Cloudflare SPF changes (failing in Gmail)?

General Email Routing
1

Noticed yesterday that gmail been failing cloudflare a lot more with:

Unknown error: transient error : This mail has been rate limited because SPF does not pass. Gmail requires all large senders to authenticate with […]. Authentication results: … [my domain] with ip: [104.30.10.16] = did not pass

I checked what the TXT is for cloudflare and it’s currently returning “v=spf1 ip4:104.30.0.0/19 …” which includes that IP. The documentation here claims it should be returning a /20 so maybe there was a recent update that broke it with a long TTL?

3

This is not the IP of your sending MTA. This is a Cloudflare IP address and Cloudflare is not sending outbound mail on your behalf.

1 Like
4

lol downvote my accurate answer until the cows come home. It is still right. If you has a sad… fix it. :clown_face:

5
6

Exactly.

8

The IP is a direct copy from the gmail response. It verifies the bounce address SPF as part of the return path i.e.

Received-SPF: pass (google.com: domain of cfbounces+ndrdrop@[domain] designates 104.30.8.22 as permitted sender) client-ip=104.30.8.22;

And it seems like it failed for these message.

9

Are you using Email Routing to forward inbound emails to your Gmail account?

You have really removed all the useful information from the error message, so there’s not really anything to go on.

1 Like