Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SPF Records, GoDaddy, Exchange, incoming rejected?

Posted on 2012-03-20
6
Medium Priority
?
1,554 Views
Last Modified: 2012-06-21
Hello.

I have two different domains with GoDaddy.com.

1. Domain1 exists only on GoDaddy with their MX record, nothing has been changed on this account in years.

2. Domain2's DNS Zone file is with GoDaddy and had their MX record until recently.  I have modified the MX record to point to my in-house Exchange server.  My Exchange server receives the incoming email and looks for a box.  If no box exists it sends it to GoDaddy to find a box there.

===================
Up until 3/6 all emails for both domains were working fine.  On 3/9 I found out a few emails that were sent to Domain1.com were rejected due to SPF Record Unauthorized.  Same company that has been sending me emails without issue and all of a sudden cannot send me emails.

Around the same time I started moving Domain2.com over to Exchange and changing the MX record to point to me directly.

On that domain I have multiple complaints from companies indiicating their emails are bouncing with the same error.  However; I do not believe they are bouncing if a box exists on the Exchange server (I will have to double check that).

================

Therefore, my questions are:

1. Why the sudden rejection, especially on a domain that hasn't changed?
2. Are the email headers for incoming email being modified when it passes through my Exchange server (for Domain2) and therefore being rejected by GoDaddy when my Exchange server passes it onto GoDaddy?

If you think number 2 is true then why does it only reject a few?

Thank you for your time and help.
0
Comment
Question by:Adam D
  • 4
  • 2
6 Comments
 
LVL 17

Assisted Solution

by:fgrushevsky
fgrushevsky earned 2000 total points
ID: 37744712
Godaddy checks incoming mail using SPF records - i.e. they check if server that sends mail is authorized to do so and the incoming mail is not spoofed.
To the best of my knowledge it is a global setting, enabled for all Godaddy customers and it can't be disabled by customer account or domain.

It looks like that the problem with domain1 lays on the sender side. The owner of the domain1 either recently published incorrect SPF records or  made changes to the sending servers (for example add a server or change existing server IP) without updating SPF records.  From my experience,  it happens quite often as usually different people responsible for mail server and for the DNS records
0
 
LVL 17

Assisted Solution

by:fgrushevsky
fgrushevsky earned 2000 total points
ID: 37744743
On the Domain2 the change you made caused the problem.
Before the change all the companies with published SPF records were successfully sending mail, because mail was passing SPF validation by Godaddy.

What happens now is the mail from these companies goes to your Exchange server (where you don't care about SPF), then some mail for users that are not present on Exchange is going to Godaddy.  
So from Godaddy prospective it looks like your server is sending mail to Godaddy on behalf of all these companies.
Since your server is not listed in SPF records for all these companies as authorized server, Godaddy bounces these mails as spoofed!

I would try to setup the other way where mail shall go to Goddady first and then, if recipient mail box is not present, let Godaddy send mail to your Exchange server
0
 
LVL 1

Author Comment

by:Adam D
ID: 37750038
Thanks for your reply and information.

I had thought about that problem with Exchange being the "middleman."  Unfortunately I cannot setup GoDaddy to redirect if no box is found and this will be moot soon; but I would like to know how I can pass along the headers to GoDaddy when coming from Exchange so I can avoid this issue.

Thanks.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 17

Accepted Solution

by:
fgrushevsky earned 2000 total points
ID: 37750168
The passing of the headers - even if possible - is not going to help.
Goddady is looking for an IP of connecting server (your Exchange server) and matching it against SPF records published in DNS

I would try to contact Godaddy support to see if they have an option to disable SPF check for a domain or an account. It was not an option in the past, but things might have changed...
0
 
LVL 1

Author Comment

by:Adam D
ID: 37750226
No, already checked. Global only...

No other solution?
0
 
LVL 17

Expert Comment

by:fgrushevsky
ID: 37750283
Sorry, I can't think of any other practical solutions :(
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question