cancel
Showing results for 
Search instead for 
Did you mean: 

SPF softfail

FIXED
Racalman
Grafter
Posts: 45
Thanks: 3
Fixes: 1
Registered: ‎13-02-2014

SPF softfail

I'm sending emails to a Google account via the plusnet SMTP server from an email address registered with another ISP.

The received message header contains this warning:

Received-SPF: softfail (google.com: domain of transitioning myemailaddress does not designate 
84.93.230.235 as permitted sender) client-ip=84.93.230.235; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning myemailaddress does not designate 84.93.230.235 as permitted sender)

Can I add a DNS record to my other domain that will recognise plusnet as a permitted sender, if so how?

Thanks,

Mike

16 REPLIES 16
ccarmock
Rising Star
Posts: 92
Thanks: 27
Fixes: 1
Registered: ‎04-11-2013

Re: SPF softfail

Fix

Plusnet say they don't officially support SPF, but do have a record published from their early days that seems to still work ok.

In the DNS zone for your own domain try adding a TXT record:

v=spf1 include:madasafish.com

 

Racalman
Grafter
Posts: 45
Thanks: 3
Fixes: 1
Registered: ‎13-02-2014

Re: SPF softfail

Thanks, I will try that Smiley

 

Mike

dvorak
Moderator
Moderator
Posts: 29,473
Thanks: 6,623
Fixes: 1,482
Registered: ‎11-01-2008

Re: SPF softfail


Moderators Note


This topic has been moved from ADSL Broadband to eMail

Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
Townman
Superuser
Superuser
Posts: 22,922
Thanks: 9,539
Fixes: 158
Registered: ‎22-08-2007

Re: SPF softfail


@ccarmock wrote:

Plusnet say they don't officially support SPF, but do have a record published from their early days that seems to still work ok.

In the DNS zone for your own domain try adding a TXT record:

v=spf1 include:madasafish.com

 


I think that there might be some confusion here.

Plusnet do not support the addition of DNS TXT records (including SPF configurations) for domains hosted on PLUSNET's name servers.  So if yourdomain.co.uk is hosted on your Plusnet account then it is not possible to configure a SPF record.

I read the OP as stating that the email address in question is that of another ISP's - in which case what Plusnet does of does not support in respect of SPF has no impact.  If the user's ISP permits the configuration of TXT records on their DNS (name server) then setting up a text record as described will do what they want.

What is of interest here is why does the user want to relay a third party address via PlusNet's SMTP servers, rather than using the "home" SMTP for that address?

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

ccarmock
Rising Star
Posts: 92
Thanks: 27
Fixes: 1
Registered: ‎04-11-2013

Re: SPF softfail

Elsewhere in the forums it states that Plusnet do not officially publish an SPF for mail routed through their SMTP relay (whichis a bit of an omission in my view), however they previously they did.

 

My interpretation of what the OP is trying to do is use Plusnet's SMTP relays for a domain that he has DNS hosting for held elsewhere.  When he relays via Plusnet's SMTP he is seeing an SFP softfail.

As the assumption is he can add a DNS TXT entry elsewhere then what he needs to do is ensure Plusnet's SMTP servers are covered by that SPF record that he can create/edit, and he can designate Plusnet SMTP servers as authorised to send mail for his domain.

The point made elsewhere on the forums is that you have to use the madasafish SPF rather than one under the plus.net zone.

It would be quite possible to have a domain registration only with a company without taking SMTP relay services.  That might be the setup the OP has, and hence wants to use his ISP's SMTP relay service - ie Plusnet.

Townman
Superuser
Superuser
Posts: 22,922
Thanks: 9,539
Fixes: 158
Registered: ‎22-08-2007

Re: SPF softfail

Elsewhere in the forums it states...

A link would be helpful please.

In the context described PlusNet's support or not for SPF has no bearing on the matter.

If the user has the ability to set up a TXT SPF record in their domain's name server (referring to Plusnet or any other SMTP) then it will work irrespective of Plusnet's declared functionality.  SPF checking is performed by the receiving MX not the sending MX.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

ccarmock
Rising Star
Posts: 92
Thanks: 27
Fixes: 1
Registered: ‎04-11-2013

Re: SPF softfail

Stated by Gandalf here

 

I don't fully agree that it has no bearing on the OPs question - see below,  but the solution I provided should work in this  case.   As you rightly say SPF checking is done by the destination system.

  What I do find slightly odd is Plusnet's own position on this, which I interpret as 'we don't publish an SPF for our SMTP relay service'.  However as has been said there is a published SPF for mail relaying through Plusnet's in the madasafish.com domain. 

So the correct way to do this is create an SPF record in the OPs domain that uses the include: syntax I provided.   I believe Plusnet should officially maintain and therefore support an SPF for their SMTP relay service, which they update if any of the IP addresses of the SMTP service change, or they add additional hosts.   That way anyone using include: in their own SPF will be safe.

Using the old, semi defunct, Madasafish domain doesn't seem to be good practice.

 

 

Townman
Superuser
Superuser
Posts: 22,922
Thanks: 9,539
Fixes: 158
Registered: ‎22-08-2007

Re: SPF softfail

If you read the whole of that topic, where the other SUs have sought to clarify matters, Gandalf was confusing what PLUSNET's name severs (DNS configuration interface) does or does not facilitate, which is not the same thing.  Plusnet does not support SPF specification for hosted domains or the naked account domain.

As per further down that topic, the reference to madasafish.com is a catch all for all of PN's SMTP servers.

I reiterate, to do what the OP is requesting it matters not if Plusnet does or does not support SPF in any way in respect of the question asked.

 

In a very different context Plusnet has sought to implement SPF records for all myaccount.plus.com domains … but Gmail threw and even bigger paddy-fit than the one they are seeking to resolve.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Racalman
Grafter
Posts: 45
Thanks: 3
Fixes: 1
Registered: ‎13-02-2014

Re: SPF softfail

Thanks everyone for your input to my question.

 

The simple reason that I'm using plusnet's server to send emails from another domain is that I need to send out emails from that address to members of a club The distribution list has 80 addresses but the other domain (Freeparking) only allows 50 per email whereas plusnet allows 200 I believe.

So I needed to know how to modify the Freeparking DNS records and I think you have given me the answer.

I will try it today and let you know if it works.

Mike

PS: I just found this helpful utility: spf.zone

Racalman
Grafter
Posts: 45
Thanks: 3
Fixes: 1
Registered: ‎13-02-2014

Re: SPF softfail

Sorry, another question!

The existing Freeparking TXT record is:

"v=spf1 redirect=_spf.mailhostbox.com" with TTL = 38400.

If I understand the advice given correctly, I should change this to:

"v=spf1 include:madasafish.com include:_spf.mailhostbox.com ~all"

Do I have to wait for TTL to expire before seeing any change?

 

Thanks

Mike

ccarmock
Rising Star
Posts: 92
Thanks: 27
Fixes: 1
Registered: ‎04-11-2013

Re: SPF softfail

Yes that should work.

You don't need to wait for the TTL to expire.  The significance of the TTL here is that some systems that have cached your SPF entry can wait up to the TTL expiry before looking up the record again.  So the sooner you make the change the sooner your update will propagate.

ccarmock
Rising Star
Posts: 92
Thanks: 27
Fixes: 1
Registered: ‎04-11-2013

Re: SPF softfail

All I am saying is that is is not unreasonable to expect Plusnet to publish and maintain an SPF record for their SMTP relay service.  Given the Madasafish was an acquisition some time ago I would question that as the logical place to maintain it.    I would have thought under the plus.net hierarchy would be a better place.

That was not clarified in the thread I linked to, just that someone suggested Plusnet *might* maintain the madasafish one if they made any changes, but no one from Plusnet confirmed that.

Racalman
Grafter
Posts: 45
Thanks: 3
Fixes: 1
Registered: ‎13-02-2014

Re: SPF softfail

Including madasafish didn't fix the problem. I still get this warning from the receiving Gmail account:

 

ARC-Authentication-Results: i=1; mx.google.com;
       spf=softfail (google.com: domain of transitioning fromaddress does not designate 212.159.14.19 as permitted sender) smtp.mailfrom=fromaddress
Return-Path: <fromaddress>
Received: from avasout04.plus.net (avasout04.plus.net. [212.159.14.19])
        by mx.google.com with ESMTPS id o9si3905685wrq.107.2019.03.17.07.48.30
        for <destination@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 17 Mar 2019 07:48:30 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning fromaddress does not designate 212.159.14.19 as permitted sender) client-ip=212.159.14.19;
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning fromaddress does not designate 212.159.14.19 as permitted sender) smtp.mailfrom=fromaddress

Do I need to add/change any other DNS records?

 

Mike

ccarmock
Rising Star
Posts: 92
Thanks: 27
Fixes: 1
Registered: ‎04-11-2013

Re: SPF softfail

That IP address is included in the madasafish.com's record you included.  The likelihood is that you need to wait for Google's DNS cache to flush the old entry.

If you PM me your domain there is a way to force that flush, though it might have happened by now.