1

I built an asp.net application that sends text messages to our employees using carrier-provided email to SMS gateways. The people on Cricket (sms.mycricket.com) are the only ones that are bouncing with a return message like this:

Unknown address error SPF FAILURE/Sender has no SPF records: SEE RFC 4408 - FROM check failed: Received: from unknown (HELO servername.domainname.com) ([ipaddress]) by .... with ESMTP/TLS/DHE-RSA-AES256-SHA; 14 Nov 2012 06:22:56 -0600

From my research it looks like we may need to setup something in DNS for the Sender Policy Framework. I'm not in the networking group so I don't know much about this. How can this be done?

http://en.wikipedia.org/wiki/Sender_Policy_Framework

CodeGurl
  • 13
  • 3
  • 1
    You need to add one or more SPF records into your DNS server. How this is done depends on the kind of DNS server your organization runs. If you have a networking group, it's likely necessary to contact them and let them do this for you. – Sven Dec 18 '12 at 21:35
  • Thank you. I am contacting the networking group to have them add the necessary SPF records. – CodeGurl Dec 18 '12 at 21:51
  • As to why this is only a problem for the SMS people, most people only check SPF if it's there. If not, doesn't matter. I'm guessing they explicitly enforce it to avoid people spoofing your emails and sending SMS's on your behalf. In other words, make sure the networking team setup valid/accurate records, and not just a "token" record. – fukawi2 Dec 18 '12 at 22:40

2 Answers2

2

SPF is used to identify what IP addresses can send email messages for a specific domain. Email servers will look up the SPF based on the domain of the email address. For example when emailing as join@example.com, the mail server will lookup the SPF record (usually a TXT record) on example.com.

The SPF record will tell the mail server what IP addresses can send for example.com. For instance if example.com's SPF record was

v=spf1 ip4:156.24.120.10 ~all

This means that if email is coming as example.com from 156.24.120.10, then ALLOW the email through. The ~ before 'all' means 'soft-fail' on all IPs (softfail = let the mail server decide, but it probably should mark the SPF lookup as failed). So if some other mail server was sending as example.com that wasn't 156.24.120.10, then the SPF request will fail and mail servers might mark the message as spam.

Zach
  • 126
  • 4
0

Acutally, sms.mycricket.com is rejecting messages arriving with Null Senders and using the SPF message to indicate why. You can't do an SPF check on a Null Sender since there is no domain involved.

We had a change to our Exchange environment which started sending out as Null Senders messages that were forwarded from a user pager address. Only Cricket is doing this.

Kevin
  • 1