snoopaloop
asked on
How do i merge the two SPFs?
I think the autotask was added later by someone? How do i merge the two SPFs?
v=spf1 +a +mx +ip4:66.147.2.2 ?all
v=spf1 include:autotask.net ~all
v=spf1 +a +mx +ip4:66.147.2.2 ?all
v=spf1 include:autotask.net ~all
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok, so remove the IP address since Autotask is sending the support emails for me? Also, Google MX toolbox is complaining about these issues too.
https://toolbox.googleapps.com/apps/checkmx/check?domain=domainname.com
DKIM is not set up.
DMARC is not set up.
There should not be a mail exchanger set up on naked domain name.
Again, I'm not sending emails through support, Autotask is. Should I be concerned?
https://toolbox.googleapps.com/apps/checkmx/check?domain=domainname.com
DKIM is not set up.
DMARC is not set up.
There should not be a mail exchanger set up on naked domain name.
Again, I'm not sending emails through support, Autotask is. Should I be concerned?
Any address your domain is mentioned (as someone@yourdomain.example .com ) in sent mail from needs to be present in the SPF.
preferably as ip4: & ip6: entries. When using autotask the SPF of autotask needs to be included as well.
DKIM is somthing different from SPF, it requires the last mailserver (the ones mentioned in SPF) do digitally sign the messages.
DMARC is telling what to do if SPF is missing/failing and of DKIM is missing/failing. (keep, drop, quarantine).
preferably as ip4: & ip6: entries. When using autotask the SPF of autotask needs to be included as well.
DKIM is somthing different from SPF, it requires the last mailserver (the ones mentioned in SPF) do digitally sign the messages.
DMARC is telling what to do if SPF is missing/failing and of DKIM is missing/failing. (keep, drop, quarantine).
ASKER
Ok. This question all stems from a third party trying to send to support email address. I have since made some adjustments since this post but the problem now is intermittent. They can send emails to support every once in a while but for the most part, they receive a bounce back message.
The response was:
Your email to group Support@mydomain.com was rejected due to spam classification. The owner of the group can choose to enable message moderation instead of bouncing these emails. More information can be found here: https://support.google.com/a/answer/168383.
The response was:
Your email to group Support@mydomain.com was rejected due to spam classification. The owner of the group can choose to enable message moderation instead of bouncing these emails. More information can be found here: https://support.google.com/a/answer/168383.
You are the receiver of the mail.... not the sender?...
If you are the receiver then the send let's say they are sending from example.com then example.com needs the SPF & DKIM settings. not your system.... (anyone@example.com -> you@mydomain.com)
If you are the sender from someone@mydomain.com then mydomain.com 's server needs to be mention in mydomain.com's SPF & DKIM needs to be set up. (someone@mydomain.com -> remote@example.org)
SPF & DKIM try to legitimize the correct senders of mail. Receivers can then check the DNS config info to verify if the mail from server 192.0.2.1 from anyone@example.com . It can then validate if 192.0.2.1 is indeed the server authorized for sending mail from domain example.com. When DKIM is present (encrypted hash using a private key known to authorized mailer hash of some email fields) where the public key can be requested from DNS ) the receiver can do another test on the authorisations of the source. (SPF can be somewhat spoofed is DNS can be manipulated).
If you are the receiver then the send let's say they are sending from example.com then example.com needs the SPF & DKIM settings. not your system.... (anyone@example.com -> you@mydomain.com)
If you are the sender from someone@mydomain.com then mydomain.com 's server needs to be mention in mydomain.com's SPF & DKIM needs to be set up. (someone@mydomain.com -> remote@example.org)
SPF & DKIM try to legitimize the correct senders of mail. Receivers can then check the DNS config info to verify if the mail from server 192.0.2.1 from anyone@example.com . It can then validate if 192.0.2.1 is indeed the server authorized for sending mail from domain example.com. When DKIM is present (encrypted hash using a private key known to authorized mailer hash of some email fields) where the public key can be requested from DNS ) the receiver can do another test on the authorisations of the source. (SPF can be somewhat spoofed is DNS can be manipulated).
ASKER
Yes, this is me... "If you are the receiver then the send let's say they are sending from example.com then example.com needs the SPF & DKIM settings. not your system.... (anyone@example.com -> you@mydomain.com)"
Can you provide specific instruction for this setup?
Can you provide specific instruction for this setup?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks
if a is the same as the ip4 given for you domain then remove the a it then only delays processing.
ip4 / ip6 are the best to be used if possible. a is only there for cases where the IP address various over time.