johnyu1997
asked on
Spf softfail in gmail
I need to add a spf record to avoid spoofing and I use register.com as dns provider. They told me to add the following into the txt record.
@ "v=spf1 include:spf.registeredsite
I did that. When I sent a test mail to my gmail account, the mail went through but the header showed me it is has a softfail and the error message is as following:
pf=softfail (google.com: domain of transitioning me@mysite.com does not designate 192.168.0.1 as permitted sender) smtp.mailfrom= me@mysite.com;
For your information, my A record is the following:
*.mysite.com 10.10.0.1 <- webserver
mail.mysite.com 192.168.0.1 <- emailserver
Note: Please pardon the email address and ip addresses in this post are not real for security reason.
@ "v=spf1 include:spf.registeredsite
I did that. When I sent a test mail to my gmail account, the mail went through but the header showed me it is has a softfail and the error message is as following:
pf=softfail (google.com: domain of transitioning me@mysite.com does not designate 192.168.0.1 as permitted sender) smtp.mailfrom= me@mysite.com;
For your information, my A record is the following:
*.mysite.com 10.10.0.1 <- webserver
mail.mysite.com 192.168.0.1 <- emailserver
Note: Please pardon the email address and ip addresses in this post are not real for security reason.
ASKER
What is v=spf1 include:spf.registeredsite
ASKER
Can I use v=spf1 include:mail.mysite.com ~all instead then I don't have to mess with the ip address?
Side note: Unless you have a static IP, an ongoing valid SPF is problematic. I found a better solution is to send through an SMTP relay service such as SMTP2Go and use the relayer's outgoing IP address / CIDR block in my SPF record.
Then you have solid and valid SPF, plus the relaying MTA usually does spam-checking on the outgong messages to make sure that they (a) aren't and (b) don't look like spam. Most relayers will relay a couple thousand messages a month for free, and for a few fractions of a cent above that.
Then you have solid and valid SPF, plus the relaying MTA usually does spam-checking on the outgong messages to make sure that they (a) aren't and (b) don't look like spam. Most relayers will relay a couple thousand messages a month for free, and for a few fractions of a cent above that.
There is a need to add the mail server IP to the TXT record and like the below is assuming I am using railgun as my email server. For you case is mysite.com.
v=spf1 ip4:xxx.xxx.xxx.xxx include:mailgun.org ~all
Likewise, if you are sending using a Gmail address, you should send using the Gmail SMTP servers. So, if you are sending using a Gmail address, you should send using the Gmail SMTP servers.
v=spf1 ip4:xxx.xxx.xxx.xxx include:mailgun.org ~all
Likewise, if you are sending using a Gmail address, you should send using the Gmail SMTP servers. So, if you are sending using a Gmail address, you should send using the Gmail SMTP servers.
... and (side issue again) choose a relaying MTA carefully, and before you sign on with them go out and goofle around to see if that MTA has a reputation as a spam source. For example (nudges and winks at btan) over the past few years I've seen so much spam emanating from mailgun CIDR blocks that I perma-blocked them all using iptables.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You'd think this would be simple. More complex that you might imagine.
Provide your actual domain name + someone can test your SPF + DKIM + DMARC records for you.
Better to test + know, then guess.
Provide your actual domain name + someone can test your SPF + DKIM + DMARC records for you.
Better to test + know, then guess.
ASKER
Thank you to Mal Osborne! Perfect solution and well explained.
ASKER
Thank you to Mal Osborne! Perfect solution and well explained.
The TXT record will look something like this:
“v=spf1 ip4:192.168.0.1 ~all”
Source: http://www.x-pose.org/2013/10/22/how-to-designate-an-ip-address-as-permitted-sender/