Score:0

Mail being rejected despite SPF record specifying envelope IP address

us flag

I have a mail server with a bridged DSL modem connection; the domain's SPF record looks like this:

"v=spf1 +mx +aa.bb.cc.dd -all"

where the aa.bb.cc.dd is the IP address for my end of the bridged DSL connection; this address is NOT in my domain; it is owned by my ISP. The IP for the mail server is in the MX record for the domain, but the PPPoE link for the DSL bridge changes the IP for my end of the link to aa.bb.cc.dd.

It was my understanding adding +aa.bb.cc.dd to the SPF record should allow mail going out with that address to be considered as coming from my domain, but I'm still getting reject messages:

550-5.7.26 The MAIL FROM domain [my-domain.com] has an SPF record with a hard
550-5.7.26 fail policy (-all) but it fails to pass SPF checks with the ip:
550-5.7.26 [aa.bb.cc.dd].

This was a recent update to my DNS records but I think it should have propagated by now. Any insights would be much appreciated.

Score:5
es flag

If you want to add an IP address to your SPF record, you need to use the ip4 mechanism. See the bottom example in the RFC Appendix A.1

Also, when not specified the + modifier is assumed.

Your record could look something like this:

v=spf1 mx ip4:aa.bb.cc.dd -all

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.