SFP Validation: Neutral – after explicitly adding servers to TXT (and SPF) record

Callen asked:

I can’t get a pass on the emails coming from my application servers 🙁 – I have 2

I am using http://tools.bevhost.com/spf/ to validate my newly minted SPF records. It has the following to say:

pass

spfquery: domain of xxx.com designates xxx.xxx.xxx.xxx as permitted sender
Received-SPF: pass (spfquery: domain of xxx.com designates xxx.xxx.xxx.xxx as permitted sender) client-ip=xxx.xxx.xxx.xxx; envelope-from=clientservices@xxx.com; helo=prod02.xxx.com;

The header of the emails I am receiving from the site say the following

Received-Spf: neutral (google.com: xxx.xxx.xxx.xxx is neither permitted nor denied by best guess record for domain of apache@prod02.xxx.com) client-ip=xxx.xxx.xxx.xxx;
Authentication-Results: mx.google.com; spf=neutral (google.com: xxx.xxx.xxx.xxx is neither permitted nor denied by best guess record for domain of apache@prod02.xxx.com) smtp.mail=apache@prod02.xxx.com

xxx.xxx.xxx.xxx is the same IP every time
xxx.com is the same domain every time – sorry for the obfuscation, I’m not sure how much information it’s safe to give out. halp?

My answer:


Your email is being sent from “apache2@prod.xxx.com”, and the domain prod.xxx.com is not the one for which you set up an SPF record.

You can do one of two things:

  1. Change the server’s mailer so that its outgoing mail uses a domain you expect.
  2. Set up an SPF record for prod.xxx.com.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.