What's wrong with my SPF record?
I hope you can help me to figure out where the problem with my SPF is, it seems to be correct to me. Even vast majority of SPF testing tools tells me it's correct, but there are few that show SOFTFAIL. I wouldn't worry me too much if every email sent to hotmail.com didn't show on top small warning: "The sender of this message, supportADDED@ADDEDget-gifts-for-free.com, could not be verified by Sender ID. Learn more about Sender ID."
- IP of get-gifts-for-free.com domain is on 209.59.181.165
- All emails is sent from 209.59.181.105 and headers say (HELLO host.motylonline.com) which is fine, 209.59.181.105 is base IP of this server and hostname is set to host.motylonline.com
- Reverse DNS for 209.59.181.105 is set to ns1.motylonline.com
- The SPF record for get-gifts-for-free.com is:
"v=spf1 a mx mx:mail.get-gifts-for-free.com mx:get-gifts-for-free.com mx:host.motylonline.com mx:ns1.motylonline.com ptr:ns1.motylonline.com ip4:209.59.181.105 ip4:209.59.181.165 ~all"
I keep trying different SPF records for 2 days now but without success
For example any email sent to testing address auth-results@verifier.port25.com returns:
==========================================================
Summary of Results
==========================================================
mail-from check: softfail
PRA check: softfail
DomainKeys check: neutral (message not signed)
==========================================================
Details:
==========================================================
HELO hostname: host.motylonline.com
Source IP: 209.59.181.105
mail-from: supportADDED@ADDEDget-Gifts-For-Free.com
PRA Header: from
PRA: supportADDED@ADDEDget-Gifts-For-Free.com
SPF TXT record/s:
v=spf1 a mx mx:mail.get-gifts-for-free.com mx:get-gifts-for-free.com mx:host.motylonline.com ptr:ns1.motylonline.com ip4:209.59.181.105 ip4:209.59.181.165 ~all
PRA TXT record/s:
v=spf1 a mx mx:mail.get-gifts-for-free.com mx:get-gifts-for-free.com mx:host.motylonline.com ptr:ns1.motylonline.com ip4:209.59.181.105 ip4:209.59.181.165 ~all
Domain Key TXT record:
None
==========================================================
Explanation of the possible results:
==========================================================
"pass"
means the client IP is a designated mailer for the sender.
The mail should be accepted subject to local policy regarding
the sender.
"fail"
means the client IP is not a designated mailer, and the sender
wants you to reject the transaction for fear of forgery.
"softfail"
means the client IP is not a designated mailer, but the
sender prefers that you accept the transaction because it isn't
absolutely sure all its users are mailing through approved
servers. The "softfail" status is often used during initial
deployment of SPF records by a domain.
"neutral"
means the sender makes no assertion about the status of the
client IP.
"none"
means that there is no SPF record for this domain.
"unknown"
means the domain has a configuration error in the published
data or defines a mechanism which this tool does not (yet) know
about. If the data contained an unrecognized mechanism, it
will be presented following "unknown".
"error"
means the DNS lookup encountered a temporary error
during processing.
Summary of Results
==========================================================
mail-from check: softfail
PRA check: softfail
DomainKeys check: neutral (message not signed)
==========================================================
Details:
==========================================================
HELO hostname: host.motylonline.com
Source IP: 209.59.181.105
mail-from: supportADDED@ADDEDget-Gifts-For-Free.com
PRA Header: from
PRA: supportADDED@ADDEDget-Gifts-For-Free.com
SPF TXT record/s:
v=spf1 a mx mx:mail.get-gifts-for-free.com mx:get-gifts-for-free.com mx:host.motylonline.com ptr:ns1.motylonline.com ip4:209.59.181.105 ip4:209.59.181.165 ~all
PRA TXT record/s:
v=spf1 a mx mx:mail.get-gifts-for-free.com mx:get-gifts-for-free.com mx:host.motylonline.com ptr:ns1.motylonline.com ip4:209.59.181.105 ip4:209.59.181.165 ~all
Domain Key TXT record:
None
==========================================================
Explanation of the possible results:
==========================================================
"pass"
means the client IP is a designated mailer for the sender.
The mail should be accepted subject to local policy regarding
the sender.
"fail"
means the client IP is not a designated mailer, and the sender
wants you to reject the transaction for fear of forgery.
"softfail"
means the client IP is not a designated mailer, but the
sender prefers that you accept the transaction because it isn't
absolutely sure all its users are mailing through approved
servers. The "softfail" status is often used during initial
deployment of SPF records by a domain.
"neutral"
means the sender makes no assertion about the status of the
client IP.
"none"
means that there is no SPF record for this domain.
"unknown"
means the domain has a configuration error in the published
data or defines a mechanism which this tool does not (yet) know
about. If the data contained an unrecognized mechanism, it
will be presented following "unknown".
"error"
means the DNS lookup encountered a temporary error
during processing.
An email system which uses SPF rejected a message claiming to be from supportADDED@ADDEDget-gifts-for-free.com.
An email system which uses SPF saw a message coming from the IP address 209.59.181.105 which is ns1.motylonline.com; the sender claimed to be supportADDED@ADDEDget-gifts-for-free.com.
ns1.motylonline.com is approved for get-gifts-for-free.com, so that mail should have been accepted.
What should I do?
Wait a while, then try sending the message again. It should go through this time.
An email system which uses SPF saw a message coming from the IP address 209.59.181.105 which is ns1.motylonline.com; the sender claimed to be supportADDED@ADDEDget-gifts-for-free.com.
ns1.motylonline.com is approved for get-gifts-for-free.com, so that mail should have been accepted.
What should I do?
Wait a while, then try sending the message again. It should go through this time.
There are numerous other tests that accepted email just fine and are happy with SPF record.
See example below:
This service runs at <sa-test@sendmail.net> and allows remote users
to perform a simple, automated test to see if different Sender
Authentication schemes are working. Mail sent to this service
is checked by our Sender Authentication filters for any valid
credentials or signatures. A script receives the message, checks
for a special header with the results of the tests, and composes
this response message based on what it finds.
For more information about Sender Authentication, please visit:
http://sendmail.net/
We hope this service has been helpful to you.
Authentication System: Domain Keys
Result: (no result present)
Reporting host:
More information: http://antispam.yahoo.com/domainkeys
Sendmail milter: http://www.sendmail.net/dk-milter
Authentication System: Sender ID
Result: SID data confirmed GOOD
Description: Sending host is authorized for sending domain
Reporting host: sendmail.net
More information: http://www.microsoft.com/senderid
Sendmail milter: http://www.sendmail.net/sid-milter
Authentication System: Sender Permitted From (SPF)
Result: SPF data confirmed GOOD
Description: Sending host is authorized for sending domain
Reporting host: sendmail.net
More information: http://spf.pobox.com/
to perform a simple, automated test to see if different Sender
Authentication schemes are working. Mail sent to this service
is checked by our Sender Authentication filters for any valid
credentials or signatures. A script receives the message, checks
for a special header with the results of the tests, and composes
this response message based on what it finds.
For more information about Sender Authentication, please visit:
http://sendmail.net/
We hope this service has been helpful to you.
Authentication System: Domain Keys
Result: (no result present)
Reporting host:
More information: http://antispam.yahoo.com/domainkeys
Sendmail milter: http://www.sendmail.net/dk-milter
Authentication System: Sender ID
Result: SID data confirmed GOOD
Description: Sending host is authorized for sending domain
Reporting host: sendmail.net
More information: http://www.microsoft.com/senderid
Sendmail milter: http://www.sendmail.net/sid-milter
Authentication System: Sender Permitted From (SPF)
Result: SPF data confirmed GOOD
Description: Sending host is authorized for sending domain
Reporting host: sendmail.net
More information: http://spf.pobox.com/
SPF lookup of sender supportADDED@ADDEDget-gifts-for-free.com from IP 209.59.181.105:
SPF string used: v=spf1 a mx mx:mail.get-gifts-for-free.com mx:get-gifts-for-free.com mx:host.motylonline.com mx:ns1.motylonline.com ptr:ns1.motylonline.com ip4:209.59.181.105 ip4:209.59.181.165 ~all.
Processing SPF string: v=spf1 a mx mx:mail.get-gifts-for-free.com mx:get-gifts-for-free.com mx:host.motylonline.com mx:ns1.motylonline.com ptr:ns1.motylonline.com ip4:209.59.181.105 ip4:209.59.181.165 ~all.
Testing 'a' on IP=209.59.181.105, target domain get-gifts-for-free.com, CIDR 32, default=PASS. No match.
Testing 'mx' on IP=209.59.181.105, target domain get-gifts-for-free.com, CIDR 32, default=PASS. MATCH!
Testing 'mx:mail.get-gifts-for-free.com' on IP=209.59.181.105, target domain mail.get-gifts-for-free.com, CIDR 32, default=PASS.
Testing 'mx:get-gifts-for-free.com' on IP=209.59.181.105, target domain get-gifts-for-free.com, CIDR 32, default=PASS.
Testing 'mx:host.motylonline.com' on IP=209.59.181.105, target domain host.motylonline.com, CIDR 32, default=PASS.
Testing 'mx:ns1.motylonline.com' on IP=209.59.181.105, target domain ns1.motylonline.com, CIDR 32, default=PASS.
Testing 'ptr:ns1.motylonline.com' on IP=209.59.181.105, target domain ns1.motylonline.com, CIDR 32, default=PASS.
Testing 'ip4:209.59.181.105' on IP=209.59.181.105, target domain 209.59.181.105, CIDR 32, default=PASS.
Testing 'ip4:209.59.181.165' on IP=209.59.181.105, target domain 209.59.181.165, CIDR 32, default=PASS.
Testing 'all' on IP=209.59.181.105, target domain get-gifts-for-free.com, CIDR 32, default=SOFTFAIL.
Result: PASS
Possible Results:
* Pass - This IP is authorized to send E-mail from this domain.
* Fail - This IP is not authorized to send E-mail from this domain
* SoftFail - This IP probably is not authorized to send E-mail from this domain, but the domain owners are not certain
* Neutral - The domain does not know if the IP is allowed to send E-mail or not.
* TempError - A temporary error occurred. The E-mail should be retried later.
* PermError - A permanent error was encountered. The E-mail should be rejected.
* None - No SPF record was found. It cannot be determined if the IP is allowed to send E-mail from this domain.
SPF string used: v=spf1 a mx mx:mail.get-gifts-for-free.com mx:get-gifts-for-free.com mx:host.motylonline.com mx:ns1.motylonline.com ptr:ns1.motylonline.com ip4:209.59.181.105 ip4:209.59.181.165 ~all.
Processing SPF string: v=spf1 a mx mx:mail.get-gifts-for-free.com mx:get-gifts-for-free.com mx:host.motylonline.com mx:ns1.motylonline.com ptr:ns1.motylonline.com ip4:209.59.181.105 ip4:209.59.181.165 ~all.
Testing 'a' on IP=209.59.181.105, target domain get-gifts-for-free.com, CIDR 32, default=PASS. No match.
Testing 'mx' on IP=209.59.181.105, target domain get-gifts-for-free.com, CIDR 32, default=PASS. MATCH!
Testing 'mx:mail.get-gifts-for-free.com' on IP=209.59.181.105, target domain mail.get-gifts-for-free.com, CIDR 32, default=PASS.
Testing 'mx:get-gifts-for-free.com' on IP=209.59.181.105, target domain get-gifts-for-free.com, CIDR 32, default=PASS.
Testing 'mx:host.motylonline.com' on IP=209.59.181.105, target domain host.motylonline.com, CIDR 32, default=PASS.
Testing 'mx:ns1.motylonline.com' on IP=209.59.181.105, target domain ns1.motylonline.com, CIDR 32, default=PASS.
Testing 'ptr:ns1.motylonline.com' on IP=209.59.181.105, target domain ns1.motylonline.com, CIDR 32, default=PASS.
Testing 'ip4:209.59.181.105' on IP=209.59.181.105, target domain 209.59.181.105, CIDR 32, default=PASS.
Testing 'ip4:209.59.181.165' on IP=209.59.181.105, target domain 209.59.181.165, CIDR 32, default=PASS.
Testing 'all' on IP=209.59.181.105, target domain get-gifts-for-free.com, CIDR 32, default=SOFTFAIL.
Result: PASS
Possible Results:
* Pass - This IP is authorized to send E-mail from this domain.
* Fail - This IP is not authorized to send E-mail from this domain
* SoftFail - This IP probably is not authorized to send E-mail from this domain, but the domain owners are not certain
* Neutral - The domain does not know if the IP is allowed to send E-mail or not.
* TempError - A temporary error occurred. The E-mail should be retried later.
* PermError - A permanent error was encountered. The E-mail should be rejected.
* None - No SPF record was found. It cannot be determined if the IP is allowed to send E-mail from this domain.
PLEASE HELP if you have any ideas of what might be wrong.
Thanks a million,
Motyl
