Skip to main content

Questions tagged [spf]

Sender Policy Framework is a standard by which the owner of a domain uses a specially formed DNS record to advertise which hosts are authorized to send email for the domain.

Filter by
Sorted by
Tagged with
40 votes
6 answers
6k views

Are SPF records legacy?

I am responsible for a domain which has an SPF record as recommended by various other services that send mail on this domain's behalf. When setting up Mailchimp, I was surprised to find no ...
RomanSt's user avatar
  • 1,217
6 votes
1 answer
637 views

Is email deliverability impossible with a .name email address?

I have a dot name domain. .name is an odd TLD: they originally only offered third level domains, eg first.last.name, so that more people could get their own name. They also included the first@last....
ryan's user avatar
  • 291
1 vote
2 answers
2k views

DNS MX record and SMTP server

I have a SMTP server. DKIM is setup and working and have also setup SPF. The SMTP host is smtp.domain.com On the DNS I have a A record with smtp pointing to the IPv4 and a AAAA record with smtp ...
clarkk's user avatar
  • 2,055
1 vote
1 answer
176 views

Add SPF record for multiple systems in different servers

I have a domain with a published SPF record (v=spf1 a mx ip4:xx.xxx.xxx.25 ~all) for it (e.g: xyz.com) also this domain has four subdomains: sub1.xyz.com xx.xxx.xxx.29 sub2.xyz.com xx.xxx.xxx.30 ...
Ahmad's user avatar
  • 113
0 votes
1 answer
2k views

SPF SOFTFAIL domain of transitioning [email protected] does not designate X.X.X.X as permitted sender)

in my company I have the following error. softfail (google.com: domain of transitioning [email protected] does not designate X.X.X.X as permitted sender) client-ip=X.X.X.X; Let's say my mail....
Adam's user avatar
  • 133
1 vote
1 answer
3k views

Forward messages to Gmail (postfix+SRS) has DMARC failure even though SPF and DKIM succeed

I run my own domain, but forward many email addresses to my gmail account. Recently, I started seeing a lot of messages marked by gmail as spam. I have SPF set for my outgoing email, and use SRS to ...
Mikeage's user avatar
  • 2,741
0 votes
2 answers
532 views

Email protected with SPF but received valid signature from other IP anyway

I've received an email in spam from [email protected] to [email protected], but the "sent by" came from rec15.appleandrdoidmail.mx. [email protected] is an alias. Weird thing is that it says ...
Miquel's user avatar
  • 103
2 votes
3 answers
3k views

AWS SES requirements on custom MAIL FROM domain

According to the docs, AWS SES has some requirements on what is an allowable MAIL FROM domain: The subdomain you use for your MAIL FROM domain has to meet the following requirements: The MAIL FROM ...
user2959071's user avatar
0 votes
3 answers
1k views

SPF problems with sending email from website

I've been struggling to understand how to fix a particular problem with setting up SPF with different domain names. I tried searching the web, but didn't quite find what I was looking for. My problem ...
moleculezz's user avatar
0 votes
1 answer
109 views

How does Dmarc alignment protect against anything?

I am specifically referring to Dmarc SPF alignment. To get a Dmarc pass result, all it takes is that either SPF or DKIM aligns. Let us say that I am an attacker, and try to impersonate abc.com. I have ...
pHeoz's user avatar
  • 163
0 votes
2 answers
411 views

Some clear instructions on writing the DMARC record

I have been under some pressure to produce the DMARC record for one of our customers. Unfortunately, they do not give me access to the domain vendor and instead repeatedly ask "What should they ...
Disasterkid's user avatar
-2 votes
1 answer
801 views

My OpenDMARC is rejecting emails from firefox.com . Is their SPF record correct? Or am I wrong?

Why is opendmarc rejecting mail from firefox.com? It looks like their SPF record matches their sending address and does pass: v=spf1 mx a include:amazonses.com include:mail.zendesk.com -all /var/log/...
Andrew's user avatar
  • 145
11 votes
4 answers
7k views

record DKIM on IONOS makes sense?

If I am sending mail through SMTP, I understand that it is IONOS who signs those emails, right? I would like to add the DKIM header to my emails. I know that it is necessary to publish a CNAME record ...
Diego's user avatar
  • 113
1 vote
1 answer
82 views

Understanding SPF fails for email sent

I'm trying to get my head around this issue. My emails are getting sent into spam for people. In this case, its gmail. If I look at the email details I get: 109.74.201.130 is another server, which ...
Andrew Newby's user avatar
  • 1,184
0 votes
1 answer
921 views

SPF and DKIM for one domain on two servers [closed]

I followed this guide to setup SPF and DKIM for emails to be sent from a server for a domain. That server is the location of the actual email server for the domain. I now want to setup another server ...
Kohjah Breese's user avatar
1 vote
1 answer
3k views

emails to Yahoo are ending up in SPAM folder despite spf=pass, dkim=pass and dmarc=pass

Are we possibility having a reputation problems with Yahoo emails? Yahoo raw mail header finds my policy I published: dmarc=success(p=REJECT,sp=REJECT) Emails to clients at Google and Outlook are not ...
MeSo2's user avatar
  • 274
1 vote
1 answer
809 views

Why is opendmarc SPF failing this arriving message?

Why is this incoming message failing? postfix/smtpd[4776]: connect from mail-mw2nam10on2073.outbound.protection.outlook.com[40.107.94.73] postfix/smtpd[4776]: Anonymous TLS connection established ...
Andrew's user avatar
  • 145
1 vote
2 answers
3k views

All mails to Yahoo are deferred or in spam

i have read a lot about the problems of delivering mail to yahoo.com, i have contact the tech support but the result it's always the same: from my server all mails to yahoo./aol. are deffered and when ...
Mattia Di Giuseppe's user avatar
2 votes
1 answer
1k views

Is SPF alignment important with DMARC?

When setting up a DMARC policy for an organization, is it important at all to have SPF alignment? I've gathered that: Most email service providers support DKIM for a custom domain. Not all email ...
Ralf's user avatar
  • 179
1 vote
1 answer
740 views

Postfix send mail only to GMail, all other domains are deferred and not sended

My Postfix server is running on Debian Stretch. It is able to send emails to a GMail address without problems which are not considered as spam. At the DNS level I configured DKIM, SPF and DMARC and ...
Zetam's user avatar
  • 11
2 votes
1 answer
553 views

Any benefit to adding SPF record for mail relay that doesn't align with RFC5322.From domain?

When using a mail delivery service, like AWS SES or SendGrid, is there any benefit to including their SPF records for the domain in the RFC5322.From (header-from) header? With how they operate by ...
Rob Olmos's user avatar
  • 2,250
1 vote
1 answer
65 views

Combine SPF record with and without rules/mechnisms

I'm very new to DNS world, and now I'm supposed to add an SFP record like v=spf1 mx include:_spf.blah.com ~all to an existing SPF record on a zone. existing TXT looks like this : v=spf1 include:_spf....
Mahyar's user avatar
  • 107
2 votes
1 answer
1k views

SPF DNS void lookup limit exceeded [duplicate]

while testing my DKIM/SPF config by using the port25.com email service, I am getting the following reply for my SPF record: permerror (DNS void lookup limit exceeded) However, my spf record does not ...
uncovery's user avatar
  • 365
1 vote
4 answers
2k views

Using SPF and DMARC records to combat invalid email subdomains

I have been able to confirm that bad actors are sending emails from nonexistent subdomains of my company's primary domain. Let's say my primary domain is foo.com. Email is sent from that base ...
CaptainZack's user avatar
1 vote
1 answer
456 views

SPF default policy when "all" is missing

What is the policy that is applied when "all" is missing from an SPF record? For example as in v=spf1 a ip4:198.51.100.15.
Spack's user avatar
  • 1,624
0 votes
1 answer
58 views

For SPF records do 'a' and 'mx' achieve the same result in many cases?

Example DNS Records: Type: TXT Hostname: example.com Value: returns v=spf1 a ~all Type: A Hostname: mail.example.com Value: 1.1.1.1 Type: AAAA Hostname: mail.example.com Value: 1000:1:1:1:1:1:0001 ...
myNewAccount's user avatar
1 vote
1 answer
929 views

Setting up SPF record for A2Hosting shared hosting

I'm trying to setup A2Hosting SPF correctly since the proposed SPF is landing the emails in the SPAM folder in Gmail. This is the default SPF: v=spf1 +mx +a +ip4:210.125.99.77 ~all But when ...
Vlax's user avatar
  • 121
13 votes
2 answers
16k views

How does DKIM work when sending emails from multiple sources/servers?

So if I'm understanding DKIM correctly, it basically is a public/private key type of service. However, how does this work if you send emails from multiple servers/sources? For instance, I have a ...
Marc NJ's user avatar
  • 141
0 votes
1 answer
125 views

Way to open up SPF to all IPs just for a subdomain?

I know this is a bit of a weird / silly question, but we have a sub-domain which acts as a way for our hotel owners to communicate with clients. messages.mydomain.com. What happens if they have a ...
Andrew Newby's user avatar
  • 1,184
0 votes
1 answer
95 views

Postfix working on separate server having issues delivering mail to a specific domain

I have the following situation. My main domain is pointed to a Hostgator account. Because of bad performance of the site, the client decided to give DigitalOcean a go, but leaving the e-mails on ...
Mihail Minkov's user avatar
2 votes
1 answer
258 views

what is the appropriate DMARC configuration for a domain that should fail hard on DKIM but soft on SPF

Messages sent by my domain will always be DKIM-signed and any that are not should be immediately discarded by recipients. But strict SPF enforcement leads to problems where internal mail-forwarding ...
Glyph's user avatar
  • 251
0 votes
1 answer
183 views

SPF- and DKIM- align fails on a few emails from a larger batch

We are sending large numbers of emails (hundreds of thousands) mostly for our clients. Of course, we have configures SPF, DKIM, and DMARC records properly for all domains who use us. We pass all tests ...
TomS's user avatar
  • 181
2 votes
0 answers
2k views

With valid SPF, DKIM, and DMAR, Office 365 email still goes to junk mail and got Authentication-Results-Original: spf=none

My goal is to be able to send email from my website using smtp.office365.com and the emails will go into inbox instead of junk mail. But so far, I have not succeed. If the receipt is gmail, the ...
flyingcrane's user avatar
0 votes
1 answer
1k views

Create SPF TXT for Wildcard Domains

Today I use DigitalOcean as hosting my software. Our platform is a SaaS that sends emails from wildcard domains, example: [email protected]; [email protected]; ...
Tom's user avatar
  • 289
0 votes
1 answer
89 views

Gmail couldn't verify that MyClientSite.ie actually sent this message (and not a spammer)

I'm having problems with delivery of emails from an application on a web server to Gmail. Gmail is displaying a round circle with a question mark, instead of the first letter of the sender, and ...
KevInSol's user avatar
  • 115
5 votes
1 answer
3k views

DMARC strict vs relaxed alignment?

I've been configuring DNS records for a mail server and got stuck when it came to DMARC's alignments. I know that both relaxed and strict are valid options, as well as relaxed being default setting. ...
user avatar
1 vote
2 answers
1k views

Set up SPF: encountered SPF Permanent Error

Our DNS is managed through Microsoft. I need to set up a new record to allow a new website to send email. Here is what I did. 1) I set up the following SPF record host: subdomain value: v=spf1 ip4:...
flyingcrane's user avatar
1 vote
0 answers
4k views

DKIM failure "message has been altered"

Summary I have a Mattermost server which needs to send emails out to users when they sign up, etc. These emails are failing DKIM checks and showing up in users' Gmail as spam. Observed behavior I ...
wesgardner's user avatar
0 votes
2 answers
60 views

SPF for zoho mail servers

I have zoho domain mails. for Spf verification Icreated as pe their instruction as follow as. name : @.vernia.in Text "v=spf1 include:zoho.com ~all" and saved. But on verification it says "We are ...
Vernia Digital System's user avatar
1 vote
1 answer
460 views

DNS SPF TXT Records - is this legal?

foo.org 1 IN TXT "v=spf1 include:_spf.google.com include:_spf.bar.com ~all" foo.org 1 IN TXT "v-spf1 ip4:99.99.99.99 include:_spf.google.com ~all" or do they need to be combined into one ...
user1964548's user avatar
4 votes
1 answer
1k views

Size of SPF with other TXT records

The SPF specification says: The published SPF record for a given domain name SHOULD remain small enough that the results of a query for it will fit within 512 octets. Otherwise, there is a ...
wfaulk's user avatar
  • 6,968
2 votes
0 answers
555 views

How to avoid gmail orange mark and spam filter when using cloudflare proxies?

I send emails from my site via php smtp method connected to 'smtp.gmail.com' on 465, and account added to GSuite. All my emails falls in spam folder in Gmail. The kind of emails is just password ...
Valik Tralik's user avatar
0 votes
1 answer
431 views

What happens when SPF includes domain that does not have SPF but A record instead

A company whose mail servers we occasionally use to send emails has asked us to include their domain in our SPF record as follows: v=spf1 [...] include:app.sgizmo.eu ~all. Now it turns out that there ...
Cornelius Roemer's user avatar
-1 votes
1 answer
127 views

Does record domain "include:" also refers to subdomains?

I have a doubt setting up my SPF record. I would like to know if I set up an include record in the SPF record will also be "including" the subdomains of that principal domain that I have included?. ...
Santiago's user avatar
1 vote
2 answers
854 views

MX record delegation

I have a client who manages their own DNS - all the A records and CNAME records for example.com and a number of subdomains. They want to use a dedicated subdomain for email - em.example.com. They ...
Doug McLean's user avatar
3 votes
2 answers
2k views

SPAM Domain Spoofing through SES

A spammer seems to be running spam through SES and spoofing our domain. We are using SPF and DKIM so I’m not sure what is going on. This is our SPF record: v=spf1 a mx include:amazonses.com include:...
Collin Krawll's user avatar
1 vote
1 answer
2k views

Email delivery issues with Hotmail/Outlook

I am using SendGrid to send emails and I have properly configured my domain (SPF, etc.). Usually everything works, except that Hotmail/Outlook often rejects the emails I send: reason": "550 5.7.1 ...
Basj's user avatar
  • 769
0 votes
0 answers
96 views

SPF hosted on CENT OS. Does not restarting the "named" service after editing the SPF record break the whole DNS File?

We had to change and Include entry from: Include:Domain-name.com to: Include:_Domain-name.com This was the only change we made. After a couple days none of our hosted resources were available. My ...
JohnRonDonald's user avatar
3 votes
1 answer
8k views

Amavis / Spamassassin - FORGED_SPF_HELO and SPF_HELO_PASS

I have a web server that sends out webform type emails via Postfix 3.3.0. No inbound. No extras. Receiving mail server is running same Postfix (but with amavis-new/spamassassin + dovecot/etc). These ...
B. Shea's user avatar
  • 1,039
0 votes
2 answers
1k views

Does absence of SPF, DKIM, DMARC records on a domain affect the email delivery?

Say, I don't have these records for a domain at all and the email delivery is OK. Will those records improve something regarding the delivery or are they just a remedy for domain spoofing and are not ...
t7e's user avatar
  • 171

1 2 3
4
5
18