SPF records, what happens if an SPF record is entered wrong?

155 pts.
Sender Policy Framework
SPF records
After a lot of talking, system admins have entered SPF records to our domain. I have not yet been able to test this with domains that previously didn't receive our e-mails, as I do not want to keep bugging our customers, but I see the following: - mail sent from our domain to e.g. my personal gmail account are marked as SPAM. This wasn't happening before the SPF record was added. - mail sent to a mail address on one of my domains does arrive in the inbox, but the message source does not show any reference to SPF, so it is probably not being validated for such a record. when I validate the SPF records using these 3 services one of the records does not validate. SPF records created are (against my advice, well Labnuke99's advice) v=spf1 a -all and v=spf1 mx a:mail ?all there is an A record in the domain's DNS for mail.ourdomain.nl that redirects to the ip-address of the ISP/exchange server. I was assuing that IP address should be part of the SPF record. I'm very worried about the potential mess that may be the result of this. thanks, (and labnuke99, I don't know how to contact you, but should you wish to get n touch (damn I know I do), my e-mail is my account name here (starting with s, ends with implr) provided by gmail.)

Answer Wiki

Thanks. We'll let you know when a new response is added.

so messed up with all this e-mail stuff that I made a mistake in my own e-mail address 😉

the account name is simplr.nl by gmail

An example SPF record would look like:

example.com in TXT “v=spf1 a:mailserver mx:example.com ip4: include:hostdomain.com ~all”

<b>a:mailserver</b> is the A record name for the authorized server sending mail on behalf of example.com
<b>mx:example.com</b> says that all of the MX records are authorized servers sending on behalf of example.com
<b>include:hostdomain.com</b> means that the ISP for hostdomain.com can also send on example.com’s behalf – BUT hostdomain.com must also have SPF records
<b>~all</b> means that the list above are all of the authorized sending servers for example.com

So, the records that they created for the ourdomain.nl domain say that the MX record servers can send mail and also mail.ourdomain.nl can send mail on behalf of ourdomain.nl. So, if there are other servers sending on behalf of this domain, they will be rejected if the ~all switch being added. Using the IP address is okay but making sure the A record is correct for the IP address is even more accurate. Use DNS names where possible. We had a range of IP addresses we are sending from so had to use addresses rather than names. I think the 2nd SPF record format should be correct provided that the MX and A records are accurate and are actually the sending hosts for your domain. I think that the ?all switch is the risky one and should be ~all to say that this is the authoritative senders for the domain. This could be why gmail is marking the messages as spam as the SPF record may seem “wishy-washy”.

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • ITKE
    Thanks for letting the community know. Sean
    1,152,135 pointsBadges:
  • Simplr
    mmmm just checking ITKE, was that cynical, did I say something wrong or even worse ... stupid?
    155 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: