Solved

spf record

Posted on 2014-12-04
33
230 Views
Last Modified: 2014-12-05
The emails I send from has this problem

Received-SPF: none (google.com: server@11.myserver.com  does not designate permitted sender hosts)

And my sender adress  is info@01.myserver.com

How can I resolve this problem in cpanel?
Thank you
0
Comment
Question by:myyis
  • 15
  • 10
  • 4
  • +1
33 Comments
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 40480835
I assume you are trying to use Google Apps for your domain?  You need to create an SPF record for your domain.

Here are articles from Google on how to resolve the issue:

1. https://support.google.com/a/answer/178723?hl=en
2. https://support.google.com/a/answer/174125?hl=en

Dan
1
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 40480841
Dont think you can fix this using CPanel settings.

But you can sign up to use your personal @01.myserver.com address to essentially forward through Google's email servers using a personal gmail email account.

The setup is fairly straightforward and Google has a page dedicated to helping you get this setup correctly here:

Send mail from a different address or alias
https://support.google.com/mail/answer/22370?hl=en
0
 

Author Comment

by:myyis
ID: 40480878
Sorry guys  I have misleaded you. I don't have anything with google.

I have just send you this
"(Received-SPF: none (google.com: server@11.myserver.com  does not designate permitted sender hosts)"
 to show the problem. Extracted from  source of the email sent from: info@01.myserver.com to:myemail@gmail.com

Lot of my clients with business email addresses are complaining for not receiving emails from  info@01.myserver.com  (gmail or hotmail users receive though).
I think that the problem is the spf record therefore I have sent you the extract from the received email.

Thank you.
0
 
LVL 13

Assisted Solution

by:Ugo Mena
Ugo Mena earned 250 total points
ID: 40480904
You will need to setup an SPF record for your domain. Essentially a TXT DNS record at your registrar.

Sender Policy Framework (SPF) records allow domain owners to publish a list of IP addresses or subnets that are authorized to send email on their behalf.  The goal is to reduce the amount of spam and fraud by making it much harder for malicious senders to disguise their identity.

(https://en.wikipedia.org/wiki/Sender_Policy_Framework) For more information regarding SPF records.

(http://www.spfwizard.net/ ) Is a great site that will help walk you through getting your specific domain TXT record setup. Then it is simply a copy and paste into your DNS registrar.

Then you can use MXToolbox to lookup, test and double check your work:  (http://mxtoolbox.com/spf.aspx)
1
 
LVL 25

Expert Comment

by:Squinky
ID: 40480941
There is a misapprehension going on there. This is not an error, it's just a statement of fact, and it will have no negative impact on your ability too deliver messages.

You can improve things by adding an SPF record for your domain, but it's unlikely to have a major effect on this specific issue. SPF only really makes a difference to forged messages - it will make very little difference to legitimate ones.
0
 

Author Comment

by:myyis
ID: 40480948
Hi

Using the link I have created this record.

01.myserver.com.  IN TXT "v=spf1 mx a a:11.myserver.com ?all"

1. It looks ok?
2. Where shall put this to the cpanel of myserver.com or to the cpanel of 01.myserver.com ?
0
 
LVL 26

Assisted Solution

by:Dan McFadden
Dan McFadden earned 125 total points
ID: 40480960
The above message indicates (to me) that something did an SPF check on an email from "server@11.myserver.com" and did not find that server in the list of authorized senders for the domain "myserver.com"

Possibly treating that email as potential spam or a forged email.

I agree this is a informational message and indicates no error.  My question would be, can you verify that the email sent was received?

Dan
0
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 40480966
You need to add a record to the DNS server that supports your domain.
0
 
LVL 25

Assisted Solution

by:Squinky
Squinky earned 125 total points
ID: 40480982
It's not saying that it's from an unauthorised source, but that there are no listed sources at all, which is not anything of value to do spam filtering on. The only thing of real value for SPF is an outright fail, which isn't happening here. Treating a neutral or softfail result as a spam indicator is an RFC contravention, and would probably result in a very high false-positive rate.

No idea about cpanel, but ending your SPF with `?all` is essentially the same as not having one at all. I'd suggest `~all`, but you need to be reasonably sure of your sources.
0
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 40481017
On my domains, I'm using the following:  v=spf1 a mx -all

Dan
0
 

Author Comment

by:myyis
ID: 40481023
The email is sent by my server (11.myserver.com) not manually by me.
And I verify that the emails are received (I receive to my account myemail@gmail.com with the spf problem)
I also changed to

01.myserver.com.  IN TXT "v=spf1 mx a a:11.myserver.com ~all"

1. myserver.com  and 11.myserver.com  are at different servers. So to which server should I put the record
2. Is the record good?

Thank you
0
 

Author Comment

by:myyis
ID: 40481097
using this test I got
http://www.kitterman.com/spf/validate.html (01.myserver.com)

Input accepted, querying now...
evaluating v=spf1 +a +mx +ip4:XX.XX.XXX.XXX +include:11.myserver.com ~all ...
Results - record processed without error.

The result of the test (this should be the default result of your record) was, ambiguous . The explanation returned was, SPF Ambiguity Warning: No MX records found for mx mechanism:01.myserver.com

What shall I do?
0
 
LVL 25

Expert Comment

by:Squinky
ID: 40481107
It just means you don't have an MX record defined for your domain, so mail deliveries will fall back to the A record, but you've put mx in your SPF record so it's looking it up and failing. It's a harmless failure, but you can fix it either by defining an MX record or by removing the mx clause from your SPF. The + prefix on all your terms can be skipped as it's the default action.
0
 

Author Comment

by:myyis
ID: 40481144
Finally when I make this test  http://www.kitterman.com/test5.py

Mail sent from this IP address: XX.XX.XXX.XXX
Mail from (Sender): info@01.myserver.com
Mail checked using this SPF policy: v=spf1 +a +mx +ip4:XX.XX.XXX.XXX +include:11.myserver.com ~all
Results - PASS sender SPF authorized

But the received email has this error, Need time to propagate?

Received-SPF: none (google.com: server@11.myserver.com does not designate permitted sender hosts) client-ip=XX.XX.XXX.XXX;
Authentication-Results: mx.google.com;
       spf=none (google.com:server@11.myserver.com does not designate permitted sender hosts) smtp.mail=server@11.myserver.com
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 40481169
Nice work. Yes, probably needs time to propagate as that is the same error as before.
0
 
LVL 25

Expert Comment

by:Squinky
ID: 40481179
It's always a good idea to reduce TTL on your DNS records before changing them.
1
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 
LVL 13

Expert Comment

by:Ugo Mena
ID: 40481186
Seems a little strange...The results from Kitterman spf test indicate there may be something wrong with your DNS MX records
" No MX records found for mx mechanism:01.myserver.com"

What does an NSLOOKUP of your domain turn up? Is there a valid MX record for your domain.
0
 

Author Comment

by:myyis
ID: 40481215
Can you provide a link for NSLOOKUP?
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 40481231
on second thought, use MXToolbox Super tool to give you a more comprehensive domain lookup.

http://mxtoolbox.com/SuperTool.aspx?
0
 

Author Comment

by:myyis
ID: 40481239
Answer records
name                                 class                       type      data                                                                            time to live
01.myserver.com                IN                       MX          preference:0   exchange:      01.myserver.com      14400s      (4h)
0
 

Author Comment

by:myyis
ID: 40481256
mxtoolbox says no record exits
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 40481297
is myserver.com your actual domain? or are you obscuring the real name with that?
0
 

Author Comment

by:myyis
ID: 40481319
That's not my actual domain name, I don't prefer using the real name
0
 

Author Comment

by:myyis
ID: 40481324
Also I did an smpt check and it says, it this important?

SMTP Reverse DNS Mismatch      Warning - Reverse DNS does not match SMTP Banner
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 40481351
That is certainly part of the problem. Your email server IP address and the domain name it is sending from need to match in DNS records.

Since your MX record is missing you should get that record set in your public DNS server first, that should be your SMTP server address.

That MX record is also what needs to be listed in your SPF record (either domain name or IP address) for the reverse DNS query to match.
0
 

Author Comment

by:myyis
ID: 40481353
Also I have checked cpanle and see that there is an MX record for 01.myserver.com

I think  mxtoolbox does not check the subdomain and just checks the myserver.com
0
 

Author Comment

by:myyis
ID: 40481369
At cpanel says

"An MX (mail exchanger) entry tells a client which server receives mail sent to a domain name."

Therefore Mx seems to be unrelated with my problem, since my problem about sending mails. Am I wrong?
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 40481414
most of the time the SMTP server is also the MX record for a domain.

Parent domain does not always handle email for a sub-domain. In any case, the MX record for a domain or subdomain should exist in the DNS records for the parent domain.

Do you manage the email server for your domain? Or is it hosted somewhere else?
0
 

Author Comment

by:myyis
ID: 40481424
The subdomain  is at another server and I manage the emails there (using cpanel)
0
 

Author Comment

by:myyis
ID: 40481446
I also added the mx entry to  myserver.com

I see 2 entries now

Priority  0   myserver.com
Priority  1  01.myserver.com

But still mxtoolbox says there is no record. Does that take time?
0
 
LVL 13

Accepted Solution

by:
Ugo Mena earned 250 total points
ID: 40481502
Ok. Your SPF record needs to include both (all) servers that may send email for your domain (which also includes the subdomain).

The record should start with something like this:

v=spf1 a:myserver.com a:01.myserver.com .....
0
 

Author Comment

by:myyis
ID: 40481682
Ok I did, need time to propagate?
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 40481723
shouldn't take too long, but yes it will need a little time to propagate.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now