No valid SPF record for included domain:


We have an issue on emails delivery. Trying to send an email to a specific domain, we get a Delivery Status Notification (Failure) email menntioning:

550 5.7.1 : Recipient address rejected: Message rejected due to: SPF Permanent Error: No valid SPF record for included domain:

We exchange emails with them multiple times per day. The problem appeared today without changing anything to our DNS or email.
Since we haven’t added those _spfcf subdomains to the spf, I searched and found that cloudflare adds them automatically.

Any ideas?

Cloudflare is apparently “flattening” your SPF record. I have just learned about this “feature” by searching to figure out what’s going on with your record.

I’m not sure what the point is, but at least in your case, it’s kind of a disaster. The SPF record Cloudflare is returning is so big it doesn’t even fit in the standard UDP response, and most of it is useless. I can’t even imagine what it’s trying to accomplish.

So, I would recommend deleting it, disabling the managed SPF record, and adding your own TXT record manually (that is, don’t use the “create record” thingy under DMARC Management).

For reference, this is the SPF record Cloudflare has “helpfully” created in this case: 300 IN TXT "v=spf1 include:_spfcf7." " include:_spfcf14.citrusnobili" " incl" " include:_spfcf7.citr" "" "m include:" " include:_spfcf7.citrusno" " +a +mx +ip4: ~all"


This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.