0

When I try to send an email I get the following error:

550 2607:f8b0:4864:20::132 is not allowed to send mail from mydomain.com. Please see the SPF record, with scope mfrom, identity myuser@mydomain.com, and ip 2607:f8b0:4864:20::132

I use gmail to send mails from myuser@mydomain.com

This is how all the MX and TXT records I have at Cloudflare:

enter image description here How to resolve this issue?

Offir
  • 131
  • 10
  • Please do not use commercial websites (such as mydomain.com) as placeholder examples. Generally, it's best to give your real address. If you must elide it, use a standard placeholder from [RFC 2606](https://tools.ietf.org/html/rfc2606#section-3). – TRiG Nov 11 '19 at 11:51
  • This question is different and the answer is specific to gmail. – Offir Nov 11 '19 at 21:04

1 Answers1

2

You should first look up what a Sender Policy is. It is up to you to decide, which servers may send e-mail on behalf of your domain, all other servers will be suspicious (usually spammers).

If you want to send e-mail only from GMail, you need to find and copy GMail's policy:

piotr@bialykiel:~$ dig gmail.com TXT +short
"globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8="
"v=spf1 redirect=_spf.google.com"
piotr@bialykiel:~$ dig _spf.google.com TXT +short
"v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"

So probably what you want is a TXT record containing:

"v=spf1 include=_spf.google.com ~all"

It means: we usually send from these IP addresses (you can find a list digging further the includes), but we may use another IP address.

E-mail providers usually explain what records are needed. You'll find Google's explanation on their help pages.

Piotr P. Karwasz
  • 5,292
  • 2
  • 9
  • 20
  • Just an FYI, using `-all` at the end of your SPF record is more secure, but you must add every domain/server that could send email for your domain. For example, ours needed an `include` for Mailgun, Mailchimp, and Gmail. – evolross Jul 08 '21 at 17:42