[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 974
  • Last Modified:

SPF record doesnt work

We are getting spams of rejected messages from other domain that people are trying to send emails as our domain.

I created a SPFrecord for rubner.co.il but it seem not work, and its even getting worse, i cant understand the behave.

1) still getting spam that people are trying to send email from our domain
2) Some email that is being sent from some email account is being blocked by the SPF, the weird thing it only blocks some destinations, not all of them!

i really need help in setting that SPF record.

the domain is rubner.co.il
and the only pop server is: pop.asia.secureserver.net
and the only smtp server is smtpout.secureserver.net

2) errors

-----Original Message-----
From: MAILER-DAEMON@sg2plout10-01.prod.sin2.secureserver.net
Sent: Wednesday, September 12, 2012 1:10 PM
To: removed@rubner.co.il
Subject: failure notice

Hi. This is the qmail-send program at
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<removed@yedid.net>: does not like recipient.
Remote host said: 550 5.1.1 <removed@yedid.net>: Recipient address
rejected: User unknown in relay recipient table
Giving up on

Connected to but sender was rejected.
Remote host said: 550 5.7.1 SPF verification failed

Connected to but sender was rejected.
Remote host said: 550 5.7.1 SPF verification failed

Connected to but sender was rejected.

1) error
  • 3
  • 2
1 Solution
JAN PAKULAICT Infranstructure ManagerCommented:
i have check dns records for you smtp server domain



start of authority expired.

SOA EXPIRE      Your SOA EXPIRE number is: 2592000. That is NOT OK

and mx record for this domain is


nslookup shows that smtpout.secureserver.net is an alias of smtpout.where.secureserver.net

Name:    smtpout.where.secureserver.net
Aliases:  smtpout.secureserver.net

also you have different mx for this domain (different from what you are using)
this is secureserver,net MX record (different Ips)
Non-authoritative answer:
Name:    smtp.secureserver.net

For SPF to work properly you will need to include all smtp server you are using.

Dave BaldwinFixer of ProblemsCommented:
I can't find an IP for "rubner.co.il".  It doesn't show up anywhere.
JAN PAKULAICT Infranstructure ManagerCommented:
same here:)
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

yairgeAuthor Commented:


there is no A record for www.rubner.co.il or rubner.co.il
there are for pop.rubner.co.il

janpakula, could you supply the syntax for the SPF record please?
Dave BaldwinFixer of ProblemsCommented:
That link lists the registration record but there is still no DNS, no IP address.
JAN PAKULAICT Infranstructure ManagerCommented:
in your dns
Create a TXT record containing this text:

"v=spf1 mx -all"

Allow domain's MXes to send mail for the domain, prohibit all others. - probably best option.


"v=spf1 mx ~all"

SoftFail      The SPF record has designated the host as NOT being allowed to send but is in transition      accept but mark

or if you sure about your mx records

"v=spf1 include:pop.asia.secureserver.net -all"

it will pass check only from this server all others will fail and wont be able to send messages-

also check that for reference



Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now