I just had an email bounce back with the following message…
550 5.7.26 This message does not pass authentication checks (SPF and DKIM both do not pass). SPF check for [yourdomain.com] does not pass with ip: [209.85.220.69].To best protect our users from spam, the message has been blocked. Please visit Prevent mail to Gmail users from being blocked or sent to spam - Gmail Help for more information. kz19-20020a17090777d300b008cd6575e7c5sor5263164ejc.29 - gsmtp
I contacted my domain registrar, and they told me to add an SPF record as follows…
v=spf1 a ip4:213.171.216.0/24 ip4:77.68.64.0/27 mx -all
Cloudflare wouldn’t let me add this, as it said the content must start with “v=spf” (which it does!).
After a bit of searching around this forum, I discovered a post that said SPF has been deprecated, and that the content should be added as a TXT record instead.
However, I already have a TXT record with that content.
Anyone able to advise how I avoid emails being bounced again? Thanks
The IP in the error message indicates you are a Google Workspace user. Is that the case?
If it is, you need to add include:_spf.google.com before -all.
SPF used to have its own DNS record type, but used TXT as a temporary solution while waiting for DNS implementations to support the dedicated SFP type. Nobody ever built the support for the SPF type, so it was deprecated because everybody just used TXT to store their SPF policy anyway.
I would not describe that as a typo. It’s is a policy decision you have to make.
There are four qualifiers that can be used in an SPF policy. PASS (+), NEUTRAL (?), SOFTFAIL (~) and FAIL (-).
-all means “if nothing else matches reject the email”, while ~all means something like “if nothing else matches accept the email, but if might be suspect”.
It might be a journey, but -all is the point most email admins should be aiming for.