• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

HELP - SPF DNS record preventing mail being sent

K

kuhle

Guest
Can anybody help? I have a domain with a TXT record of
v=spf1 a mx ptr -all
Click to expand...

When trying to send an email to one particular customer, we get it undelivered with teh following message:

The mail system
<email address of recipient>: host recipientdomain.com[81.138.175.161] said: 550 failed
to meet SPF requirements (in reply to MAIL FROM command)
Click to expand...

Then I checked SPF and got:
Checking to see if there is a valid SPF record.

Found v=spf1 record for mydomain.com
v=spf1 a mx ptr -all

evaluating...
SPF record passed validation test with pySPF (Python SPF library)!
Click to expand...

but the SPF checking tool gives:
Input accepted, querying now...
evaluating v=spf1 a mx ptr -all ...
Results - record processed without error.

The result of the test (this should be the default result of your record) was, ambiguous . The explanation returned was, SPF Ambiguity Warning: No A records found for: 70-91-79-102-washingtondc.hfc.comcastbusiness.net
Click to expand...

Can anybody tell me what is wrong?
 
Most likely it's actually a problem on their end. If they have their mail echanger server pass the message to another server inside BEFORE testing SPF, it'll fail the SPF test because you're using "-all" - which says "and no other servers are allowed to relay". The relay INSIDE their network is still considered the most recent relay server before SPF testing, so the message is refused.

Disable SPF (or switch it to "~all") temporarily. Send a new message to the person that you've been trying to reach. It will go through. Have them send you back the FULL HEADERS for the message they received. Check those headers for a relay action after your server hands off the message.

If it has one, contact their network admin/webmaster directly and see if he can fix his setup - make sure to explain that he's failing to obey the rules of SPF by testing it after a relay.

If he refuses to cooperate, and you absolutely must reach them by email, leave it as "~all". If he cooperates and fixes the mail server settings, turn it back to "-all".
 
I resolved this problem. It was not an SPF problem because SPF settings were the same for 2 domains, so we ruled that out.

In Server > Mail, we had enabled DomainKeys "Verify Incoming Mail". When we disabled that (and I think restarted Qmail and POP/IMAP services), it worked fine. Then we had more Spam coming in. The answer to that was to install spamdyke and that has resolved the problem with us. We do have ASL (Atomic Secured Linux) as server protection, and that is worth every penny that it costs. It also makes the installation of all the programmes rather easier.

I hope that helps you.
 
You must log in or register to reply here.

Similar threads

T
Migrator doesn't adjust DNS properly (certain conditions)
Replies
6
Views
2K
TomBoB
T
C
Issue SPF record munged in update
Replies
3
Views
1K
Dave W
Dave W
nuno.pereira
Question SPF activation with relay server
Replies
4
Views
1K
nuno.pereira
nuno.pereira
P
Issue SPF error sending IP 127.0.0.1
Replies
10
Views
4K
MrZuru
M
C
Issue DKIM and SPF do not align with RFC5322. Then DMARC result is fail.
Replies
2
Views
3K
cmartinez127
C
Back
Top