How to create an SPF record with the SPF Wizard

Discussion in 'Mail Server Support' started by popowich, May 9, 2015.

  1. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,999
    Likes Received:
    120
    Do you need help creating an SPF record?

    The following is additional information about the questions asked by the SPF Wizard - Tool to create SPF records.

    What is your domain? Your domain name is everything to the right of the @ in your email address, for example it's the "example.com" from username@example.com.

    Do your incoming MX servers also send email as your domain? The MX records for a domain are the servers listed in DNS that are responsible for receiving email sent to your domain name. If you are not sure how to answer this question it's generally going to be safe to answer yes to this question.

    Does your web site send email as your domain? If you have a web site that sends email, for example a customer feedback form that creates an email, answer yes to this question.

    Allow any host with a PTR that ends in your domain name to send email as your domain? DNS has mappings that go from names to IP addresses (Example Domain A 1.2.3.4), and IP addresses back to names (4.3.2.1.in-addr.arpa. PTR Example Domain The PTR records are the part of DNS commonly referred to as reverse DNS. If you're not sure how to answer this question, answer no.

    List all IP addresses, in CIDR format, that are allowed to relay mail for your domain: Are there any other email addresses that are allowed to send directly to the internet using your domain name? You do not need to include IP addresses that are covered by any of the other rules, for example IP addresses that send mail through your home ISP's SMTP (outgoing) mail server. A trailing /32 can be used for an individual IP address 1.2.3.4.32. To cover an "entire network" such as 1.2.3.* use 1.2.3.0/24

    List additional hostnames that are allowed to send mail as your domain: Are there any other senders you want to list by name that are allowed to send email as your domain? Type in the complete name as it appears in DNS. I prefer to list most senders by their IP addresses and network ranges and not by their name.

    Include the domain of any 3rd party email services that are allowed to send mail as your domain: 3rd party email services are other senders such as email newsletter providers that are allowed to send email using your domain name. The support pages for those providers should list the name to include in your SPF record.

    How strict should others treat your SPF record? I recommend starting with neutral or softfail to make sure there are no major problems with your SPF record, and then getting more strict with a fail policy (-all) after you are certain your SPF record is correct and that your contacts are not complaining about your email being rejected or delivering to their spam folders.

    If you have any questions about creating your SPF record please reply below.
     


    Last edited: Jun 3, 2015
  2. rgs

    rgs New Email

    Joined:
    May 11, 2015
    Messages:
    8
    Likes Received:
    1
    I went three days without Hotmail blocking me and Gmail rate limiting me after publishing my SPF and DKIM. I think that's because the DKIM signature wasn't visible in the email headers in my mail server's outgoing emails. I think I've fixed that now. Would you mind looking at the email headers? Just need to see if SPF and DKIM are working as they should be.

    Code:
    Delivered-To: ......@gmail.com
    Received: by 10.182.44.166 with SMTP id f6csp1206009obm;
            Mon, 11 May 2015 01:47:58 -0700 (PDT)
    X-Received: by 10.68.125.162 with SMTP id mr2mr6907159pbb.83.1431334078433;
            Mon, 11 May 2015 01:47:58 -0700 (PDT)
    Return-Path: <no-reply@......>
    Received: from server.xxxxxx (server.xxxxxx. [x.x.x.x])
            by mx.google.com with ESMTPS id gl1si9233709pbd.121.2015.05.11.01.47.57
            for <......@gmail.com>
            (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
            Mon, 11 May 2015 01:47:58 -0700 (PDT)
    Received-SPF: pass (google.com: domain of no-reply@xxxxxx designates x.x.x.x as permitted sender) client-ip=x.x.x.x;
    Authentication-Results: mx.google.com;
           spf=pass (google.com: domain of no-reply@xxxxxx designates x.x.x.x as permitted sender) smtp.mail=no-reply@xxxxxx;
           dkim=pass header.i=@xxxxxx
    DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xxxxxx.org; s=default;
        h=MIME-Version:Content-Type:Subject:To:From:Message-ID:Date; bh=XgF6uYzcgcROQtd83d1Evx8x2uW+SniFx69skZp5azo=;
        b=P1MkbghGRR1nwjPicpUMmkV4b9w4rLx3yNlj/U8kA7eMvx361jLEl2HkB3G/fWnzTt8WDsQsIzSveDXuh6zJ23teRpJWJkrN3Eckl74/h3j2e2ffw/DGcGBJlgxQjOVgnD5SZ6R2Y0bFaS8X/Q3Lw+4HOy/tRbQEFRVJegl4RKU=;
    Received: from localhost ([127.0.0.1]:43130 helo=server.xxxxxx)
        by server.xxxxxx with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
        (Exim 4.82)
        (envelope-from no-reply@xxxxxx)
        id 1YrjNV-0002NT-3h
        for ......@gmail.com; Mon, 11 May 2015 08:47:57 +0000
    Received: from x.x.x.x ([x.x.x.x]) by ...... (Horde
    Framework) with HTTP; Mon, 11 May 2015 08:47:56 +0000
    Date: Mon, 11 May 2015 08:47:56 +0000
     

  3. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,999
    Likes Received:
    120
    The spf=pass and dkim=pass are good.

    I received the sending IP in private conversation and it has a 100 Sender Score (excellent!)

    What happened in your mail logs before Gmail and Hotmail stopped accepting email from you?

    Can you post the current error message examples?
     
  4. tenpu

    tenpu New Email

    Joined:
    May 11, 2015
    Messages:
    1
    Likes Received:
    0
    the wizard gave me this: mydomain.net. IN TXT "v=spf1 mx a ip4:x.x.x.x ~all"

    in cpanel i see my two dns servers and this

    cPanel SPF Record.jpg

    add an A record (name and address)
    or add a Cname record (name and CNAME)
     
  5. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,999
    Likes Received:
    120
    In your cPanel zone editor switch from the Basic mode to the Advanced mode.

    The advanced mode will give you the option to create TXT records in addition to the A and CNAME types of resource records.
     
  6. rgs

    rgs New Email

    Joined:
    May 11, 2015
    Messages:
    8
    Likes Received:
    1
    I just have no errors ((in my exim mail logs and in my webmail as delivery error reports) for May 7th, 8th, and 9th in my mail logs. They started appearing on May 10th, and are still appearing. On May 11th I saw that the DKIM=pass signature wasn't there in my email headers, so I added them on 11th itself. No changes.

    Current errors:

    Hotmail:

    Gmail:


    What to do? :(

    Do I have to fill out a form for delivery errors somewhere on Hotmail/Gmail support?

    I'll PM you the exact logs. Wait, PMs (Conversations) are disabled on this forum?

    Thanks.
     
  7. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,999
    Likes Received:
    120
    Hi rgs,

    The perfect sender score of 100 is a great starting point.

    Yes, please PM / conversation me the exact logs. You should be all set by now with sending PM's.

    The conversations start disabled for new members to help prevent spam and make sure questions from new users get posted to the forums not sent by private message.

    Does your server have any special add-ons sending email besides the normal forum functions of registration confirmation emails and notifications for new replied to threads, etc?

    Do you often have old threads that get a reply that could be causing old members to mark email from your forum as spam?

    I'll open a ticket with Hotmail for you once I'm sure what types of email the server is sending.

    I recommend changing the forum email address from no-reply@ to something like forums@your-domain.org. Some spam filters consider no-reply an indicator of junk, and maybe part of your problem is that you're hitting user created filters that send email from no-reply directly to the spam folder?
     
  8. rgs

    rgs New Email

    Joined:
    May 11, 2015
    Messages:
    8
    Likes Received:
    1
    Yep :)

    Got it. I've just PM'd you.

    No. As you said, it is for XF Forum functions of registration confirmation and notifications. I will check again and let you know.

    We launched our forum around 50 days back, so I don't see that as a possibility this early.

    Cool. :thanks:



    Hmm. And that user created spam filter is causing Hotmail to block my IP? Is that possible if a lot of users have that filter?

    Thanks for the suggestion. I'm changing the forum email address right now.
     
  9. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,999
    Likes Received:
    120
    I doubt the no-reply is causing any real harm or the source of your problems, but it's a good type of name to avoid for the reasons I mentioned so you don't run into oddball problems later.

    I'll get the ticket opened with Microsoft. They usually respond within 24-48 hrs, sometimes faster.
     
  10. rgs

    rgs New Email

    Joined:
    May 11, 2015
    Messages:
    8
    Likes Received:
    1
    Got it. I'll change it.


    Cool! Thanks for helping me out! :)
     
    popowich likes this.
  11. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,999
    Likes Received:
    120
    Hi rgs,

    Here is the response from Microsoft:

    Conditionally mitigated
    (your IP address)

    Our investigation has determined that the above IP(s) qualify for conditional mitigation. These IP(s) have been unblocked, but may be subject to low daily email limits until they have established a good reputation.

    Please note that mitigating this issue does not guarantee that your email will be delivered to a user’s inbox.

    Ongoing complaints from users will result in removal of the mitigation.

    Mitigation may take 24 - 48 hours to replicate completely throughout our system.
     
    rgs likes this.
  12. rgs

    rgs New Email

    Joined:
    May 11, 2015
    Messages:
    8
    Likes Received:
    1
    Cool! This is good news! :)

    Thank you so much, @popowich. I will monitor my mail logs and get back to you in 2 days.

    :thanks::siterock:
     
  13. rgs

    rgs New Email

    Joined:
    May 11, 2015
    Messages:
    8
    Likes Received:
    1
    Meanwhile, what should be done for the Gmail issues of rate limiting? Same thing - open a ticket?

     
  14. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,999
    Likes Received:
    120
    Is Gmail still a problem? I received the forum email to my Gmail address when I registered. If it's still an issue please send me a log from today that was not accepted by Gmail.
     
  15. rgs

    rgs New Email

    Joined:
    May 11, 2015
    Messages:
    8
    Likes Received:
    1
    Even I get emails and notifications to my Gmail address, but there have been problems with Gmail rate limiting. I'm sending the log in PM.
     
  16. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,999
    Likes Received:
    120
    I see, it's not Gmail but Google Apps. I'll get the ticket started.
     
    rgs likes this.
  17. rgs

    rgs New Email

    Joined:
    May 11, 2015
    Messages:
    8
    Likes Received:
    1
    No Hotmail error messages on May 16th. Fingers crossed!
     
  18. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,999
    Likes Received:
    120
    Are you seeing bounces related to any other domains hosted by Google?

    For privacy reasons they can't say it directly, but I think I was given a psychic wink over the phone that the specific domain you can't email has you in their blacklist.

    It took a few tries to get that information. It's taking a while but maybe we have the real source of the problem now.

    If this is the case, have you tried to message the user on your forums and ask if that's what is going on and remove their thread subscriptions and work out whatever they would like to happen so you stop generating bounces against the Google servers?
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...