0

I set up a domain, SMTP mailserver etc on a Centos box a few months ago, including PTR records that looked like this:

pop PTR XX.XX.XX.XX.
www PTR XX.XX.XX.XX.
mail PTR XX.XX.XX.XX.

Everything seemed fine, and it passed standard checks on tools like mxtoolkit and intodns.

Since then, I've had problems with some domains blocking my emails, which I think I've narrowed to being the fault of a mismatch between the HELO hostname and the mx record, and I think I've solved that problem.

While diagnosing the problem, I used the tool https://www.mail-tester.com to check my outgoing emails for issues a spam filter might dislike, and it identified a pair of surprising ones:

Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses.

What we retained as your current SPF record is:

v=spf1" "a" "mx" "ip4:XX.XX.XX.XX" "?all

We found an SPF entry on your server but it has still not been propagated.

If you recently modified your DNS, please wait a few hours and then test again.

my-domain.com: No applicable sender policy available

And, identical except for the first line:

Sender ID is like SPF, but it checks the FROM address, not the bounce address.

What we retained as your current SPF record is:

v=spf1" "a" "mx" "ip4:XX.XX.XX.XX" "?all

We found an SPF entry on your server but it has still not been propagated.

If you recently modified your DNS, please wait a few hours and then test again.

my-domain.com: No applicable sender policy available

This doesn't make much sense to me. I haven't changed my PTR in months.

What actions can I take to force propagation?


I've seen Do changes in SPF records take time to propagate? and here's the results of what the first answer suggests. All seems fine to me.

dig +short @XX.XX.XX.XX -t TXT my-domain.com
"v=spf1" "a" "mx" "ipXX.XX.XX.XX" "?all"
[admin@vps ~]$ dig +short @XX.XX.XX.XX -t SOA my-domain.com
ns1.my-domain.com. root.my-domain.com. 2015120908 7200 3600 1209600 180
2
  • 2
    Check the helpline of where your DNS is hosted, seem a dns hoster problem.
    – yagmoth555
    Commented Feb 24, 2016 at 17:25
  • Pretty sure you shouldn't have all those " " in there - I might be wrong of course it might be an accepted standard but shouldn't it just be "v=spf1 a mx ip4:XX.XX.XX.XX ?all" Maybe it isn't propagating because of the format
    – Drifter104
    Commented Feb 24, 2016 at 17:46

1 Answer 1

5

Your SPF record as shown should be read as v=spf1amxip4:XX.XX.XX.XX?all due to the quotes in the record. This is NOT recognized as an SPF record. You want your SPF record to be v=spf1 a mx ip4:XX.XX.XX.XX ?all without all the quotes. If you do have the quotes in your SPF record remove them or add spaces within them.

You may want to search for your SPF record on a public DNS like 8.8.4.4 to see what is propagating.

1
  • Perfect, thanks! I'd inputted my SPF as a TXT record with spaces and without any quotes at all, like v=spf1 a mx ip4:XX.XX.XX.XX ?all, and the system was clearly adding quotes in a strange way. Inputting it again as "v=spf1 a mx ip4:XX.XX.XX.XX ?all", adding a single pair of doulbe quotes, worked and seemed to propagate almost instantly - I'm now getting full marks on mail checks. Commented Feb 25, 2016 at 9:28

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .