SPF Error - Can't send emails to few domains

I have recently setup SPF record for one of the clients and now it is causing few issues while sending emails to certain domains. It comes up with this error message:

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <[Our Domain] #5.5.0 smtp;550 SPF: [Server IP] is not allowed to send mail from [Our Domain]>

This network has SBS2003 and as exchange resides on SBS, that is the only IP address which is allowed to send emails out. And even in the error message, it is the same IP address listed that should have allowed the mail to send. This issue is only with few selected domains wheras the emails can be sent to other domains. Can this be an issue with the recepient's server (SPF check rule)? What is causing this issue?
LVL 6
MSWarriorAsked:
Who is Participating?
 
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Paste your spf record details here
0
 
MSWarriorAuthor Commented:
domain.co.uk. IN TXT "v=spf1 mx:mx1.domain.co.uk -all"
0
 
ilantzCommented:
are you sure that the ip of mx1.domain.co.uk = the external ip of the mailserver ?
might be that you are going with NAT outside and have a different ip when the mailserver access the internet ?

that's all i can think of, because your line is a correct syntax.
http://www.openspf.org/SPF_Record_Syntax
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
MSWarriorAuthor Commented:
Thanks ilantz.

Yes the IP address mentioned in the error is the same. On one of the email error messages, it actually had link for openspf.org and that suggested that I need to change my SPF record to this:

domain.co.uk. IN TXT  "v=spf1 mx:mx1.domain.co.uk a:mail.domain.co.uk -all"

I think, when the recepient server checks the sending IP it comes back as mail.domain.co.uk and in the the SPF record, it only had the mx:mx1.domain.co.uk. I don't know if the a:field and mx:field make any difference but I have added it and hopefully withing few hours it should be clear if this has resolved the issue. What do you think?
0
 
ilantzCommented:
humm sounds weird but then again .. i too always configure a: or ipv4 entries in my SPF records...

i'll rather just use the ip , because there's no way to go wrong there. just my point of view.

good luck mate!
0
 
jar3817Commented:
You could try ~all at the end instead of -all to cause a softfail rather than a fail. This should still allow your email to be delivered, but maybe marked. At least until you sort out the record. I agree with ilantz, use the IP address rather than the name, if DNS goes down or has a hiccup, you're screwed.
0
 
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
It's always better to use the ip address in the spf record. I am pretty sure that it will correct the issues that you are having with a few domains.

Rajith.
0
 
MSWarriorAuthor Commented:
HI Guys,

As discussed above in my last message, I have tried adding the a:mail.domain.co.uk field to the SPF record and it is still giving few error messages while sending emails to certain domains. Here is one:

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator. <domain.co.uk #5.5.0 smtp;550 SPF check failed. Sender not authorized>

Now I made the changes yesterday at about 13:15 and assume that they should have been processed by now. I have checked it on Microsoft SPF wizard and it is returning the correct SPF record. Do you think that this error message will be gone if I change the a: field and mx: field in the SPF record to contain IP addresses? If so is this the correct syntax:
domain.co.uk. IN TXT  "v=spf1 mx:SERVER IP a:SERVER IP -all"
(Is it just a: that I need to change or both a: and mx:)
0
 
ilantzCommented:
just keep the ip in the record , remove the MX "v=spf1 ip4:192.168.0.1 -all"
i like to check my spf with google for instance (gmail) and look in the message header to see if it works :)
0
 
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Put the actual ip address and don't use the dns names (mail.domain.co.uk).

eg: v=spf1 ip4:1.2.3.4 -all
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.