4

I am trying to setup a very basic SPF record. I am hosting my website on Godaddy and using Godaddy's email servers. I am using the php mail() call (I know, I've read a ton of places to use PHP Mailer, or others, but I am choosing to the default mail() function and thats not really my question). Right now the spf record in the email is coming back as neutral with the following lines:

Delivered-To: person@gmail.com
Received: by 10.52.171.166 with SMTP id av6csp133324vdc;
        Tue, 16 Jul 2013 07:43:23 -0700 (PDT)
X-Received: by 10.49.104.180 with SMTP id gf20mr2338989qeb.59.1373985802775;
        Tue, 16 Jul 2013 07:43:22 -0700 (PDT)
Return-Path: <noreply@onlineserver.cc>
Received: from p3nlsmtp14.shr.prod.phx3.secureserver.net (p3nlsmtp14.shr.prod.phx3.secureserver.net. [72.167.234.239])
        by mx.google.com with ESMTP id d19si710455qey.143.2013.07.16.07.43.22
        for <person@gmail.com>;
        Tue, 16 Jul 2013 07:43:22 -0700 (PDT)
Received-SPF: neutral (google.com: 72.167.234.239 is neither permitted nor denied by best guess record for domain of noreply@onlineserver.cc) client-ip=72.167.234.239;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 72.167.234.239 is neither permitted nor denied by best guess record for domain of noreply@onlineserver.cc) smtp.mail=noreply@onlineserver.cc
Received: from P3NW8SHG339 ([184.168.27.44])
    by p3nlsmtp14.shr.prod.phx3.secureserver.net with 
    id 12jN1m0080x5yNo012jNyX; Tue, 16 Jul 2013 07:43:22 -0700
Date: Tue, 16 Jul 2013 07:43:21 -0700
Subject: Little Jaws Big Smiles Registration Confirmation
X-PHP-Originating-Id: [10610735]
To: "Person" <person@gmail.com>
From: "Little Jaws Big Smiles" <no-reply@littlejawsbigsmiles.com>
Reply-To: "Little Jaws Big Smiles" <no-reply@littlejawsbigsmiles.com>
Return-Path: "Little Jaws Big Smiles" <no-reply@littlejawsbigsmiles.com>
Message-ID: <51e55c0a.f351310a.61d2.ffffe3a0SMTPIN_ADDED_BROKEN@mx.google.com>
X-Mailer: PHP/5.2.17
MIME-Version: 1.0
Content-type: text/html; charset=ISO-8859-1
Organization: Little Jaws Big Smiles

The ip 72.167.234.239 corresponds to p3nlsmtp14.shr.prod.phx3.secureserver.net, which I'm guessing is the mail server actually sending my email.

  • I have an A (Host) record setup with my actual IP address of the domain.
  • I have the default CNAME (alias) list that was supplied
  • I have two MX (Mail Exchanger records) that were supplied
    • mailstore1.secureserver.net
    • smtp.secureserver.net
  • There are two default name servers setup
    • ns45.domaincontrol.com
    • ns46.domaincontrol.com
  • I've setup the TXT SPF record in the following manner (no quotes because thats how godaddy has you enter it):
    • v=spf1 a mx ptr ip4:72.167.234.245 -all

However this still results in a neutral SPF result. I have waited 48 hours for the record to take action. I have also read the SPF Syntax and I think I've set it up appropriately (but I've never done this before, so I could be completely misunderstanding this)

I have also tried kitterman's validation script with the following result:

Found v=spf1 record for littlejawsbigsmiles.com: v=spf1 a mx ptr ip4:72.167.234.245 -all    
evaluating... SPF record passed validation test with pySPF (Python SPF library)!

Does anyone see a problem with my record definition or if I am missing anything else?

I am attempting to send mail from no-reply@littlejawsbigsmiles.com

Let me know if I need to provide any other information.

Update Per @TheCleaner's request, I followed the instructions on Godaddys site to creating the SPF record. Below are the steps and options I choose with why I selected them.

Under To Add an SPF Record

  • Step 4: I selected GoDaddy.com, LLC only
    • I am only sending emails using their servers
  • Step 5: I selected All Inbound Servers May Send Mail
    • I am not sure this applies to me, but I selected it just in case it does
  • Step 6: I did not select Outbound records.
    • My domain is not a mail server
  • Step 7: I did not select PTR
    • My domain is not a mail server
  • Step 8: I added 72.167.234.0/24 since this appears to be the mail servers Godaddy uses to send out emails
  • I also selected Exclude all hosts not specified here which adds -all

The result SPF record is below. I will try this and post back if this fixes my issues. Please let me know if my assumptions about my steps above are incorrect.

v=spf1 mx include:72.167.234.0/24 -all
henk
  • 75
  • 2
  • 8
SwDevMan81
  • 201
  • 1
  • 3
  • 14
  • @MadHatter - I saw that general overview of SPF, but it was unable to help me with my issue. – SwDevMan81 Jul 16 '13 at 15:13
  • OK, then firstly, it's very helpful if you can tell us what you've tried so far, which includes outlining your research. Secondly, if your domain is really `onlineserver.cc`, **you have no SPF record** - that's likely to be your underlying problem! – MadHatter Jul 16 '13 at 15:18
  • @MadHatter - I have posted my SPF record above. onlineserver.cc is not my domain, I'm guessing its something of godaddy's that is converting my no-reply@mydomain, but I have no idea where that is coming from. Maybe that is part of the issue? – SwDevMan81 Jul 16 '13 at 15:21
  • Well, it's where the email you're sending is coming from: "*Received-SPF: neutral (google.com: 72.167.234.239 is neither permitted nor denied by best guess record for domain of noreply@onlineserver.cc)*" – MadHatter Jul 16 '13 at 15:22
  • Hmm, ok, maybe I'll have to contact Godaddy and see why they are changing my `no-replay@mydomain` to `noreply@onlineserver.cc`, that seems strange. – SwDevMan81 Jul 16 '13 at 15:24
  • That'd be a good idea. When you come back, it's important to update your question and make it clearer. I strongly urge you not to redact your domain, either; these questions often stand or fall on details that are only apparent if all the information is made available to us. – MadHatter Jul 16 '13 at 15:26
  • @MadHatter - Ok, sounds good, I'll try and make my question a little clearer. For your viewing pleasure: http://littlejawsbigsmiles.com/ – SwDevMan81 Jul 16 '13 at 15:28
  • I finally found the issue to this problem. The question has been closed, so I cant post the answer. If its reopened, I can post the solution to my problem. – SwDevMan81 Jul 17 '13 at 12:40
  • Flag it for moderator attention, then; if you clarify that you've solved it, want to post an answer, and you'll accept that answer forthwith, (s)he may be willing to reopen it. – MadHatter Jul 17 '13 at 14:13
  • To clarify, our SPF records should be equivalent. If yours work, mine should work. So you could just accept mine. – gparent Jul 17 '13 at 14:18
  • Sounds good, I'll flag it and hopefully it will get reopened. Thanks guys. – SwDevMan81 Jul 17 '13 at 14:31
  • Looks like the question was reopened, clicking the check mark next to my answer should mark it as correct. – gparent Jul 17 '13 at 19:16

2 Answers2

5

You have entered the wrong IP address in your SPF record.

Here's the current record:

littlejawsbigsmiles.com. 3600   IN      TXT     "v=spf1 a mx ptr ip4:72.167.234.245 -all"

Here's the IP you're sending from:

72.167.234.239

Which is clearly different from 72.167.234.245.

Fix the record so that there's no mistake in it and everything should work fine.

To include a whole address range, use:

"v=spf1 mx ip4:72.167.234.0/24 -all"

By the way, GoDaddy offers a KB article on how to setup an SPF record with them: http://support.godaddy.com/help/article/7926/adding-or-editing-spf-records

gparent
  • 3,561
  • 2
  • 23
  • 28
  • This, of course, assumes that you're eventually going to send mail from the right domain rather than onlineserver.cc. – gparent Jul 16 '13 at 15:37
  • I updated the question to include the full header. I am attempting to send it from no-reply@littlejawsbigsmiles.com. It also appears that this server is changing (so godaddy must have multiple email servers that send out emails?) Sorry I'm still learning this stuff. – SwDevMan81 Jul 16 '13 at 15:43
  • 1
    My answer still applies, and please, stop changing the information all the time! You certainly do NOT own `mydomain.com` ! – gparent Jul 16 '13 at 15:44
  • Yestarday it appeared to be `72.167.234.236`. Is there a way to include `72.167.234.X` ? – SwDevMan81 Jul 16 '13 at 15:47
  • So the SPF records tells you what servers are sending out email. It has a few mechanisms to verify this. Now personally I'm not sure how GoDaddy chooses how to send email outbound, but either way based on the headers you posted above I can tell that `72.167.234.239` is attempting to send mail. Assuming that GoDaddy uses the same servers as your domain's MX records to send mail out, you could replace your SPF record with this: `v=spf1 mx -all`, but there's no guarantee this is how GoDaddy actually operates. – gparent Jul 16 '13 at 15:48
  • I added an example of how to permit a whole IP range. Have you considered just asking them? They're obviously the ones most likely to know... – gparent Jul 16 '13 at 15:49
  • 1
    @gparent - hope you don't mind me adding GoDaddy's KB article to your answer. If the OP is really using GoDaddy for everything (including DNS) this should work fine for them. – TheCleaner Jul 16 '13 at 15:56
  • @TheCleaner - Thanks for the post, I'll go through it and point out the options (and why) I selected to see if there are any flaws in im thinking. I'll update may question. – SwDevMan81 Jul 16 '13 at 16:05
  • @gparent - Yeah I have emailed their technical support and I've gotten the worst responses you could imagine (basically saying go read this page type of responses). Thanks for the update on the range, I'll see if that helps – SwDevMan81 Jul 16 '13 at 16:06
  • @TheCleaner I really don't mind, I was looking for it but was a bit busy doing other things to really validate the info. – gparent Jul 16 '13 at 17:18
4

So I finally tracked down the issue (godaddy techincal support said they couldnt help with "scirpting" problems). Turns out that they do have an issue with the SPF records:

Apparently when you setup a new hosting account, the default C:\php5\php.ini file for windows hosts sets the sendmail_from to noreply@onlineserver.cc, which was the actual sending address of the emails I sent using php's mail() function. I changed this to no-reply@littlejawsbigsmiles.com and got a little closer to resolving my issue.

Now to the second issue I was having that was causing the SPF to still fail. It turns out that creating an SPF record with Godaddys default include:spf.secureserver.net contains too many lookups. You can verify this by using this SPF Parser and enter in spf.secureserver.net. You will see there are a lot more then the maximum 10 lookups.

Using Kitterman's validation script, if you enter in spf.secureserver.net, you can see that it shows error PermError SPF Permanent Error: Too many DNS lookups. This is a problem that Godaddy needs to resolve globally (not just for my site). The issue is documented on their site. I did receive a response from them indicating its not their problem:

Also although we provide the ability to create SPF records, the management and setup responsibility are solely the customers responsibility.

I was able to work around this by checking my email headers and finding which server(s) were sending it out (appeared to be range 72.167.234.236-245). Using the SPF Parser I linked above, I was able to determine my site appears to be using spf102.secureserver.net. I'm not sure if this will change for my site and Godaddy has yet to tell me the answer. I changed my SPF record to include spf102.secureserver.net, which does not have the issue of Too many DNS lookups, but it might be an issue if emails could be changed and sent out of say spf101.secureserver.net.

Final working record will be based on the servers that are used for sending out emails, but it should look something like this if you are hosted on and using Godaddys servers:

v=spf1 mx include:spf102.secureserver.net -all

With these two updates I was able to send mail to google and hotmail email accounts and they not longer go to spam/junk folders (yey!)

Thanks to @MadHatter, @gparent and @TheCleaner for their support in tracking this down.

SwDevMan81
  • 201
  • 1
  • 3
  • 14