We help IT Professionals succeed at work.

SPF Error - Can't send emails to few domains

MSWarrior
MSWarrior asked
on
1,187 Views
Last Modified: 2012-05-06
I have recently setup SPF record for one of the clients and now it is causing few issues while sending emails to certain domains. It comes up with this error message:

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <[Our Domain] #5.5.0 smtp;550 SPF: [Server IP] is not allowed to send mail from [Our Domain]>

This network has SBS2003 and as exchange resides on SBS, that is the only IP address which is allowed to send emails out. And even in the error message, it is the same IP address listed that should have allowed the mail to send. This issue is only with few selected domains wheras the emails can be sent to other domains. Can this be an issue with the recepient's server (SPF check rule)? What is causing this issue?
Comment
Watch Question

Office 365 & Exchange Architect
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
domain.co.uk. IN TXT "v=spf1 mx:mx1.domain.co.uk -all"
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks ilantz.

Yes the IP address mentioned in the error is the same. On one of the email error messages, it actually had link for openspf.org and that suggested that I need to change my SPF record to this:

domain.co.uk. IN TXT  "v=spf1 mx:mx1.domain.co.uk a:mail.domain.co.uk -all"

I think, when the recepient server checks the sending IP it comes back as mail.domain.co.uk and in the the SPF record, it only had the mx:mx1.domain.co.uk. I don't know if the a:field and mx:field make any difference but I have added it and hopefully withing few hours it should be clear if this has resolved the issue. What do you think?

Commented:
humm sounds weird but then again .. i too always configure a: or ipv4 entries in my SPF records...

i'll rather just use the ip , because there's no way to go wrong there. just my point of view.

good luck mate!
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Rajith EnchiparambilOffice 365 & Exchange Architect

Commented:
It's always better to use the ip address in the spf record. I am pretty sure that it will correct the issues that you are having with a few domains.

Rajith.

Author

Commented:
HI Guys,

As discussed above in my last message, I have tried adding the a:mail.domain.co.uk field to the SPF record and it is still giving few error messages while sending emails to certain domains. Here is one:

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator. <domain.co.uk #5.5.0 smtp;550 SPF check failed. Sender not authorized>

Now I made the changes yesterday at about 13:15 and assume that they should have been processed by now. I have checked it on Microsoft SPF wizard and it is returning the correct SPF record. Do you think that this error message will be gone if I change the a: field and mx: field in the SPF record to contain IP addresses? If so is this the correct syntax:
domain.co.uk. IN TXT  "v=spf1 mx:SERVER IP a:SERVER IP -all"
(Is it just a: that I need to change or both a: and mx:)

Commented:
just keep the ip in the record , remove the MX "v=spf1 ip4:192.168.0.1 -all"
i like to check my spf with google for instance (gmail) and look in the message header to see if it works :)
Rajith EnchiparambilOffice 365 & Exchange Architect

Commented:
Put the actual ip address and don't use the dns names (mail.domain.co.uk).

eg: v=spf1 ip4:1.2.3.4 -all
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.