Link to home
Start Free TrialLog in
Avatar of whistlerwebdev

asked on

help with SPF record please

I am trying to help a client of my set up an SPF record for his domain. He has the need to authenticate mail from three locations

1. his domain which is set up with google apps mail

2. Via a third party booking engine that sends mail from the domain

3. Via campaign monitor ( which is an email distribution system.

This is the following SPF that I created

v=spf1 a mx ~all

I set this up but when I try and verify with i get the following

Results - PermError SPF Permanent Error: No valid SPF record for included domain:

and any messages sent from on behalf end up in my gmail spam folder

Can somebody please verify this is correct?

Does also have to publish an spf record? and if show what is it that they need to set?

I hacked this together from various sources

1) google apps help -]SPF records - Google Apps Help

which says to set the following v=spf1 ~all

2) Campaingmonitor help

Which says to set - v=spf1 mx ~all

Below is the mail header from one of the messages sent from

Received: by with SMTP id v4cs105047ibc;
Mon, 28 Feb 2011 13:54:38 -0800 (PST)
Received: by with SMTP id y15mr5389341wbw.38.1298930077969;
Mon, 28 Feb 2011 13:54:37 -0800 (PST)
Return-Path: <>
Received: from ([])
by with ESMTPS id p44si7256090wej.197.2011.
(version=TLSv1/SSLv3 cipher=OTHER);
Mon, 28 Feb 2011 13:54:36 -0800 (PST)
Received-SPF: neutral ( is neither permitted nor denied by best guess record for domain of

Authentication-Results:; spf=neutral ( is neither permitted nor denied by best guess record for domain of
Received: from (localhost.localdomain [])
by (8.13.1/8.13.1) with ESMTP id p1SLsT8X032018
for <>; Mon, 28 Feb 2011 16:54:29 -0500
Received: (from apache@localhost)
by (8.13.1/8.13.1/Submit) id p1SLsTll032016;
Mon, 28 Feb 2011 16:54:29 -0500
Date: Mon, 28 Feb 2011 16:54:29
Avatar of VespaMaru
Flag of United States of America image

The SPF record should be put in the DNS zone.

Since it is in that zone, you don't need the '' entry, so you can delete that portion: IN TXT "v=spf1 a mx ~all"

Once I removed that part it passed the syntax test.  You can also use a wizard to make your SPF entry:
Avatar of whistlerwebdev


Thanks for your quick comment.

I am sorry I am a bit new to this and as such am confused

Don't I need to add the SPF to my clients domain's  DNS which is

it's that domain that sends mail out through google apps is a 3rd party newsletter server and is another  thrid party booking widget that both send out email from their 3rd party servers on behalf of

From what I got out of my research i need to create the SPF on my clients DNS and sounds like should have some sort of SFP  in place as well. Am I completely confused here?

also I re-ran the test with the adjusted string you supplied and the out put was

The result of the test (this should be the default result of your record) was, ambiguous . The explanation returned was, SPF Ambiguity Warning: No A records found for: 

Should I be concerned about the SPF ambifuity warning?
Ah, OK. You COULD add: IN TXT "v=spf1 a mx ~all"

to your zone.  It will fail though as it will include all SPFs from, and The problem is that does not yet have an SPF record.  

To avoid creating a SPF in you use this record in the zone: IN TXT "v=spf1 a mx ~all"

Instead of the include, we set it to allow from MX record addresses.
awsome thanks.... I could ask to create an spf record if I did that what should I ask them to create? and is there any advantage to doing that over just using there MX records as you have proposed?
Avatar of VespaMaru
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial