Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1603
  • Last Modified:

SPF Records, GoDaddy, Exchange, incoming rejected?


I have two different domains with

1. Domain1 exists only on GoDaddy with their MX record, nothing has been changed on this account in years.

2. Domain2's DNS Zone file is with GoDaddy and had their MX record until recently.  I have modified the MX record to point to my in-house Exchange server.  My Exchange server receives the incoming email and looks for a box.  If no box exists it sends it to GoDaddy to find a box there.

Up until 3/6 all emails for both domains were working fine.  On 3/9 I found out a few emails that were sent to were rejected due to SPF Record Unauthorized.  Same company that has been sending me emails without issue and all of a sudden cannot send me emails.

Around the same time I started moving over to Exchange and changing the MX record to point to me directly.

On that domain I have multiple complaints from companies indiicating their emails are bouncing with the same error.  However; I do not believe they are bouncing if a box exists on the Exchange server (I will have to double check that).


Therefore, my questions are:

1. Why the sudden rejection, especially on a domain that hasn't changed?
2. Are the email headers for incoming email being modified when it passes through my Exchange server (for Domain2) and therefore being rejected by GoDaddy when my Exchange server passes it onto GoDaddy?

If you think number 2 is true then why does it only reject a few?

Thank you for your time and help.
Adam D
Adam D
  • 4
  • 2
3 Solutions
Godaddy checks incoming mail using SPF records - i.e. they check if server that sends mail is authorized to do so and the incoming mail is not spoofed.
To the best of my knowledge it is a global setting, enabled for all Godaddy customers and it can't be disabled by customer account or domain.

It looks like that the problem with domain1 lays on the sender side. The owner of the domain1 either recently published incorrect SPF records or  made changes to the sending servers (for example add a server or change existing server IP) without updating SPF records.  From my experience,  it happens quite often as usually different people responsible for mail server and for the DNS records
On the Domain2 the change you made caused the problem.
Before the change all the companies with published SPF records were successfully sending mail, because mail was passing SPF validation by Godaddy.

What happens now is the mail from these companies goes to your Exchange server (where you don't care about SPF), then some mail for users that are not present on Exchange is going to Godaddy.  
So from Godaddy prospective it looks like your server is sending mail to Godaddy on behalf of all these companies.
Since your server is not listed in SPF records for all these companies as authorized server, Godaddy bounces these mails as spoofed!

I would try to setup the other way where mail shall go to Goddady first and then, if recipient mail box is not present, let Godaddy send mail to your Exchange server
Adam DIT Solutions DeveloperAuthor Commented:
Thanks for your reply and information.

I had thought about that problem with Exchange being the "middleman."  Unfortunately I cannot setup GoDaddy to redirect if no box is found and this will be moot soon; but I would like to know how I can pass along the headers to GoDaddy when coming from Exchange so I can avoid this issue.

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

The passing of the headers - even if possible - is not going to help.
Goddady is looking for an IP of connecting server (your Exchange server) and matching it against SPF records published in DNS

I would try to contact Godaddy support to see if they have an option to disable SPF check for a domain or an account. It was not an option in the past, but things might have changed...
Adam DIT Solutions DeveloperAuthor Commented:
No, already checked. Global only...

No other solution?
Sorry, I can't think of any other practical solutions :(
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now