Email DNS Record Problems

Hey, guys! A bit of a noob here, running his first email campaign. Last week, a few of my emails bounced, giving me the following error: “550 High probability of spam”.

I checked my score at mail-tester.com, and sure enough - my score was 3/10. The main detractors (-3 points each) were these two:

  1. [SPF] does not allow your server to use [the email I’m outreaching from]

  2. Your message failed the DMARC verification

I tried fixing No. 1 - last week, I changed the DNS record to the one they suggested. However, even though I changed it, it still appears as an error.

Regarding issue No. 2, Mail-tester says:
“You are not allowed to send a message with this address”, and then it quotes the _dmarc entry I have on Cloudflare.

When I go on dmarcguide.globalcyberalliance.org/, and enter my domain, it says that my DMARC is good (the full message reads: “Thank you for getting started with DMARC. You are currently at the lowest level and receiving reports, which is a great starting point. Please make sure to review the reports…”)

What am I doing wrong? Any help would be greatly appreciated!

It’s hard to help without knowing which domain you’re talking about, which is necessary for checking the SPF record, and from which server you are sending your e-mails, the address of which should be included in the SPF record.

DMARC probably fails because SPF fails. Generally if SPF is OK or DKIM is OK then DMARC is OK. I suppose you have not implemented DKIM (yet).

1 Like

Domain: keenfighter.com
Outreaching email: velin AT keenfighter.com, which I got from G Suite

Before I set up my G Suite account, the email associated with the domain was velindragoev93 AT gmail dot com, but during the setup they instructed me to delete the previous MX and SPF records, and create new ones.

[Sorry if this is a repost - I think my previous reply was flagged for having too many links]

For that domain the MX is google (aspmx.l.google.com and various alternatives also from google), and your SPF record does not explicitly include any of those.

However it does include the “MX” mechanism, which should match any IP of any of your MXs. So as far as I can see you should have no problem.

But I just tested now with mxtoolbox.com, using your domain and an IP address of one of the MXs (74.125.137.27) and it failed, even though it should not fail.

The same test at kittermann.com also fails.

Even though it should not be necessary (as far as I know anyway), you could add “include:_spf.google.com” to your SPF record, to be on the safe side.

1 Like

Hmmm… My SPF record already includes that. Here’s what it reads:

v=spf1 +a +mx +ip4:35.208.141.10 include:_spf.mailspamprotection.com include:_spf.google.com ~all

I don’t know if it helps, but when I type “spf” in the search field on my DNS records page, in addition to the “spf” record I pasted above, I have another TXT-type record called keenfighter.com with the following content:

v=spf1 +a +mx +ip4:35.208.141.10 include:_spf.mailspamprotection.com ~all

Both records have “Auto” in the TTL field, and “DNS only” in the Proxy Status field.

Weird. Your actual SPF record is the second one you posted.
It should have a TXT type.

Could it be that you think the SPF record should be of type “SPF” ?
While apparently logical, this is actually wrong. You should delete that one to avoid confusion and use only a TXT record.

Don’t ask me why. Otherwise I’ll have to tell you. Or you read RFC 7028 yourself :slight_smile:

1 Like

OH MY GOD, THAT TOTALLY WORKED!!! You’re a wizard! Thank you so much! I’m still getting the DMARC issue, but I guess that’ll resolve itself in due time.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.