0

I have saved my spf record such that it looks correct in the enom host record interface.

However, when I run a test on it - the published record does not display the include:spf.mailjet.com portion.

I cannot get mailjet to validate this for smtp sending.

The domain is mixteka.com

The record is setup as:

enom screenshot of spf config

But if you use http://www.kitterman.com/spf/validate.html to check the record - you can see it is different.

Any thoughts about how to fix this?

Mary Camacho
  • 105
  • 1
  • 5
  • 1
    I'm not seeing **any** record; `dig txt mixteka.com @DNS1.NAME-SERVICES.COM` returns "*recursion requested but not available*", which is a bit worrying given that it's one of your whois-listed nameservers (`dig spf ...` does likewise). – MadHatter Oct 10 '14 at 15:44
  • @MadHatter The "recursion requested but not available" message is a result of that your query requested recursion. An authoritative-only nameserver will not allow that, so that message in itself is expected in this scenario and not actually a cause for concern. Adding `+norec` to the `dig` command line will ensure that the `RD` (Recursion Desired) bit is not set in the query and will avoid that warning. – Håkan Lindqvist Oct 10 '14 at 18:00
  • @MadHatter Also, more as a sidenote, whois is not an ideal source for authority information as it is 1) an entirely separate system with informational text that may or may not reflect the current reality and 2) only applicable to delegations that have been made by someone who actually has a whois server (ie, typically only applicable to second-level domain registrations). The information that actually determines authority are the `NS` records in DNS itself. – Håkan Lindqvist Oct 10 '14 at 18:17
  • Point taken, Håkan, and many thanks for making it. – MadHatter Oct 11 '14 at 07:08
  • I have now changed name servers and am managing DNS elsewhere so that I have greater flexibility and control. Thanks for the clarity! I will adjust that record. – Mary Camacho Oct 11 '14 at 13:26

1 Answers1

2

It appears that the record you have created exists at mixteka.com.mixteka.com.

mixteka.com.mixteka.com. 1800   IN      TXT     "v=spf1 include:spf.mailjet.com SPF a ip4:69.64.144.0/20 ip4:98.124.192.0/18 ip4:216.163.188.60 ip4:216.163.176.40 ip4:38.113.116.216 ~all"

I suspected and checked for this based on the value in the Host Name field in the form in combination with there existing no TXT or SPF record at mixteka.com.

You may have to consult the documentation for the system you are using for how to create a record at the zone apex but some possibilities include:

  • Name with trailing dot (eg example.com.)
  • @ as name
  • Empty field

(The first two options are inspired by the standard master file format.)


As a separate note, SPF is, as far as I know, not a valid mechanism inside an SPF record.

Your record:

v=spf1 include:spf.mailjet.com SPF a ip4:... ~all

should probably just read:

v=spf1 include:spf.mailjet.com a ip4:... ~all

Håkan Lindqvist
  • 33,741
  • 5
  • 65
  • 90