2

I've set up my SPF record at improvedemployees.com as follows:

v=spf1 a mx ptr ip4:84.40.9.177 mx ip4:84.40.9.11 ~all

I've set up my SPF record at affiliatewebdesigners.com to point to using improvedemployees.com as this is the reverse lookup name of the server. The SPF for affiliatewebdesigners.com is as follows:

v=spf1 a mx ptr ip4:84.40.9.177 mx ip4:84.40.9.11 include:improvedemployees.com ~all

I'm still getting bounced emails unless I'm on a whitelist and I can't figure out why. I've tried to analyse my SPF record using mxtoolbox:

http://mxtoolbox.com/domain/improvedemployees.com/?source=findmonitors

enter image description here

This error seems pretty useless. Can anyone help me figure out where I'm going wrong?

Dave Hilditch
  • 323
  • 3
  • 7
  • 4
    Doesn't seem to be the issue, but you've got "mx" specified twice in both of them. Putting it into http://www.kitterman.com/spf/validate.html shows me an error of "unknown mechanism ~all" which doesn't make sense to me. – ceejayoz Sep 09 '14 at 16:59
  • Thanks for that link and spotting mx twice in there. When I validate with that link it seems valid for me now. – Dave Hilditch Sep 09 '14 at 17:33
  • Having said that, it was the 'unknown mechanism ~all' error I was getting previously when I used another tool other than mxtoolbox - might have been this kitterman one. Maybe once the new SPF records have been updated without the additional mx it will be considered valid. – Dave Hilditch Sep 09 '14 at 17:47
  • On a slightly unrelated note, RFC7208 (the latest SPF RFC) discourages using the "ptr" mechanism for a number of reasons. It's slow and prone to errors for starters, but combined with the void lookup limitations of RFC7208 it can also cause difficulty enforcing your SPF policy. – PeterK Sep 10 '14 at 06:28
  • MX-Toolbox does not show an error anymore, has the issue been resolved with the hint from ceejayoz, @dave-hilditch? – sebix Nov 16 '14 at 21:10

2 Answers2

3

The right format for SPF record would be:

domain.com. IN TXT "v=spf1 mx a ip4:mail.domain.com ~all"

or

domain.com. IN TXT "v=spf1 mx a ip4:mail.domain.com a:anotherdomain.com ~all"

There are some online SPF Record Generator out there that can help you with creating SPF Record.

Ali Pandidan
  • 1,699
  • 2
  • 9
  • 7
1

You've got "mx" specified twice in both of them.

v=spf1 a mx ptr ip4:84.40.9.177 mx ip4:84.40.9.11 ~all

v=spf1 a mx ptr ip4:84.40.9.177 mx ip4:84.40.9.11 include:improvedemployees.com ~all

Community
  • 1
masegaloeh
  • 17,978
  • 9
  • 56
  • 104