How to create an SPF record with the SPF Wizard

EQ Admin

EQ Forum Admin
Staff member
Do you need help creating an SPF record?

The following is additional information about the questions asked by the SPF Wizard - Tool to create SPF records.

What is your domain? Your domain name is everything to the right of the @ in your email address, for example it's the "example.com" from username@example.com.

Do your incoming MX servers also send email as your domain? The MX records for a domain are the servers listed in DNS that are responsible for receiving email sent to your domain name. If you are not sure how to answer this question it's generally going to be safe to answer yes to this question.

Does your web site send email as your domain? If you have a web site that sends email, for example a customer feedback form that creates an email, answer yes to this question.

Allow any host with a PTR that ends in your domain name to send email as your domain? DNS has mappings that go from names to IP addresses (Example Domain A 1.2.3.4), and IP addresses back to names (4.3.2.1.in-addr.arpa. PTR Example Domain The PTR records are the part of DNS commonly referred to as reverse DNS. If you're not sure how to answer this question, answer no.

List all IP addresses, in CIDR format, that are allowed to relay mail for your domain: Are there any other email addresses that are allowed to send directly to the internet using your domain name? You do not need to include IP addresses that are covered by any of the other rules, for example IP addresses that send mail through your home ISP's SMTP (outgoing) mail server. A trailing /32 can be used for an individual IP address 1.2.3.4.32. To cover an "entire network" such as 1.2.3.* use 1.2.3.0/24

List additional hostnames that are allowed to send mail as your domain: Are there any other senders you want to list by name that are allowed to send email as your domain? Type in the complete name as it appears in DNS. I prefer to list most senders by their IP addresses and network ranges and not by their name.

Include the domain of any 3rd party email services that are allowed to send mail as your domain: 3rd party email services are other senders such as email newsletter providers that are allowed to send email using your domain name. The support pages for those providers should list the name to include in your SPF record.

How strict should others treat your SPF record? I recommend starting with neutral or softfail to make sure there are no major problems with your SPF record, and then getting more strict with a fail policy (-all) after you are certain your SPF record is correct and that your contacts are not complaining about your email being rejected or delivering to their spam folders.

If you have any questions about creating your SPF record please reply below.
 
Last edited:

rgs

New Email
I went three days without Hotmail blocking me and Gmail rate limiting me after publishing my SPF and DKIM. I think that's because the DKIM signature wasn't visible in the email headers in my mail server's outgoing emails. I think I've fixed that now. Would you mind looking at the email headers? Just need to see if SPF and DKIM are working as they should be.

Code:
Delivered-To: ......@gmail.com
Received: by 10.182.44.166 with SMTP id f6csp1206009obm;
        Mon, 11 May 2015 01:47:58 -0700 (PDT)
X-Received: by 10.68.125.162 with SMTP id mr2mr6907159pbb.83.1431334078433;
        Mon, 11 May 2015 01:47:58 -0700 (PDT)
Return-Path: <no-reply@......>
Received: from server.xxxxxx (server.xxxxxx. [x.x.x.x])
        by mx.google.com with ESMTPS id gl1si9233709pbd.121.2015.05.11.01.47.57
        for <......@gmail.com>
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 11 May 2015 01:47:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of no-reply@xxxxxx designates x.x.x.x as permitted sender) client-ip=x.x.x.x;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of no-reply@xxxxxx designates x.x.x.x as permitted sender) smtp.mail=no-reply@xxxxxx;
       dkim=pass header.i=@xxxxxx
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xxxxxx.org; s=default;
    h=MIME-Version:Content-Type:Subject:To:From:Message-ID:Date; bh=XgF6uYzcgcROQtd83d1Evx8x2uW+SniFx69skZp5azo=;
    b=P1MkbghGRR1nwjPicpUMmkV4b9w4rLx3yNlj/U8kA7eMvx361jLEl2HkB3G/fWnzTt8WDsQsIzSveDXuh6zJ23teRpJWJkrN3Eckl74/h3j2e2ffw/DGcGBJlgxQjOVgnD5SZ6R2Y0bFaS8X/Q3Lw+4HOy/tRbQEFRVJegl4RKU=;
Received: from localhost ([127.0.0.1]:43130 helo=server.xxxxxx)
    by server.xxxxxx with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
    (Exim 4.82)
    (envelope-from no-reply@xxxxxx)
    id 1YrjNV-0002NT-3h
    for ......@gmail.com; Mon, 11 May 2015 08:47:57 +0000
Received: from x.x.x.x ([x.x.x.x]) by ...... (Horde
Framework) with HTTP; Mon, 11 May 2015 08:47:56 +0000
Date: Mon, 11 May 2015 08:47:56 +0000
 

EQ Admin

EQ Forum Admin
Staff member
The spf=pass and dkim=pass are good.

I received the sending IP in private conversation and it has a 100 Sender Score (excellent!)

What happened in your mail logs before Gmail and Hotmail stopped accepting email from you?

Can you post the current error message examples?
 

tenpu

New Email
the wizard gave me this: mydomain.net. IN TXT "v=spf1 mx a ip4:x.x.x.x ~all"

in cpanel i see my two dns servers and this

cPanel SPF Record.jpg


add an A record (name and address)
or add a Cname record (name and CNAME)
 

EQ Admin

EQ Forum Admin
Staff member
In your cPanel zone editor switch from the Basic mode to the Advanced mode.

The advanced mode will give you the option to create TXT records in addition to the A and CNAME types of resource records.
 

rgs

New Email
The spf=pass and dkim=pass are good.

I received the sending IP in private conversation and it has a 100 Sender Score (excellent!)

What happened in your mail logs before Gmail and Hotmail stopped accepting email from you?

Can you post the current error message examples?

I just have no errors ((in my exim mail logs and in my webmail as delivery error reports) for May 7th, 8th, and 9th in my mail logs. They started appearing on May 10th, and are still appearing. On May 11th I saw that the DKIM=pass signature wasn't there in my email headers, so I added them on 11th itself. No changes.

Current errors:

Hotmail:

host mx4.hotmail.com [65.55.92.152]: 550 SC-001 (SNT004-MC2F3) Unfortunately, messages from (insert my IP here) weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider toTroubleshooting.

Gmail:


2015-05-12 01:37:58 1YrvgK-0008My-OS Message is frozen
2015-05-12 01:37:59 1YroM8-0000Zw-Gl SMTP error from remote mail server after end of data: host aspmx.l.google.com [74.125.129.27]: 421-4.7.0 [(insert my IP here) 15] Our system has detected an unusual rate of\n421-4.7.0 unsolicited mail originating from your IP address. To protect our\n421-4.7.0 users from spam, mail sent from your IP address has been temporarily\n421-4.7.0 rate limited. Please visit\n421-4.7.0Bulk Senders Guidelines - Gmail Help to review our Bulk\n421 4.7.0 Email Senders Guidelines. f2si16292867pdg.110 - gsmtp

What to do? :(

Do I have to fill out a form for delivery errors somewhere on Hotmail/Gmail support?

I'll PM you the exact logs. Wait, PMs (Conversations) are disabled on this forum?

Thanks.
 

EQ Admin

EQ Forum Admin
Staff member
Hi rgs,

The perfect sender score of 100 is a great starting point.

Yes, please PM / conversation me the exact logs. You should be all set by now with sending PM's.

The conversations start disabled for new members to help prevent spam and make sure questions from new users get posted to the forums not sent by private message.

Does your server have any special add-ons sending email besides the normal forum functions of registration confirmation emails and notifications for new replied to threads, etc?

Do you often have old threads that get a reply that could be causing old members to mark email from your forum as spam?

I'll open a ticket with Hotmail for you once I'm sure what types of email the server is sending.

I recommend changing the forum email address from no-reply@ to something like forums@your-domain.org. Some spam filters consider no-reply an indicator of junk, and maybe part of your problem is that you're hitting user created filters that send email from no-reply directly to the spam folder?
 

rgs

New Email
Hi rgs,

The perfect sender score of 100 is a great starting point.

Yep :)

Yes, please PM / conversation me the exact logs. You should be all set by now with sending PM's.

The conversations start disabled for new members to help prevent spam and make sure questions from new users get posted to the forums not sent by private message.

Got it. I've just PM'd you.

Does your server have any special add-ons sending email besides the normal forum functions of registration confirmation emails and notifications for new replied to threads, etc?

No. As you said, it is for XF Forum functions of registration confirmation and notifications. I will check again and let you know.

Do you often have old threads that get a reply that could be causing old members to mark email from your forum as spam?

We launched our forum around 50 days back, so I don't see that as a possibility this early.

I'll open a ticket with Hotmail for you once I'm sure what types of email the server is sending.

Cool. :thanks:



I recommend changing the forum email address from no-reply@ to something like forums@your-domain.org. Some spam filters consider no-reply an indicator of junk, and maybe part of your problem is that you're hitting user created filters that send email from no-reply directly to the spam folder?

Hmm. And that user created spam filter is causing Hotmail to block my IP? Is that possible if a lot of users have that filter?

Thanks for the suggestion. I'm changing the forum email address right now.
 

EQ Admin

EQ Forum Admin
Staff member
Hmm. And that user created spam filter is causing Hotmail to block my IP? Is that possible if a lot of users have that filter?

I doubt the no-reply is causing any real harm or the source of your problems, but it's a good type of name to avoid for the reasons I mentioned so you don't run into oddball problems later.

I'll get the ticket opened with Microsoft. They usually respond within 24-48 hrs, sometimes faster.
 

EQ Admin

EQ Forum Admin
Staff member
Hi rgs,

Here is the response from Microsoft:

Conditionally mitigated
(your IP address)

Our investigation has determined that the above IP(s) qualify for conditional mitigation. These IP(s) have been unblocked, but may be subject to low daily email limits until they have established a good reputation.

Please note that mitigating this issue does not guarantee that your email will be delivered to a user’s inbox.

Ongoing complaints from users will result in removal of the mitigation.

Mitigation may take 24 - 48 hours to replicate completely throughout our system.
 
  • Like
Reactions: rgs

rgs

New Email
Hi rgs,

Here is the response from Microsoft:

Conditionally mitigated
(your IP address)

Our investigation has determined that the above IP(s) qualify for conditional mitigation. These IP(s) have been unblocked, but may be subject to low daily email limits until they have established a good reputation.

Please note that mitigating this issue does not guarantee that your email will be delivered to a user’s inbox.

Ongoing complaints from users will result in removal of the mitigation.

Mitigation may take 24 - 48 hours to replicate completely throughout our system.

Cool! This is good news! :)

Thank you so much, @popowich. I will monitor my mail logs and get back to you in 2 days.

:thanks::siterock:
 

rgs

New Email
Meanwhile, what should be done for the Gmail issues of rate limiting? Same thing - open a ticket?

SMTP error from remote mail server after end of data: host aspmx.l.google.com [74.125.129.27]: 421-4.7.0 [(insert my IP here) 15] Our system has detected an unusual rate of\n421-4.7.0 unsolicited mail originating from your IP address. To protect our\n421-4.7.0 users from spam, mail sent from your IP address has been temporarily\n421-4.7.0 rate limited. Please visit\n421-4.7.0Bulk Senders Guidelines - Gmail Help to review our Bulk\n421 4.7.0 Email Senders Guidelines.
 

EQ Admin

EQ Forum Admin
Staff member
Is Gmail still a problem? I received the forum email to my Gmail address when I registered. If it's still an issue please send me a log from today that was not accepted by Gmail.
 

rgs

New Email
Even I get emails and notifications to my Gmail address, but there have been problems with Gmail rate limiting. I'm sending the log in PM.
 

EQ Admin

EQ Forum Admin
Staff member
Are you seeing bounces related to any other domains hosted by Google?

For privacy reasons they can't say it directly, but I think I was given a psychic wink over the phone that the specific domain you can't email has you in their blacklist.

It took a few tries to get that information. It's taking a while but maybe we have the real source of the problem now.

If this is the case, have you tried to message the user on your forums and ask if that's what is going on and remove their thread subscriptions and work out whatever they would like to happen so you stop generating bounces against the Google servers?
 
Top