Monday, April 30, 2018

email - How to resolve problems with spf / softfail?



I'm having problems with Google rejecting mail because of SPF problems. I thought I had this fixed, but evidently not...



The mail is being sent from a Drupal site running mimemail. A message that shows the problem looks like:



Delivered-To: reg@receiver.com
Received: by 10.112.47.229 with SMTP id g5csp300564lbn;
        Wed, 2 Apr 2014 10:21:06 -0700 (PDT)

X-Received: by 10.66.249.233 with SMTP id yx9mr1407538pac.3.1396459264202;
        Wed, 02 Apr 2014 10:21:04 -0700 (PDT)
Return-Path: 
Received: from sender.com (sender.com. [xxx.xxx.xxx.xxx])
        by mx.google.com with ESMTP id m8si1612133pbd.503.2014.04.02.10.21.03
        for ;
        Wed, 02 Apr 2014 10:21:04 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning sender@sender.com does not designate xxx.xxx.xxx.xxx as permitted sender) client-ip=xxx.xxx.xxx.xxx;
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning sender@sender.com does not designate xxx.xxx.xxx.xxx as permitted sender) smtp.mail=sender@sender.com

Received: by sender.com (Postfix, from userid 48)
    id 3E486101774; Wed,  2 Apr 2014 17:21:02 +0000 (UTC)
To: "reg" 
Subject: Message Subject here
X-PHP-Originating-Script: 501:mimemail.module
MIME-Version:1.0
Content-Type:multipart/mixed;
 boundary="ca08a4eb4d5f903d3ee41d8632611e3ff9f7e67713"
Content-Transfer-Encoding:8Bit
X-Mailer:Drupal

Sender:Sender 
From:Sender 
Message-Id: <20140402172102.3E486101774@sender.com>
Date: Wed,  2 Apr 2014 17:21:02 +0000 (UTC)

This is a multi-part message in MIME format.

--ca08a4eb4d5f903d3ee41d8632611e3ff9f7e67713
Content-Type:multipart/alternative;
 boundary="2db314e2a942d712c21894936b800a2c7998463d12"

Content-Transfer-Encoding:8bit


--2db314e2a942d712c21894936b800a2c7998463d12
Content-Type:text/plain; charset=utf-8
Content-Disposition:inline
Content-Transfer-Encoding:8bit

Message text goes here...


--2db314e2a942d712c21894936b800a2c7998463d12
Content-Type:text/html; charset=utf-8
Content-Disposition:inline
Content-Transfer-Encoding:8Bit





--2db314e2a942d712c21894936b800a2c7998463d12--


--ca08a4eb4d5f903d3ee41d8632611e3ff9f7e67713--


[Apologies for the anonomyzing.]



The SPF records for the domain, obtained from http://www.whatsmyip.us/txt, look like:



v=spf1 ip4:xxx.xxx.xxx.xxx ~all , ttl : 14144
v=spf1 include:_spf.google.com ~all , ttl : 14144

v=spf1 a -all , ttl : 14144
v=spf1 ip4:xxx.xxx.xxx.yyy ~all , ttl : 14144


similarly anonymized.



I can't figure out what's wrong -- the appropriate SPF records seem to be in place. The only issue I can see is that I have indeed set up (or tried to set up) two servers as legal senders for the domain; this is meant to cover both a production and a development server (let's call them sender.com and dev.sender.com). Is this an issue?



Any thoughts about what's wrong? Again, I thought this was once working correctly, but it's definitely not now. Thanks!


Answer




You can only have one SPF record. Since you created four of them, which one actually gets used is essentially random. You should combine them together into a single record.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...