Solved

SPF Error - Can't send emails to few domains

Posted on 2009-05-05
10
1,101 Views
Last Modified: 2012-05-06
I have recently setup SPF record for one of the clients and now it is causing few issues while sending emails to certain domains. It comes up with this error message:

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <[Our Domain] #5.5.0 smtp;550 SPF: [Server IP] is not allowed to send mail from [Our Domain]>

This network has SBS2003 and as exchange resides on SBS, that is the only IP address which is allowed to send emails out. And even in the error message, it is the same IP address listed that should have allowed the mail to send. This issue is only with few selected domains wheras the emails can be sent to other domains. Can this be an issue with the recepient's server (SPF check rule)? What is causing this issue?
0
Comment
Question by:MSWarrior
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 24

Accepted Solution

by:
Rajith Enchiparambil earned 200 total points
ID: 24304134
Paste your spf record details here
0
 
LVL 6

Author Comment

by:MSWarrior
ID: 24304285
domain.co.uk. IN TXT "v=spf1 mx:mx1.domain.co.uk -all"
0
 
LVL 6

Assisted Solution

by:ilantz
ilantz earned 200 total points
ID: 24304347
are you sure that the ip of mx1.domain.co.uk = the external ip of the mailserver ?
might be that you are going with NAT outside and have a different ip when the mailserver access the internet ?

that's all i can think of, because your line is a correct syntax.
http://www.openspf.org/SPF_Record_Syntax
0
 
LVL 6

Author Comment

by:MSWarrior
ID: 24304450
Thanks ilantz.

Yes the IP address mentioned in the error is the same. On one of the email error messages, it actually had link for openspf.org and that suggested that I need to change my SPF record to this:

domain.co.uk. IN TXT  "v=spf1 mx:mx1.domain.co.uk a:mail.domain.co.uk -all"

I think, when the recepient server checks the sending IP it comes back as mail.domain.co.uk and in the the SPF record, it only had the mx:mx1.domain.co.uk. I don't know if the a:field and mx:field make any difference but I have added it and hopefully withing few hours it should be clear if this has resolved the issue. What do you think?
0
 
LVL 6

Expert Comment

by:ilantz
ID: 24304489
humm sounds weird but then again .. i too always configure a: or ipv4 entries in my SPF records...

i'll rather just use the ip , because there's no way to go wrong there. just my point of view.

good luck mate!
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 26

Assisted Solution

by:jar3817
jar3817 earned 100 total points
ID: 24304730
You could try ~all at the end instead of -all to cause a softfail rather than a fail. This should still allow your email to be delivered, but maybe marked. At least until you sort out the record. I agree with ilantz, use the IP address rather than the name, if DNS goes down or has a hiccup, you're screwed.
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24304939
It's always better to use the ip address in the spf record. I am pretty sure that it will correct the issues that you are having with a few domains.

Rajith.
0
 
LVL 6

Author Comment

by:MSWarrior
ID: 24312048
HI Guys,

As discussed above in my last message, I have tried adding the a:mail.domain.co.uk field to the SPF record and it is still giving few error messages while sending emails to certain domains. Here is one:

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator. <domain.co.uk #5.5.0 smtp;550 SPF check failed. Sender not authorized>

Now I made the changes yesterday at about 13:15 and assume that they should have been processed by now. I have checked it on Microsoft SPF wizard and it is returning the correct SPF record. Do you think that this error message will be gone if I change the a: field and mx: field in the SPF record to contain IP addresses? If so is this the correct syntax:
domain.co.uk. IN TXT  "v=spf1 mx:SERVER IP a:SERVER IP -all"
(Is it just a: that I need to change or both a: and mx:)
0
 
LVL 6

Expert Comment

by:ilantz
ID: 24312605
just keep the ip in the record , remove the MX "v=spf1 ip4:192.168.0.1 -all"
i like to check my spf with google for instance (gmail) and look in the message header to see if it works :)
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 24313750
Put the actual ip address and don't use the dns names (mail.domain.co.uk).

eg: v=spf1 ip4:1.2.3.4 -all
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now