1

I have my own postfix server, that serves only as a forwarding mail server, i.e. if you send email at admin@mydomain.com, it will arrive into my gmail/whatever else.

My SPF looks as such:

v=spf1 ip4:<IP HERE> a:<DOMAIN HERE> include:_spf.google.com -all

I have verified that when I'm sending emails, they come from ip in the ip4 part:

Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
gmail.com discourages use of <SAME_IP_AS_IN_SPF> as permitted sender)
Received: from <DOMAIN_FROM_SPF> (<IP_FROM_SPF>) by ...

Gmail won't even put the email into junk - it just never appears in my mailbox anywhere. Their tool though marks SPF as ok (though I assume that tool is if I want to relay to the gmail server and they'll send it for me - is the include:_spf.google.com useless in my case? I just want to forward emails from people to my personal address).

In outlook then, the mail is marked as junk. Any idea of what's wrong both with SPF and marking the mail as junk? I also have reverse dns so that my hostname can be resolved to the same ip as above. According to this SPF tester tool, my SPF should pass as well.

pydoge
  • 165
  • 1
  • 5

1 Answers1

1

SPF checks apply to the sender domain. When your Postfix server forwards a mail, the sender address remains unchanged. Consequently, the SPF check on the recipient server will try to verify your server's IP address against the SPF record of the sender domain. Your own SPF record does not have any say in this.

This is a well-known problem with SPF. A workaround has been proposed under the label of SRS (Sender Rewriting Scheme), see http://www.openspf.org/SRS .

Tilman Schmidt
  • 3,778
  • 10
  • 23