I'm sending mails from my rails application but for some reason I never get SPF to pass, its always saying either failed or neutral.
I've got forward and reverse DNS set up (what I think is correct). I followed the guides here to no avail. The good thing is that my mail doesn't end up in spam, but thats not enough for me, I want SPF to pass. If anyone can help me it would be appreciated.
I have my hostname set to mail.example.com
. I have my reverse DNS set to the same. However, when I send mail I want it to come from [email protected], not from [email protected]. When I email from [email protected] I get a neutral SPF, but when i change it to [email protected], it fails. The way I understand is that if its still coming from the FQDN it should pass, but it doesn't.
These are my DNS records:
A = mail xxx.xxx.xxx.xxx
A = example. xxx.xxx.xxx.xxx
A = www xxx.xxx.xxx.xxx
MX = example. mailstore1.secureserver.net.
MX = example. smtp.secureserver.net.
MX = example. mail.example.com.
TXT = v=spf1 mx include:mail.example.com -all.
The first 2 MX records are from godaddy, but I'm hosting the site with slicehost. Also, I have a couple of CNAME and NS records that I don't think are helpful but Im mentioning in case they are.
I'm using postfix on Ubuntu and rails 3.
Any ideas?
UPDATE: Here is the header of one of my failed mails
Delivered-To: [email protected]
Received: by 10.229.49.65 with SMTP id u1cs60507qcf;
Mon, 12 Dec 2011 19:20:11 -0800 (PST)
Received: by 10.42.150.135 with SMTP id a7mr13973149icw.53.1323746409644;
Mon, 12 Dec 2011 19:20:09 -0800 (PST)
Return-Path: <[email protected]>
Received: from mail.example.com ([xxx.xxx.xxx.xxx])
by mx.google.com with ESMTP id y15si2866827ibk.138.2011.12.12.19.20.09;
Mon, 12 Dec 2011 19:20:09 -0800 (PST)
Received-SPF: fail (google.com: domain of [email protected] does not designate xxx.xxx.xxx.xxx as permitted sender) client-ip=xxx.xxx.xxx.xxx;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of [email protected] does not designate xxx.xxx.xxx.xxx as permitted sender) [email protected]
Received: from localhost.localdomain (localhost [127.0.0.1])
by mail.example.com (Postfix) with ESMTP id B6BB31C1F5D
for <[email protected]>; Tue, 13 Dec 2011 03:20:08 +0000 (UTC)
Date: Tue, 13 Dec 2011 03:20:08 +0000
From: Example <[email protected]>
To: [email protected]
Message-ID: <[email protected]>
Subject: Password Reset
Mime-Version: 1.0
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
SOLUTION: Put quotes around the spf record, mine now looks like this:
TXT = "v=spf1 mx include:mail.example.com -all"
Summary based on the comments:
The quotes are important in the content of a TXT record. Space counts as a separator. I have met a DNS user interface where sloppily entering v=spf1 -all (note that quotes are missing) resulted in two atoms "v=spf1" "-all" instead of a single atom "v=spf1 -all". Only the latter will work.
Your SPF record is messed up. "include" is a redirection. You are saying that the SPF record of example.com is the SPF record of mail.example.com, and based on your question I guess this is not what you want. You should include all relevant DNS information (MX, A, TXT, SPF) in your question. Something like:
example.com. IN TXT "v=spf1 include:example.net -all" example.net. IN TXT "v=spf1 mx -all"