Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1599
  • Last Modified:

Problems With SPF and GMAIL

Hi All
I am getting the following in GMAIL

Received-SPF: neutral (google.com: xx.xx.xx.xx.18 is neither permitted nor denied by best guess record for domain of me@news.mydomain.com) client-ip=xx.xx.xx.xx.18;

My SPF record is:
"v=spf1 ip4:xx.xx.xx.0/24 a mx a:news.mydomain.com a:mydomain.com mx:news.mydomain.com mx:mydomain.com  ~all"

Any clues ?

Thanks
0
http:// thevpn.guru
Asked:
http:// thevpn.guru
  • 6
  • 4
2 Solutions
 
jar3817Commented:
Looks ok, maybe google had trouble resolving it. That is a TXT record for your domain in public dns? Have you queried all authoritative servers to see if they all give the same answer?
0
 
http:// thevpn.guruAuthor Commented:
Can you present a sample dig to try ? Please
0
 
jar3817Commented:
dig @1.2.3.4 -t txt news.mydomain.com

Do this for each nameserver (changing the 1.2.3.4 to the ip or hostname of the dns server.
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
http:// thevpn.guruAuthor Commented:
Strange I got

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53051
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0


I.e. SERVFAIL
0
 
http:// thevpn.guruAuthor Commented:
OK fixed that now I am getting back the correct authorative answer on both servers.
0
 
jar3817Commented:
That was most likely your problem. Try sending email again and see if gmail sees the record now.
0
 
http:// thevpn.guruAuthor Commented:
Still same issue.
I am testing with http://www.kitterman.com/spf/validate.html


I get
Results - record processed without error.

The result of the test (this should be the default result of your record) was, ambiguous . The explanation returned was, SPF Ambiguity Warning: No MX records found for mx mechanism: news.mydomain.com

However a dig @x.y.z.c -t MX news.mydomain.com

Does correctly retrieve the MX record.



0
 
jar3817Commented:
Did you try the MX lookup on all your nameservers?
0
 
http:// thevpn.guruAuthor Commented:
Yeah I do have two I tried the dig on both
The MX record is being returned correctly for mydomian.com but not for news.mydomain.com
0
 
Xyptilon2Commented:
Does your news.mydomain.com have it's own zone file perhaps?
0
 
http:// thevpn.guruAuthor Commented:
I have one zone called mydomain.com and the subdomain is simply an A record in the same zone file and the MX record for the subdomain is also within the zone of the parent.

At current time if I do a spf check it works for the parent domain but not for the subdomain.

If I do a dig directly on both of my DNS servers both return correct values for the MX records of mydomain.com and news.mydomain.com however only tools do not show the MX record for the subdomain.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now