Skip to main content

Questions tagged [spf]

Sender Policy Framework is a standard by which the owner of a domain uses a specially formed DNS record to advertise which hosts are authorized to send email for the domain.

Filter by
Sorted by
Tagged with
17 votes
3 answers
8k views

SPF/DKIM/DMARC for Gmail "Send mail as" via smtp.gmail.com on external domain

Since "Google Apps" / "Google Apps for business" / "G-Suite" / "Google Workspaces" free tier is being discontinued, I need a solution to migrate my ~30 extended ...
Ozzah's user avatar
  • 279
0 votes
0 answers
508 views

Softfail on forwarded emails sent through Yahoo mail - Is there a fix?

happy to be here. Excuse me for the wall of text but I am trying to help a friend who wants to keep on using his Yahoo mail for sending emails from his business email address. His mail server is on ...
Manou Allou's user avatar
1 vote
1 answer
2k views

postfix: how to force IPv4 through SMTP?

Problem I have successfully set up a Postfix mailserver with an SMTP interface, set up DKIM, DMARC, SPF, all that stuff. But I had a problem when testing the delivery of emails to Gmail. Namely, SPF ...
VaNa's user avatar
  • 137
0 votes
1 answer
2k views

How can it be possible dkim fails whereas spf pass

I have set up a postfix which sends emails. I have configure spf, dkim and dmarc (with p=none). I have checked with mail-tester: spf and dkim work fine. I have set up a dmarc rua in order to receive ...
Bob5421's user avatar
  • 429
0 votes
2 answers
1k views

send email from another server than FROM domain without being marked as spam

I want to send a mail from a website. The mail server from this domain is not publicly reachable, so I can't use that to send the mail. The webserver that hosts the website has another email server ...
Matthias's user avatar
  • 101
0 votes
1 answer
1k views

Compared to SPF MAIL FROM checks, what are HELO checks good for? [duplicate]

I’m starting with SPF on my (email) domain. (No DKIM or DMARC yet.) I see little usefulness in HELO identity checking in SPF and am thinking about setting the HELO identity to my domain (instead of ...
Robert Siemer's user avatar
0 votes
1 answer
1k views

Setup DNS records for SMTP send-only server

I have website on hosting with domain exmpl.com. I have DNS record for exmpl.com: exmpl.com MX(10) mail.exmpl.com mail.exmpl.com A XX.XX.XX.XX exmpl.com TXT v=spf1 +a +mx +a:hosting.server ~all All ...
Sasha Dzuruk's user avatar
1 vote
2 answers
2k views

SPF Records: Outlook shows fail, Google shows pass

I am using Office 365 for emails, and have configured the DNS SPF record as: v=spf1 include:spf.protection.outlook.com ~all When I send emails to Google recipients, the email headers show Received-SPF:...
Richard's user avatar
  • 111
3 votes
1 answer
2k views

How is this email passing DMARC?

Today we received a spoofed email: it was sent to us "from us". (Assume we own foo.com -- real domain redacted.) This is disturbing, as it shows as "from foo.com", yet the sender ...
Lawrence Wagerfield's user avatar
0 votes
0 answers
2k views

How to combine multiple SPF domains, one with an mx mechanism?

I combined 3 SPF records using the standard protocol, but got a null error after combining them. Individual records: v=spf1 include:spf.sendinblue.com mx ~all v=spf1 include:dc-aa8e722993._spfm....
pinktoads2's user avatar
0 votes
1 answer
598 views

How do I add individual mail-sending websites to my SPF record?

My company, which sends @example.co email from Google Workspace, HubSpot, and Salesforce, has the following SPF record in DNS: v=spf1 include:_spf.google.com include:_spf.salesforce.com include:...
ST7686's user avatar
  • 1
0 votes
1 answer
566 views

Why am I failing SPF only in my Google DMARC report?

Curious as to why my Google DMARC is coming back with a fail under SPF. Here is the report: <?xml version="1.0" encoding="UTF-8" ?> <feedback> <report_metadata> ...
2kreate's user avatar
2 votes
1 answer
2k views

Why do I get DMARC aggregate reports with no reported failures (G Suite + Amazon SES)?

Domain: franzoni.eu Such domain leverages G Suite (grandfathered free version) for receiving mail, but for various reasons (I prefer not to create users for M2M SMTP on G Suite, and I cannot use SMTP ...
Alan Franzoni's user avatar
6 votes
2 answers
4k views

Why does spf fail in DMARC report from Google?

I recently received a DMARC report from Google alerting me of a few SPF failures with mail originating from IP addresses belonging to Amazon SES. A sample record is as follows (I have replaced our ...
Leo Galleguillos's user avatar
1 vote
1 answer
195 views

Confused about SPF Records

I thought that ?all in SPF should not be used. Then I examinated SPF records of some local email provider companies and I found this: v=spf1 mx ip4:77.75.78.0/23 ip4:77.75.76.0/23 ip6:2a02:598::/32 ?...
Bear Black's user avatar
0 votes
1 answer
488 views

SPF record with DMARC policy is not picking up the policy

We are now going through security verification, and we are using SecurityScorecard for it. One of the issues that we are still trying to fight, is the SPF record. The details of the error are as ...
Alex A.'s user avatar
  • 101
2 votes
1 answer
2k views

SpamAssassin: custom rules and score

For my mailserver, i want do add some custom rules and scores for spamasassin DKIM and SPF checks. Currently i use following custom settings: score DKIM_SIGNED 0 score DKIM_VALID -1 score ...
Tim Altgeld's user avatar
1 vote
2 answers
886 views

How to configure DNS SPF records for many subdomains

I have a domain name, say example.com, and many servers (potentially hundreds), each with a public IP and a sub domain (sub1.example.com, sub2.example.com, etc.). Each server hosts a Postfix ...
Pascal Ognibene's user avatar
6 votes
1 answer
4k views

Mail from Teams forwarded to Gmail marked as spam due to DMARC failure

When I write a chat message in Microsoft Teams the receiver gets an e-mail notification on her Office 365 account ([email protected]) when she is offline in Teams. The receiver set it up so that all ...
Johannes Egger's user avatar
1 vote
1 answer
311 views

DMARC failure for delivery report

I have a Docker-based mail server (Mailu) setup. It's working great except for delivery reports which are sent automatically (one of the user mailboxes is full and a "Quota exceeded" ...
andi's user avatar
  • 121
3 votes
1 answer
2k views

Custom Return-Path for gmail domain

I do not expect my problem to be super-unique, but I was not able to find and answer so far even at Gmail help pages, and lots of googling with various terms did not provided a solution. Context: ...
Kote Isaev's user avatar
0 votes
1 answer
841 views

SPF/DKIM setup for a registrar's email forward

I have a number of domains with a registrar with straight forward forwards to another email address. The system has worked flawlessly for a lot of years over a lot of domains but recently I created a ...
Kevin_Wales's user avatar
2 votes
1 answer
166 views

What's the endpoint running at `include:spf.example.com` as seen in an SPF record in DNS?

How can I run an SPF include endpoint for my organisation? In this example, the SPF record for a domain permits hosts included via the spf.example.com list, and prohibits everything else: "v=spf1 ...
Pete Cooper's user avatar
1 vote
2 answers
843 views

How to create SPF records for my subdomains pointing to services hosted on Azure

I have a webapp running on Azure and use Google Domains for the domain name (mywebapp.com) and DNS. Azure automatically generates URLs for different resources/services (e.g: https://black-cat-12345....
wertyq's user avatar
  • 113
1 vote
1 answer
237 views

SPF/DKIM and sending emails from parent domain

I'm trying to understand how apps such as greenhouse.io configure DNS for delegating email sending. In short, assume I am a SAAS provider saas.com and my customer is customer.com. I've seen that it is ...
ragebiswas's user avatar
5 votes
1 answer
6k views

why is this DMARC failing verification?

I get a 6.1/10 score on mail-tester.com, where the DMARC verification is the only relevant penalty (-3). * Your DKIM signature is valid * Your message failed the DMARC verification A DMARC policy ...
Stuck's user avatar
  • 153
0 votes
1 answer
306 views

Google SPF fails with some IPs

GMail MX are ASPMX.L.GOOGLE.COM: 1 ALT1.ASPMX.L.GOOGLE.COM: 5 ALT2.ASPMX.L.GOOGLE.COM: 5 ASPMX3.GOOGLEMAIL.COM: 10 ASPMX2.GOOGLEMAIL.COM: 10 When checking for IPs for these names, each time your ask ...
MickaelFM's user avatar
  • 113
3 votes
0 answers
694 views

Google G Suite DMARC + SPF + DKIM for user domain aliases fail Google Admin Toolbox CheckMX

I have set up the above in my Google's old G-Suite account for a User Domain Alias but am still getting two warning messages: https://webcoder.co.uk There were some non-critical problems detected with ...
webcoder.co.uk's user avatar
0 votes
1 answer
5k views

550-5.7.26 Unauthenticated email from domain is not accepted due on ERP only

I have made updates to our mail server to use DMARC. So after This our ERP system cannot send emails to gmail.com or yahoo.com but Outlook sends emails with no problems. Below is the header for an ...
Ahmed Reda's user avatar
1 vote
1 answer
1k views

Why does my postfix reject mail with a spf hardfail even though spf DNs record is set to softfail?

The log output I get is the following: "Jul 7 11:23:46 mail policyd-spf[19779]: 550 5.7.23 Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=...
Big X's user avatar
  • 21
0 votes
1 answer
2k views

DMARC appears to fail, multiple DKIM signatures with one matching the from address

I am using a free outlook account. In the outlook account management portal I have added an alias for my custom domain ([email protected]). With this I am able to send mails from this alias, ...
Jorn Vanloofsvelt's user avatar
0 votes
0 answers
1k views

DMARC, DKIM, or SPF? Emails going into quarantine

I have never had to deal with DKIM, DMARC, or SPF records before; however, our SPF record is full (10, Cloudflare) and I have a vendor whose emails aren’t making it to our mailboxes. I made ...
Cody's user avatar
  • 1
0 votes
1 answer
370 views

How to stop spammer spoofing my domain for emails

I've scanned all my code and even changed the passwords to my google apps account such that the SMTP password has changed. However, spammers are still sending emails from June24-eBay-USA-contactmsg-...
ParoX's user avatar
  • 302
0 votes
1 answer
123 views

DMARC report with passing O365 DKIM signature being sent by Google server

The dmarc report values are as follows: dkim_domain : mydomain.onmicrosoft.com dkim_result : pass selector : selector1-mydomain-onmicrosoft-com header_from : mydomain spf_domain : mydomain spf_result :...
Adam Winter's user avatar
-1 votes
1 answer
4k views

Unable to send email to gmail account from my mail server

I've created a mail server and have setup a PTR record from the ISP to my static IP server. The mail server works well and am able to send and receive emails and send mails to many email addresses ...
Nischit Pradhan's user avatar
11 votes
2 answers
47k views

How do I prevent the SPF_HELO_NONE warning when sending from Postfix?

When using a tool like https://dkimvalidator.com/ to verify configuration of DKIM, SPF, DMARC, etc. for sending mail from a web server, I get a warning like this: 0.0 SPF_HELO_NONE SPF: HELO does not ...
Walf's user avatar
  • 438
2 votes
2 answers
2k views

What problems are there with the SPF ‘ptr’ mechanism?

One of the mechanisms in SPF is ptr. This mechanism checks that a sender using some domain name connects from a (forward-confirmed) IP address pointing to a subdomain of that name. For example, when ...
glts's user avatar
  • 925
6 votes
2 answers
3k views

What's the benefit of SPF HELO Identity

I'm try to understand the benefit of the HELO Identity defined in RFC7208 (SPF). There is a mail server, let's say mail.example.com. This server is used as relay for different domains. In Section 2.4: ...
Alex's user avatar
  • 63
1 vote
0 answers
989 views

SPF neutral on mail sent with SMTP from Gmail. SPF pass on mail sent from inbox for that address on G Suite

The domain name I'm trying to debug is dallaspetsalive.org. This is a G Suite domain. When I log directly into my G Suite email account for the dallaspetsalive.org address and send an email, I get SPF ...
Katie Patterson's user avatar
1 vote
1 answer
844 views

DKIM signing for subdomain issue

I am in an environment that sends emails from different sources. We're a Google Workspace environment as well. The flow is as such: A user ([email protected]) in Gmail sends an email to an email group (...
Phyxiis's user avatar
  • 11
2 votes
1 answer
2k views

Correct SPF record to avoid softfail for emails sent from domain address using Gmail?

I have a domain address, such as [email protected], which forwards to Gmail. Gmail is configured to 'send email as' [email protected], using example.com's SMTP server. Emails sent from Gmail as me@example....
mix's user avatar
  • 121
17 votes
2 answers
3k views

DNS MX/SPF/DMARC records without actuall emails on domain

I created website for someone, but also someone (I guess some SEO guy) told this person that I made big mistake because there are missing DNS records on domain (mx, SPF, dmarc). Now I need to "...
norr's user avatar
  • 273
1 vote
1 answer
342 views

SPF and DMARC - how is the SPF policy used

My domain has a strict DMARC policy (p=reject) and a standard SPF policy with ~all catchall. My email provider is Google Workspace. I received an email spoofing my sender address. It came from 41.174....
chutz's user avatar
  • 8,080
25 votes
5 answers
8k views

Does DKIM alone not solve the spam issue? Why do I need SPF?

FINAL EDIT : I was completely wrong about DKIM it seems, the signing domain does not have to be the same as the sender domain, thus the whole premise for my question is flawed. A lot of thanks to Paul ...
cornergraf's user avatar
0 votes
0 answers
2k views

Allowing Messages from IP Address DMARC

I'm still learning infrastructure stuff and need to ask a question which relates to DMARC. A user in the organisation has an app which is sending marketing messages to staff within the business. The ...
RLBChrisBriant's user avatar
0 votes
1 answer
96 views

Is everything OK based on this DMARC report?

Do I understand it correct that everything is OK and I have both SPF and DKIM configured correctly based on this report from Google? <?xml version="1.0" encoding="UTF-8" ?> &...
IvanD's user avatar
  • 103
0 votes
2 answers
753 views

Is possible to use keywords a, mx and include together in SPF?

Is it possible to use them in the same SPF record? For example: Value TXT: v=spf1 mx a ptr ip4:46.16.60.0/23 a:cdmon.com mx:mail.solarmora.com include:srv.cat ~all
NeDark's user avatar
  • 473
0 votes
2 answers
912 views

Purpose of a and include keywords in SPF

In tutorial I found this example record for SPF, but the a and include keywords wasn't explained. I don't find accurate information about them in the internet. v=spf1 mx a ptr ip4:46.16.60.0/23 a:...
NeDark's user avatar
  • 473
11 votes
4 answers
21k views

SPF record -- why do we use `+a` alongside `+mx`?

Why do administrators mostly use +a alongside +mx in SPF records? This is the example: @ 10800 IN TXT "v=spf1 +a +mx -all" Isn't it enough to only use +mx parameter e.g.: @ ...
71GA's user avatar
  • 403
0 votes
1 answer
2k views

SPF and OpenDMARC not working in Postfix

I am working on implementing SPF and OpenDMARC/DKIM to my mail servers. Currently I have two mail servers in different subnets, each with separate DNS server and domain name. They can exchange emails ...
MArhEV's user avatar
  • 19

1 2
3
4 5
18