Spf neutral with cloudflare

albert.llorente · June 4, 2020, 10:58am

Hello,

After setting dns of Cloudflare on my domain, I have a spf neutral warning in emails:

spf=neutral (google.com: 212.227.126.133 is neither permitted nor denied by best guess record for domain of

Here is my spf config:
v=spf1 mx a include:_spf.perfora.net include:_spf.kundenserver.de include:servers.mcsv.net ~all

What’s wrong?

Thanks!

thedaveCA · June 4, 2020, 2:49pm

The a clause won’t work with Cloudflare since Cloudflare proxies incoming requests, but your outbound mail still comes from the origin IP.

The mx clause could work, but only if you receive mail through the same server that you send from.

What’s the domain? It might be easier for me to run a could checks with the real name rather than doing it synthetically from the record.

albert.llorente · June 5, 2020, 10:52am

Hi thedaveCA,

the domain its “terranovacnc.com”, using 1AND1 mail servers.

This is what I have now:
v=spf1 mx a include:_spf.perfora.net include:_spf.kundenserver.de include:servers.mcsv.net include:mout.kundenserver.com ~all

Including the name servers from ionos ips:

I’m so desperate with that

michael · June 5, 2020, 12:40pm

You are setting your SPF policy in the legacy SPF RR type. This is no longer valid, and your SPF policy needs to be in a TXT record.

albert.llorente · June 5, 2020, 1:31pm

Hello Michael,

Could you write the txt record I need to set?

I created a new txt record, with this:
v=spf1 mx a include:_spf.perfora.net include:_spf.kundenserver.de include:servers.mcsv.net include:mout.kundenserver.com ~all

And deleted the SPF record, do I have to change something else in txt record?

Now I got a “PASS” spf in gmail with this, but don’t know if I should change something in actual txt record.

I would really appreciate it

Thanks

michael · June 5, 2020, 2:09pm

The record is failing validation because there is no policy for mout.kundenserver.com. Once that is removed the record will probably validate successfully.

What goes in your SPF is directly related to the IP addresses and services that you send email from, so only you can reliably write a good SPF record. You should include only those hosts that you send mail from. You should investigate DKIM and DMARC also, as combined with SPF they are designed to ensure that only your authorised email servers can send email that claims to come from your domain.

A service like https://dmarcian.com is useful in gathering reports and gradually increasing the authority of your email domain.

system · July 5, 2020, 2:09pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Question regarding SPF's +a +mx DNS & Network	3	2345	July 11, 2019
Problems wth txt mail record DNS & Network	9	3113	November 1, 2019
MX and SPF records not working when using DNS service DNS & Network dns , dash-getting-started	20	9118	May 31, 2019
SPF Record A or IP4 Address with CF Protection DNS & Network	4	1522	December 14, 2022
SPF records in email beta DNS & Network	4	3117	February 2, 2022

Spf neutral with cloudflare

Related topics