I just had an email bounce back with the following message…
550 5.7.26 This message does not pass authentication checks (
SPF and DKIM both do not pass). SPF check for [ yourdomain.com] does not pass with ip: [188.8.131.52].To best protect our users from spam, the message has been blocked. Please visit Prevent mail to Gmail users from being blocked or sent to spam - Gmail Help for more information. kz19-20020a17090777d300b008cd6575e7c5sor5263164ejc.29 - gsmtp
I contacted my domain registrar, and they told me to add an
SPF record as follows…
v=spf1 a ip4:184.108.40.206/24 ip4:220.127.116.11/27
Cloudflare wouldn’t let me add this, as it said the content must start with “v=
spf” (which it does!).
After a bit of searching around this forum, I discovered a post that said
SPF has been deprecated, and that the content should be added as a TXT record instead.
However, I already have a
TXT record with that content.
Anyone able to advise how I avoid emails being bounced again? Thanks
March 1, 2023, 11:04pm
That record doesn’t look at all like what Google tells you to configure… going from memory here, but pretty sure they wouldn’t hardcode IPs there.
The IP in the error message indicates you are a Google Workspace user. Is that the case?
If it is, you need to add
SPF used to have its own DNS record type, but used TXT as a temporary solution while waiting for DNS implementations to support the dedicated SFP type. Nobody ever built the support for the SPF type, so it was deprecated because everybody just used TXT to store their SPF policy anyway.
In case this helps anyone else, there was a typo in the content for the record. It should end in ~all, not -all as I had it.
I would not describe that as a typo. It’s is a policy decision you have to make.
There are four qualifiers that can be used in an
SPF policy. PASS (+), NEUTRAL (?), SOFTFAIL (~) and FAIL (-).
-all means “if nothing else matches reject the email”, while
~all means something like “if nothing else matches accept the email, but if might be suspect”.
It might be a journey, but
-all is the point most email admins should be aiming for.
March 17, 2023, 8:04pm
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.