?
Solved

Problems With SPF and GMAIL

Posted on 2008-10-31
11
Medium Priority
?
1,584 Views
Last Modified: 2013-12-18
Hi All
I am getting the following in GMAIL

Received-SPF: neutral (google.com: xx.xx.xx.xx.18 is neither permitted nor denied by best guess record for domain of me@news.mydomain.com) client-ip=xx.xx.xx.xx.18;

My SPF record is:
"v=spf1 ip4:xx.xx.xx.0/24 a mx a:news.mydomain.com a:mydomain.com mx:news.mydomain.com mx:mydomain.com  ~all"

Any clues ?

Thanks
0
Comment
Question by:http:// thevpn.guru
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
11 Comments
 
LVL 26

Expert Comment

by:jar3817
ID: 22848912
Looks ok, maybe google had trouble resolving it. That is a TXT record for your domain in public dns? Have you queried all authoritative servers to see if they all give the same answer?
0
 
LVL 19

Author Comment

by:http:// thevpn.guru
ID: 22848980
Can you present a sample dig to try ? Please
0
 
LVL 26

Expert Comment

by:jar3817
ID: 22849323
dig @1.2.3.4 -t txt news.mydomain.com

Do this for each nameserver (changing the 1.2.3.4 to the ip or hostname of the dns server.
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 19

Author Comment

by:http:// thevpn.guru
ID: 22849425
Strange I got

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53051
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0


I.e. SERVFAIL
0
 
LVL 19

Author Comment

by:http:// thevpn.guru
ID: 22849534
OK fixed that now I am getting back the correct authorative answer on both servers.
0
 
LVL 26

Expert Comment

by:jar3817
ID: 22850229
That was most likely your problem. Try sending email again and see if gmail sees the record now.
0
 
LVL 19

Author Comment

by:http:// thevpn.guru
ID: 22850654
Still same issue.
I am testing with http://www.kitterman.com/spf/validate.html


I get
Results - record processed without error.

The result of the test (this should be the default result of your record) was, ambiguous . The explanation returned was, SPF Ambiguity Warning: No MX records found for mx mechanism: news.mydomain.com

However a dig @x.y.z.c -t MX news.mydomain.com

Does correctly retrieve the MX record.



0
 
LVL 26

Accepted Solution

by:
jar3817 earned 1000 total points
ID: 22857502
Did you try the MX lookup on all your nameservers?
0
 
LVL 19

Author Comment

by:http:// thevpn.guru
ID: 22857524
Yeah I do have two I tried the dig on both
The MX record is being returned correctly for mydomian.com but not for news.mydomain.com
0
 
LVL 13

Assisted Solution

by:Xyptilon2
Xyptilon2 earned 1000 total points
ID: 22865361
Does your news.mydomain.com have it's own zone file perhaps?
0
 
LVL 19

Author Comment

by:http:// thevpn.guru
ID: 22865374
I have one zone called mydomain.com and the subdomain is simply an A record in the same zone file and the MX record for the subdomain is also within the zone of the parent.

At current time if I do a spf check it works for the parent domain but not for the subdomain.

If I do a dig directly on both of my DNS servers both return correct values for the MX records of mydomain.com and news.mydomain.com however only tools do not show the MX record for the subdomain.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question