On 07/25/11 23:39, Wayne Gregor wrote:
> Hi Lyle,
>
> If you would be so kind to help me out with this.  Seems odd that this
> crops up now.  I haven't had any problems with my SPF record.
>
> Sending Email address:HIDDEN@gorigroup.com
> Receiving Domain: david-mcdermott.com
> My spf is: v=spf1 ip4:173.8.187.50 -all
> <https://dns.godaddy.com/ZoneFile.aspx?zone=gregorigroup.com&zoneType=0&sa=#>
>
>
> Thanks,
> Wayne
>

Interesting, openspf.org seems to be offline right now.  But that's not 
material right now.

I checked and the SPF as published in DNS matches the above for 
gregorigroup.com.

The SPF record means:

v=spf1   using SPF version 1
ip4:173.8.187.50  email is allowed to be sent from this IPv4 address
-all  The dash(vs the tilde) means this list is exclusive, no email 
should be sent from anywhere other than what is listed here.

I noted that gregorigroup.com shows two mx records:

0  mail.gregorigroup.com  173.8.187.50
10 mail2.gregorigroup.com 173.8.187.51

At a minimum, I think your SPF record needs to use the MX modifier. 
That means all ip addresses associated with the MX records are allowed 
to send mail on behalf of this domain.

In this case, if the email was sent from mail2.gregorigroup.com, the SPF 
record is saying that the email should be rejected.

I have a problem with using a -all in these records.  Normally we have 
little control over what the users will do.  They will get a smart phone 
and use their cell phone providers outgoing mail servers(you have little 
control over the cell phone first level support).  Or they will start an 
email marketing plan using a service like Constant Contact.  In other 
words, they will use whatever seems to work for them at the moment and 
that may not mean always using your mail server for their outgoing mail.

You may want to use ~all (tilde) instead.  The tilde indicates a 
softfail instead of a hard fail if the email comes from somewhere other 
than what is specified in the spf records.

Lyle Giese
LCR Computer Services, Inc.