SPF record preventing a user from sending e-mails

You can go to http://www.whois.com/whois/domainname.com which should tell you where the Nameservers for the domain are located.

You can also visit www.dnsstuff.com and run a domain report (might not be free).

Alan

One more question please:

I am right thinking that the SPF record which verify the sender does not match user address?

When I go to mxtoolbox.com and run a SPF check I get


Test      Result
OK      SPF Record Deprecated      There are no records of type SPF
OK      SPF Invalid Syntax              The SPF record is valid
OK      SPF No Records                      SPF record found
OK      SPF Multiple Records              Less than two SPF records found

So what could be the problem?

An SPF record publishes the mail servers that are permitted to send mail on behalf of a domain, so if someone sends an email, the recipient is able to check the SPF for the sending domain name to verify if the IP Address that the email is coming from is listed as one of the authorised servers to send mail on behalf of that domain.

If the check fails, then the recipient server is able to reject the mail with an SPF Fail result.

You can use the following site to check / verify an SPF record and the sending IP, so that you can get the SPF right.

http://www.kitterman.com/spf/validate.html

It is better to have no SPF record than a badly configured one.

If you want to post / email me the domain name and I can get more specific (I can hide the domain name here if you post it so that it doesn't become public property) / run the cheek for you.

Alan

Here you can see the explanation of usage of spf records:
http://helpwiki.easydns.com/index.php/Sender_Policy_Framework

ptr means that hostname(s) for the client IP address are looked from PTR (or reverse DNS) records.

In short, with SPF record you can specify from which hosts, servers and IP addresses can be sent mails from specified domain.

Oh - and by the way - welcome to Experts Exchange.  Hope you find it to be a useful and helpful site :)

Alan

Thanks

Here is the test.

SPF record lookup and validation for: domainname.com

SPF records are published in DNS as TXT records.

The TXT records found for your domain are:
v=spf1 mx ptr mx:mx.domainname.com mx:mx.domainname.com -all

Checking to see if there is a valid SPF record.

Found v=spf1 record for domainname.com:
v=spf1 mx ptr mx:mx.domainname.com mx:mx.domainname.com -all

evaluating...
SPF record passed validation test with pySPF (Python SPF library)!

I think he is the only user in his domain that get a rejected message.

Why is that any help please?

If the test passes - are you adding in all the correct settings for the particular user?

If you have an Exchange server - is the user configured to use Outlook Anywhere so that emails are actually sent from the server and not Outlook locally or is the user configured using a POP3 account?

Alan

In the SPF Test page, enter the IP that failed according to the rejection.  Enter the SPF record into the 2nd field, then the email address in the 3rd and the FQDN on the SEND Connector of your Exchange server and then test.

Does it pass still?

Apparently  I cannot test the SPF I am unable to enter the SPF format correctly

mbiguous SPF Ambiguity Warning: No MX records found for mx mechanism: mx.domain.com

I hid the domain name you may have inadvertently posted :)

According to the DNS Report I ran on the domain name, you use Google for Mail.

Your SPF record should work with just the following info:

v=spf1 mx ptr -all

Anything else is just a waste of time (not to mention incorrectly configured).

You may also want to check with Google that the SPF record you have configured is correct and amend it accordingly.

NO I meant to give it to you in my last post

Ah - not a problem.  Thank you.  Details all hidden.

The IP Address you posted will fail the SPF check as it isn't a Postini IP Address / isn't included within the scope of the MX part of the SPF record.

Is that the sending IP for all users or just this one problem user?

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <server.domain.com #5.5.0 smtp;550 SPF: 207.xxx.xx.200 is not allowed to send mail from domain.com>

The user gets this msg when he sends an e-mail

I am confused now What should I do?

Looks like the control panel for the domain is located here:

http://www.dotster.com

You will need to login (or ask George for details) and then change the SPF record to the one listed above (v=spf1 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:74.125.148.0/22 ip4:74.125.244.0/22 ip4:123.45.6.7 ~all) and the problem should go away.

Do you know if you / George has access to this site to login?

Alan

I will check when I get in touch...

Thanks very much for your help .. I will keep you updated.

Just a thought though

Why he is the only user in the domain who can not send e-mails?

I think the rest of the users are fine!

Thanks

and where did you get these ip addresses from pleas? ip4:64.18.0.0/20 74.125.148.0/22

74.125.244.0/22 ip4:123.45.6.7 ?

From the link I posted above.

https://support.google.com/postini/answer/132370?hl=en

Does he always face the problem or only when at home / away from the office, or is it just certain domains he sends to?