWS SES requirements on custom MAIL FROM domain
According to the docs, AWS SES has some requirements on what is an allowable MAIL FROM domain:
The subdomain you use for your MAIL FROM domain has to meet the following requirements:
The MAIL FROM ...
0
votes
3
answers
1k
views
SPF problems with sending email from website
I've been struggling to understand how to fix a particular problem with setting up SPF with different domain names. I tried searching the web, but didn't quite find what I was looking for.
My problem ...
0
votes
1
answer
109
views
How does Dmarc alignment protect against anything?
I am specifically referring to Dmarc SPF alignment.
To get a Dmarc pass result, all it takes is that either SPF or DKIM aligns.
Let us say that I am an attacker, and try to impersonate abc.com.
I have ...
0
votes
2
answers
411
views
Some clear instructions on writing the DMARC record
I have been under some pressure to produce the DMARC record for one of our customers. Unfortunately, they do not give me access to the domain vendor and instead repeatedly ask "What should they ...
-2
votes
1
answer
801
views
My OpenDMARC is rejecting emails from firefox.com . Is their SPF record correct? Or am I wrong?
Why is opendmarc rejecting mail from firefox.com? It looks like their SPF record matches their sending address and does pass:
v=spf1 mx a include:amazonses.com include:mail.zendesk.com -all
/var/log/...
11
votes
4
answers
7k
views
record DKIM on IONOS makes sense?
If I am sending mail through SMTP, I understand that it is IONOS who signs those emails, right?
I would like to add the DKIM header to my emails. I know that it is necessary to publish a CNAME record ...
1
vote
1
answer
82
views
Understanding SPF fails for email sent
I'm trying to get my head around this issue. My emails are getting sent into spam for people. In this case, its gmail. If I look at the email details I get:
109.74.201.130 is another server, which ...
0
votes
1
answer
921
views
SPF and DKIM for one domain on two servers [closed]
I followed this guide to setup SPF and DKIM for emails to be sent from a server for a domain. That server is the location of the actual email server for the domain.
I now want to setup another server ...
1
vote
1
answer
3k
views
emails to Yahoo are ending up in SPAM folder despite spf=pass, dkim=pass and dmarc=pass
Are we possibility having a reputation problems with Yahoo emails?
Yahoo raw mail header finds my policy I published: dmarc=success(p=REJECT,sp=REJECT)
Emails to clients at Google and Outlook are not ...
1
vote
1
answer
809
views
Why is opendmarc SPF failing this arriving message?
Why is this incoming message failing?
postfix/smtpd[4776]: connect from mail-mw2nam10on2073.outbound.protection.outlook.com[40.107.94.73]
postfix/smtpd[4776]: Anonymous TLS connection established ...
1
vote
2
answers
3k
views
All mails to Yahoo are deferred or in spam
i have read a lot about the problems of delivering mail to yahoo.com, i have contact the tech support but the result it's always the same: from my server all mails to yahoo./aol. are deffered and when ...
2
votes
1
answer
1k
views
Is SPF alignment important with DMARC?
When setting up a DMARC policy for an organization, is it important at all to have SPF alignment?
I've gathered that:
Most email service providers support DKIM for a custom domain.
Not all email ...
1
vote
1
answer
740
views
Postfix send mail only to GMail, all other domains are deferred and not sended
My Postfix server is running on Debian Stretch. It is able to send emails to a GMail address without problems which are not considered as spam. At the DNS level I configured DKIM, SPF and DMARC and ...
2
votes
1
answer
553
views
Any benefit to adding SPF record for mail relay that doesn't align with RFC5322.From domain?
When using a mail delivery service, like AWS SES or SendGrid, is there any benefit to including their SPF records for the domain in the RFC5322.From (header-from) header?
With how they operate by ...
1
vote
1
answer
65
views
Combine SPF record with and without rules/mechnisms
I'm very new to DNS world, and now I'm supposed to add an SFP record like v=spf1 mx include:_spf.blah.com ~all to an existing SPF record on a zone.
existing TXT looks like this :
v=spf1 include:_spf....
2
votes
1
answer
1k
views
SPF DNS void lookup limit exceeded [duplicate]
while testing my DKIM/SPF config by using the port25.com email service, I am getting the following reply for my SPF record:
permerror (DNS void lookup limit exceeded)
However, my spf record does not ...
1
vote
4
answers
2k
views
Using SPF and DMARC records to combat invalid email subdomains
I have been able to confirm that bad actors are sending emails from nonexistent subdomains of my company's primary domain.
Let's say my primary domain is foo.com. Email is sent from that base ...
1
vote
1
answer
456
views
SPF default policy when "all" is missing
What is the policy that is applied when "all" is missing from an SPF record? For example as in v=spf1 a ip4:198.51.100.15.
0
votes
1
answer
58
views
For SPF records do 'a' and 'mx' achieve the same result in many cases?
Example DNS Records:
Type: TXT
Hostname: example.com
Value: returns v=spf1 a ~all
Type: A
Hostname: mail.example.com
Value: 1.1.1.1
Type: AAAA
Hostname: mail.example.com
Value: 1000:1:1:1:1:1:0001
...
1
vote
1
answer
929
views
Setting up SPF record for A2Hosting shared hosting
I'm trying to setup A2Hosting SPF correctly since the proposed SPF is landing the emails in the SPAM folder in Gmail.
This is the default SPF: v=spf1 +mx +a +ip4:210.125.99.77 ~all
But when ...
13
votes
2
answers
16k
views
How does DKIM work when sending emails from multiple sources/servers?
So if I'm understanding DKIM correctly, it basically is a public/private key type of service. However, how does this work if you send emails from multiple servers/sources? For instance, I have a ...
0
votes
1
answer
125
views
Way to open up SPF to all IPs just for a subdomain?
I know this is a bit of a weird / silly question, but we have a sub-domain which acts as a way for our hotel owners to communicate with clients. messages.mydomain.com. What happens if they have a ...
0
votes
1
answer
95
views
Postfix working on separate server having issues delivering mail to a specific domain
I have the following situation.
My main domain is pointed to a Hostgator account. Because of bad performance of the site, the client decided to give DigitalOcean a go, but leaving the e-mails on ...
2
votes
1
answer
258
views
what is the appropriate DMARC configuration for a domain that should fail hard on DKIM but soft on SPF
Messages sent by my domain will always be DKIM-signed and any that are not should be immediately discarded by recipients. But strict SPF enforcement leads to problems where internal mail-forwarding ...
0
votes
1
answer
183
views
SPF- and DKIM- align fails on a few emails from a larger batch
We are sending large numbers of emails (hundreds of thousands) mostly for our clients. Of course, we have configures SPF, DKIM, and DMARC records properly for all domains who use us. We pass all tests ...
2
votes
0
answers
2k
views
With valid SPF, DKIM, and DMAR, Office 365 email still goes to junk mail and got Authentication-Results-Original: spf=none
My goal is to be able to send email from my website using smtp.office365.com and the emails will go into inbox instead of junk mail. But so far, I have not succeed.
If the receipt is gmail, the ...
0
votes
1
answer
1k
views
Create SPF TXT for Wildcard Domains
Today I use DigitalOcean as hosting my software.
Our platform is a SaaS that sends emails from wildcard domains, example: [email protected]; [email protected];
...
0
votes
1
answer
89
views
Gmail couldn't verify that MyClientSite.ie actually sent this message (and not a spammer)
I'm having problems with delivery of emails from an application on a web server to Gmail. Gmail is displaying a round circle with a question mark, instead of the first letter of the sender, and ...
5
votes
1
answer
3k
views
DMARC strict vs relaxed alignment?
I've been configuring DNS records for a mail server and got stuck when it came to DMARC's alignments.
I know that both relaxed and strict are valid options, as well as relaxed being default setting. ...
1
vote
2
answers
1k
views
Set up SPF: encountered SPF Permanent Error
Our DNS is managed through Microsoft. I need to set up a new record to allow a new website to send email. Here is what I did.
1) I set up the following SPF record
host: subdomain
value: v=spf1 ip4:...
1
vote
0
answers
4k
views
DKIM failure "message has been altered"
Summary
I have a Mattermost server which needs to send emails out to users when they sign up, etc. These emails are failing DKIM checks and showing up in users' Gmail as spam.
Observed behavior
I ...
0
votes
2
answers
60
views
SPF for zoho mail servers
I have zoho domain mails. for Spf verification Icreated
as pe their instruction as follow as.
name : @.vernia.in
Text
"v=spf1 include:zoho.com ~all"
and saved. But on verification it says "We are ...
1
vote
1
answer
460
views
DNS SPF TXT Records - is this legal?
foo.org 1 IN TXT "v=spf1 include:_spf.google.com include:_spf.bar.com ~all"
foo.org 1 IN TXT "v-spf1 ip4:99.99.99.99 include:_spf.google.com ~all"
or do they need to be combined into one ...
4
votes
1
answer
1k
views
Size of SPF with other TXT records
The SPF specification says:
The published SPF record for a given domain name SHOULD remain
small enough that the results of a query for it will fit within 512
octets. Otherwise, there is a ...
2
votes
0
answers
555
views
How to avoid gmail orange mark and spam filter when using cloudflare proxies?
I send emails from my site via php smtp method connected to 'smtp.gmail.com' on 465, and account added to GSuite. All my emails falls in spam folder in Gmail. The kind of emails is just password ...
0
votes
1
answer
431
views
What happens when SPF includes domain that does not have SPF but A record instead
A company whose mail servers we occasionally use to send emails has asked us to include their domain in our SPF record as follows: v=spf1 [...] include:app.sgizmo.eu ~all.
Now it turns out that there ...
-1
votes
1
answer
127
views
Does record domain "include:" also refers to subdomains?
I have a doubt setting up my SPF record. I would like to know if I set up an include record in the SPF record will also be "including" the subdomains of that principal domain that I have included?.
...
1
vote
2
answers
854
views
MX record delegation
I have a client who manages their own DNS - all the A records and CNAME records for example.com and a number of subdomains.
They want to use a dedicated subdomain for email - em.example.com. They ...
3
votes
2
answers
2k
views
SPAM Domain Spoofing through SES
A spammer seems to be running spam through SES and spoofing our domain.
We are using SPF and DKIM so I’m not sure what is going on.
This is our SPF record:
v=spf1 a mx include:amazonses.com include:...
1
vote
1
answer
2k
views
Email delivery issues with Hotmail/Outlook
I am using SendGrid to send emails and I have properly configured my domain (SPF, etc.). Usually everything works, except that Hotmail/Outlook often rejects the emails I send:
reason": "550 5.7.1 ...
0
votes
0
answers
96
views
SPF hosted on CENT OS. Does not restarting the "named" service after editing the SPF record break the whole DNS File?
We had to change and Include entry from: Include:Domain-name.com
to: Include:_Domain-name.com
This was the only change we made. After a couple days none of our hosted resources were available.
My ...
3
votes
1
answer
8k
views
Amavis / Spamassassin - FORGED_SPF_HELO and SPF_HELO_PASS
I have a web server that sends out webform type emails via Postfix 3.3.0. No inbound. No extras.
Receiving mail server is running same Postfix (but with amavis-new/spamassassin + dovecot/etc). These ...
0
votes
2
answers
1k
views
Does absence of SPF, DKIM, DMARC records on a domain affect the email delivery?
Say, I don't have these records for a domain at all and the email delivery is OK.
Will those records improve something regarding the delivery or are they just a remedy for domain spoofing and are not ...