Cloudflare Security Insights says: In your DNS records, you have an MX record for this domain without a corresponding, correctly formed SPF record.
However when I check my mail DNS records on sites such dnschecker.org and mxtoolbox.com, they all say that my SPF records are valid.
My SPF record is:
“v=spf1 include:emailsrvr.com ~all”
Are the quotes making Cloudflare Security Insights think that the SPF record is not formatted correctly?
A such record (well: … the parts within the quotes) would be technically valid.
However, it is only giving the weaker softfail policy, due to the ~all instead of -all
Can you share what domain this is about?
And how exactly does your Cloudflare Dashboard look, in regards to the SPF record?
Thanks for pointing that out. I will change it to -all once the dashboard is working correctly again. I wonder why it is taking more than 24 hours for Cloudflare to restore functionality after yesterday’s data center power outage.
That seemed to have worked. I changed ~all to -all. The one other change I made was removing the quotes so instead of my spf record being “v=spf1 include:mailgun.org -all” I made it: v=spf1 include:mailgun.org -all
Mailhardener.com says, “The SPF standard states that the SPF record must begin with v=spf1, so if your record starts with "v=spf1 (note the quote) it will not be recognized.” Other places tell me it doesn’t matter.
So I removed the quotes I had around my spf record. Everything seems fine now.
2 Likes