I received the email below when trying to send an email to a Gmail address. I have never had this before and I have sent emails again since without any problems.
I contacted my hosting company and they said that I “need to add an SPF record for your email”. They said, “It would need to be added on Cloudflare as you are using their service for DNS.”
I am not super technical and have never done this before. Do I need to add an SPF Record given that my emails are sending ok again now? What would have caused this email not to deliver?
My hosting company has also provided me with the default SPF record for their shared email system, if that’s helpful.
I’m sorry to have to inform you that your message could not be delivered to one or more recipients. It’s attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can delete your own text from the attached returned message.
The mail system
This message does not pass authentication checks (SPF and DKIM both XXXXXXXX do not pass). SPF check for [MY WEBSITE] does not pass with XXXXXXXX ip: [XXXXXXXX].To best protect our users from spam, the message XXXXXXXX has been blocked.
Having a pass tied directly to your own domain (also known as alignment) with either DKIM or SPF are becoming increasingly more and more mandatory these days.
The best thing would however be, if your hosting provider had the option to DKIM sign your messages (using a signature on your own domain).
SPF has been in widespread use for over a decade. Along with DKIM, it is one of the underlying mechanisms in DMARC. With DMARC adoption on the rise, you are more likely to be affected by having a missing or invalid SPF record than ever before.
mbettis - I am a (very) small business so I handle everything myself. I don’t have anyone to call in to help on this one unfortunately.
epic.network - thanks for the advice. It seems like i should definitely get this sorted out as it might be a bigger issue moving forward.
DarkDeviL - I do not believe my hosting provider has an option to DKIM sign my messages but i have emailed them to find out more. Can you advise how I add an SPF record?
On Cloudflare, I can go to DNS Settings and add the record there. However, the first thing it asks for is my iPv4 and iPv6 addresses to be added. When I visit https://www.whatsmydns.net/dns-lookup/ and enter my website address, I get 1 iPv4 and 2 iPv6 addresses. How do i know which if the 2 ipv6 addresses to enter?
Alternatively, my hosting company has provided me with the “default SPF record for our shared email system” - is this what I need to enter?
Apologies for all of the questions - this is a little over my head.
It isn’t as complex as it seems. Your SPF record is nothing more than a list of internet addresses that are authorized to send email that identified itself with your domain name.
If your email uses your hosting provider’s service or is best of you start with what they provided. You still never have cause to add any Cloudflare IPs to your SPF record as your email will never be relayed by the Cloudflare proxy.
If you later need to add sources to your SPF record, be sure to edit your existing record rather than adding another. You can only have one SPF record. There are ways to include other SPF records, but you still can only have one at any given DNS label. Ignoring that rule will break your SPF.
It is best to keep your record as short as possible. There is a 10 DNS lookup limit. Exceeding it will invalidate your SPF record.