httpwebwitch - 1:26 pm on Sep 14, 2011 (gmt 0)

Actually the mail in question is mission-critical for the normal functioning of my app, and the SPF dysfunction has worse consequences - I noticed that some hosts have added my domain to their spam blacklist. So, this not a trivial issue.

Thankfully, I've solved the problem and it wasn't difficult to do.

I'm running this site on a VPS, which hosts several domains. The root IP for the VPS is A.B.C.X (for example)

this one site in question has a dedicated IP, A.B.C.Y (for example)

So, the "A" record for the domain is A.B.C.Y, but the mail service is all hosted on the VPS, which is A.B.C.X. They don't match, and that's why the SPF Test failed.

My SPF record states "v=spf1 a mx -all" , meaning the IP of the sender-host must match the IP in the "A" record. It didn't.

Rather than fuss with the IPs, the solution was far simpler. I changed the SPF record to:

"v=spf1 a mx ip4:A.B.C.X -all"

Thus allowing the root VPS mail service to send mail originating from my domain.

Wait an hour for the DNS to propagate... then I sent another test message to spf-test@openspf.org

the response:

spf-test@openspf.org SMTP error from remote mail server after RCPT TO:<spf-test@openspf.org>: host mailout02.controlledmail.com [72.81.252.18]: 550 5.7.1 <spf-test@openspf.org>: Recipient address rejected: SPF Tests: Mail-From Result="pass": Mail From="***bleep***@***bleep***.com" HELO name="vps.***myVPSdomain.com" HELO Result="none" Remote IP="***bleep***"

Now the SPF test passes.

SPF is an arcane art; I can appreciate how easy it is to ignore, or configure badly. But now I know the importance of doing it, and doing it right. The first time around I was merely pasting in an ignorant suggestion, and without knowing it my SPF test has been failing for a long time. It took me a couple of hours to read a little deeper, understand how SPF works, how to test if it is working, and figure out a solution.

I hope this thread helps someone overcome the same problems.