Changing SPF Records

I am having a bit of a problem as my domain has been blacklisted - it wasn’t me Guv, honest !

I had to change my domain SPF records a year ago because my ISP was being blocked by Outlook.com and Hotmail. The new SPF record had to specifically include the IPs of my ISP to resolve the problem. That worked for a couple of weeks, but then I was blacklisted again !

At that point, I decided to stop using the POP3 and SMTP of my ISP altogether (they have the most irritating and banal adverts, so you can probably guess who they are), and changed my mail servers to Gmail linked to my domain name. That worked out fine for the last year until yesterday, when I got blacklisted again suddenly !

It took me all day to get to the bottom of it, but my web-host advised me that my ISP was still included in the SPF record, and assumed they may have been under attack again. My domain host told me to remove the redundant SPF reference to my ISP, as the result of which things are more or less working again.

However, my domain host is now recommending that I “change the record from the Cloudfare side” because the domain is pointing to the Cloudfare secure name servers instead of their name servers (https:// certificate). Frankly, I am not aware that I ever set up any SPF records with Cloudfare, and therefore I do not understand the suggestion, or how to do it. Or would Cloudfare have grabbed the SPF records from my domain without involving me ?

If anyone understands this better than I can explain it, then I would be grateful for a bit of help with this. I admit it is all getting beyond my labour grade.

Thanks.

Nice try. :wink:

Cloudflare probably did scan the SPF record, as it’s common for domains to have them. It would be a TXT record in the DNS list here.

Well, thanks for that. I found the DNS List and it did indeed include the old SPF record. So I used ‘Edit’ and changed it. So far, so good.

But it saw me coming and threw another Googlie :blush:

" Cloudflare nameservers

To use Cloudflare, ensure your authoritative DNS servers, or nameservers have been changed. These are your assigned Cloudflare nameservers.

|Type|Value|
| — | — |
|NS|anahi.ns.cloudflare.com|
|NS|jaxson.ns.cloudflare.com|"

I am hoping that is what I just did ! At least I thought I did ! I am getting too old for this. Did I have to do something else as well ? I have looked at the DNS list again since, and it is showing the correct what I want. Or am I supposed to go into the two assigned nameservers NS|anahi.ns.cloudflare.com
NS|jaxson.ns.cloudflare.com
and change them there as well somehow ? And where would I find them to change them also ?

Thanks. :flushed:

Those two name servers are probably correct at your Registrar. Since your domain host said to update your records at Cloudflare, they probably saw those two name servers and advised you accordingly.

I think it is therefore sorted. All appears to be working, so fingers crossed.

Thanks again. I am coming up 74 and still learning ! :innocent:

1 Like

I may have spoken too soon, because I am still having a problem with one person with whom I communicate regularly. It is quite possible that the problem now is at his end, because that is where it all started. I am not having problems as far as I can tell with other people or with sending my own emails. However, when I send an email to someone else, and include him as a recipient (cc), then the problem starts. I get spam reject messages.
I have double checked my SPF configuration settings both with Cloudfare and with my domain host, and copied the SPF record from what my domain host recommends and pasted it into Cloudfare, so they must be identical.

However, after I pasted the SPF record into Cloudfare, I got a message :

To use Cloudflare, ensure your authoritative DNS servers, or nameservers have been changed. These are your assigned Cloudflare nameservers.

I had assumed that that is just what I had done, namely changed the nameservers ! The SPF records with my domain host AND with Cloudfare are identical, and are the record which my domain host recommends. The two nameservers are the ones correctly registered with my domain host already, so presumably I do not have to do anything more.

Maybe I am just assuming that this is just a warning in case I have not done the above, and that it can be ignored.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.