Issues adding SPF + DKIM records to solve Webmail problems

[1] BACKGROUND INFORMATION:

Please note this post contains two (2) accompanying screenshots. I went through similar topics but did not find the answer. BABELEXPORT.COM is being hosted by a hosting company, but webmail is not working at all, i.e.: URL webmail page is not opening, no login access, and unable to either send or receive emails. Any email sent to that webmail is returned undelivered. The hosting company asked me to add the following two records in order to unrestrict the emails:

SPF record:

v=spf1 a mx ip4:167.86.99.163 ~all

DKIM record:

p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQ2N+oBtEuILhGumqpbJPgub3MOo74xUMHMM9G7iCVB04yKZie6RQs5txJiLmUimjv8ygkJluGvlS1HFYT9t5rFeHYuXgmGRaUPwwBMT2vlJAs6/rWFxnEDe3+5D2OJ3Q910v/kAVuinD+80l0/JkOo4CkwWGsN80J7Z3VMSVhRQIDAQAB;

[2] ACTION TAKEN AT MY END:

I added the DKIM record as a TXT record and it was accepted smoothly. However, as per screenshot No.1, it was impossible to add the SPF record. Firstly, even if I wrote the record as given to me by the hosting company, the system was displaying a message saying “SPF record must start with v=spf” [NOTE: The same error message comes up even if I write the record with all letters together without any space in between]. Apart from that, when I clicked on SAVE I got the error message written on the red banner at the bottom of the page saying as follows:

“DNS Validation Error (Code: 1004) The SPF record type was deprecated in RFC 7208 and is no longer supported. Create a TXT record with the same content instead”.

Therefore, I eventually added the SPF record as an SPF record. Screenshot No.2 shows the DNS settings as they are now. The red box refers to the two pieces of text I was asked to add at Cloudflare.

[3] SUPPORT QUESTIONS:

(1) Is there any reason why the SPF record cannot be added as an SPF record?

(2) For both records and taking into account the server glitches refer to webmail, should I have written under NAME “webmail.babelexport.com” instead of “"babelexport.com” as I did?

Thank you very much!

Yes and it is displayed clearly in the red bar in your screenshot. The SPF DNS resource record type was phased out nine years ago.

This is because there is no A record for the host listed in your MX record. You will need to create an A record set to :grey: DNS Only for your mail hostname.

It’s loading a Roundcube webmail login page for me.

Your SPF record needs to use the TXT RR type. It should contain only your apex domain, example.com and you are missing spaces between the individual components of the record.

v=sp1f mx ~all

I dropped the a because it will resolve to Cloudflare proxy IPs which will never be sending mail on your behalf. You could replace the MX with the IP of your server, which will save you one of your permitted ten DNS lookups, but you don’t need both when the are the same.

Thank you epic.network. Yes, the Roundcube was added in the server just immediately after I submitted the post as I thought the problem may have been related to HORDE. I will leave Roundcube as it looks cute and cleaner than HORDE even if it seems less robust in options and settings. I did a test and actually CAN send message successfully (the receiver confirmed receipt), cut CANNOT receive messages. I am going to take action according to your suggestions to see if this is solved. Thank you again.

1 Like

I am pleased to advise that after implementing your suggestions now I am able to RECEIVE and SEND messages.

NOTE: In relation to the TXT RR for SPF record, you said nothing about the number “1” attached to v=spf1 as advised by the hosting company, but I did not put it. In short I just wrote it like this:

v=spf 167.86.99.163 ~all

For the A record I put the mail hostname (mail.babelexport.com) and the server IP as content. However, as per attached screennshot, afterwards I noticed there is a warning message (red square) being shown stating as follows:

This record exposes the IP address used in the A record on babelexport.com. Enable the proxy status to protect your origin server.

I suppose I should disregard this warning because I understand that if this A record is PROXIED then webmail will never work. Am I right on this one?

1 Like

Put the “1”, he made a typo.

1 Like

Thank you very much. Action taken as shown on attached screenshot.

That was a typo. You will want it. I have corrected it in my example. Here is a good SPF tool from dmarcian. You can use it to analyze your records.

Precisely.

Wow!! I did a search at Dmarcian and got the report below. No idea what all that stuff means. Just wondering if the “ip4” characters mentioned by the hosting company should have been included. I say this because what has been reported by Dmarcian. The hosting company suggestion was:

v=spf1 a mx ip4:167.86.99.163 ~all

So, it might be that the only item NOT to be included would be the “”a” as you pointed out above. Anyway, I will leave it as it is now until further notice.

babelexport.com

v=spf1 167.86.99.163 ~all

  • Error! SPF record is present, but invalid.
  • Error! SPF record for “babelexport.com” has invalid syntax - no terms will be evaluated.

(ignored) 167.86.99.163

  • Error! Invalid “unknown” mechanism (“unknown”: “167.86.99.163” is unknown mechanism. Valid mechanisms are “all” “include” “a” “mx“ip4” “ip6” “exists” and “ptr” (“ptr” is deprecated and should not be used).

(ignored) ~all

It means you forgot to preface that IP address with ip4:. :wink:

Well, let’s try to wrap things up. Then I will finally replace it with this:

v=spf1 ip4: 167.86.99.163 ~all

So, removed the “a” and the "“mx”. Is it all right now?

SORRY: I mean only removing the “a” because Dmarcian also mentioned the missing “mx”. Final SPF record should then be like this:

v=spf1 mx ip4: 167.86.99.163 ~all

Dmarcian mentioned that mx is a valid mechanism, and that you were missing one before the IP address. It wasn’t suggesting that mx was missing mechanism.

You have a space after the colon that doesn’t belong. I’d consider the following.

v=spf1 ip4:167.86.99.163 ~all

1 Like

Done as advised! Thank you very much. By the way, I was going to go back to HORDE but just read a few minutes ago that HORDE is being deprecated, so developers will not make any further updates. Final verdict: I will stay with ROUNDCUBE which has a very nice look. But for business purposes perhaps the best solution would be liaise our webmail to Gmail so that all messages could be send and receive from and by Google as if they belong to our domain name. The only catch is that Google server will keep all our business information in their server, but if we have nothing to hide then we should not be too worry about privacy. There is no such thing like privacy in the internet. Bye

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.