Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SPF failure

Posted on 2014-11-06
3
286 Views
Last Modified: 2014-11-10
Hi Guys,

I am getting this issue

Why did SPF cause my mail to be rejected?

What is SPF?

SPF is an extension to Internet e-mail. It prevents unauthorized people from forging your e-mail address (see the introduction). But for it to work, your own or your e-mail service provider's setup may need to be adjusted. Otherwise, the system may mistake you for an unauthorized sender.

Note that there is no central institution that enforces SPF. If a message of yours gets blocked due to SPF, this is because (1) your domain has declared an SPF policy that forbids you to send through the mail server through which you sent the message, and (2) the recipient's mail server detected this and blocked the message.

mail1.telegael.com rejected a message that claimed an envelope sender address of leighdoyle@iradio.ie.

mail1.telegael.com received a message from relay.interpoint.ie (79.140.208.140) that claimed an envelope sender address of leighdoyle@iradio.ie.

However, the domain iradio.ie has declared using SPF that it does not send mail through relay.interpoint.ie (79.140.208.140). That is why the message was rejected.

If you are leighdoyle@iradio.ie:

iradio.ie should have given you a way to send mail through an authorized server.

If you are using a mail program as opposed to web-mail, you may need to update the "SMTP server" configuration setting according to your ISP's instructions. You may also need to turn on authentication, and enter your username and password in your mail program's options. Please contact your ISP for assistance.

If you run your own MTA, you may have to set a "smarthost" or "relayhost". If you are mailing from outside your ISP's network, you may also have to make your MTA use authenticated SMTP. Ideally your server should listen on port 587 as well as port 25.

If your mail was correctly sent, but was rejected because it passed through a forwarding service, as an interim solution you can mail the final destination address directly (it should be shown in the bounce message). See the forwarding best practices (or refer the recipient there) for the discussion of a proper solution.

If you need further help, see our support section for free support and professional consulting services.

If you are confident that your message did go through an authorized server:

The administrator of the domain iradio.ie may have incorrectly configured its SPF record. This is a common cause of mistakes.

Here's what you can do: Contact the iradio.ie postmaster and tell them that they need to change iradio.ie's SPF record so that it authorizes relay.interpoint.ie. For example, they could change the record to something like

v=spf1 include:spf.protection.outlook.com a:relay.interpoint.ie -all
If you refer your postmaster to this web page, they should be able to solve the problem.

If you did not send the message:

SPF successfully blocked a forgery attempt; someone tried to send mail pretending to be from leighdoyle@iradio.ie, but the message was rejected before anybody saw it. This means SPF is working as designed.


Do i need to get my hosting provider to add that last line in??
0
Comment
Question by:jonathanduane2010
  • 2
3 Comments
 
LVL 19

Accepted Solution

by:
Adam Farage earned 300 total points
ID: 40427647
I would contact your hosting provider, but I don't think your SPF is invalid. Your SPF record is calling out two records:

- spf.protection.outlook.com which is for Office 365
- relay.interpoint.ie, which his obviously your mail relay product

What I think is happening here is that the company you is not understanding that relay.interpoint.ie is actually on the SPF (which is valid, I checked). I suppose you can fix this by changing the SPF to include the IP of relay.interpoint.ie but that IP needs to be static (as shown above). The BIND DNS command would look like this, and if you send it to your provider they should understand it:

iradio.ie.  IN TXT "v=spf1 mx a ip4:79.140.208.140 a:spf.protection.outlook.com include:relay.interpoint.ie -all"

Open in new window


This is something you should discuss with them, as this is a weird situation. The domain complaining about this has the name listed on the SPF record, so *shrugs* I am kinda lost.
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 200 total points
ID: 40430923
@Adam Shouldn't "a:spf.protection.outlook.com"  be "include:spf.protection.outlook.com"?
0
 
LVL 19

Expert Comment

by:Adam Farage
ID: 40432443
in theory, what I wrote above is the BIND command for it (include didnt work in my linux lab).
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PHP contact form that lets the user to contact the company through email contact form. A button is fixed at the bottom of site, on clicking a new window will open where a user can send the email.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question