[ngw] Any SPF record experts here?

Jeffrey Sessler Jeff at ScrippsCollege.edu
Thu Feb 13 23:20:14 UTC 2014

Did they send you the exact error?
Your SPF with the "-all" indicates that only that IP is allowed to send for you. For sites that are stringent, they will drop mail that doesn't match that. You could change "-all" to "~all" as a temp check just to see if mail will now deliver. Basically the ~all says "I think this is right, but I'm not 100% sure." Most email systems tend then to not block email. Any change to the SPF could take time to replicate depending on your TTL for it. You may want to change the TTL on the record to say 300 seconds until you get this fixed ( allowing for fast changes).
If you have a gmail account, send a message from your system to the account. Open the email in gmail, then select "show original." Gmail has wonderful information about what it thinks of your SPF record. You'll see something like "Authentication -Results: SPF=pass (Google.com: domain of user at domain.com designates <ip address> as permitted sender).

>>> On Thursday, February 13, 2014 at 2:06 PM, in message <52FCFB8502000013000F47AB at mail.msktd.com>, "Kenneth Etter" <kle at msktd.com> wrote:

Thanks Matt.  I'll check into that.

>>> Matt Weisberg <matt at weisberg.net> 2/13/2014 4:45 PM >>>

That*s odd.  About the only suggestion I could think of would be to add
the CIDR notation to the end of the address.  Because you have a 255 in
the third octet of your host address, maybe Microsoft is not correctly
applying the mask (or lack thereof of a mask).

So try changing this:

v=spf1 ip4: -all

to this

v=spf1 ip4: -all

See if that makes a difference.  But to me, what you have is 100%
right.  But if Microsoft says it*s wrong, well.. lets not even go
there*.. argh...


Matt Weisberg
Weisberg Consulting, Inc.
matt at weisberg.net
ofc. 248.685.1970
cell 248.705.1950
fax 248.769.5963

On Feb 13, 2014, at 2:05 PM, Kenneth Etter <kle at msktd.com> wrote:

> One of the companies we are emailing is bouncing our mails back at
us.  When we informed that company, they contacted their IT consultant
and this is the reply that came back from the consultant which was
forwarded to us:
> I heard back from MXLogic.  Your client's SPF records are not
> According to the Microsoft Knowledge Base article relating to this
error: "This problem occurs because of a problem in the way that the
Exchange Sender ID engine applies subnet masks that are defined in the
SPF records. The problem may occur if one or more non-class full subnets
are defined in the SPF record of the sending domain."
> The "client" mentioned above is us.  As far as I can tell, there is
nothing wrong with my SPF records.  And the only thing I can find
related to that MS KB article is a bug fix that needs to be applied to
the recipients Exchange system.  If someone who knows SPF could take a
look at the record for mail.msktd.com and let me know if I messed
something up, I would appreciate it.
> Thanks,
> Ken
> _______________________________________________
> ngw mailing list
> ngw at ngwlist.com
> http://ngwlist.com/mailman/listinfo/ngw

ngw mailing list
ngw at ngwlist.com

More information about the ngw mailing list