Correct SPF record using google apps
Solution 1
The following TXT
record works for me:
v=spf1 include:_spf.google.com ~all
Solution 2
v=spf1 a mx include:aspmx.googlemail.com include:_spf.google.com ~all
Solution 3
v=spf1 include:_spf.google.com ~all
might be what Google tells you to put in it, but their Google Apps Toolbox MX checker fails it :(
Subho Halder
I'm a Security Researcher, Web Developer, Programmer, and a Human after all. I have co-founded Appknox, Android Framework for Exploitation(AFE) and many other initiatives and also worked as a freelancer in Scriptlance. Find me at Apple Security Researcher List, Microsoft Security Researcher's List and also at Google Hall of Fame, Under Honourable mention. Currently I am the Co Founder of Appknox a Mobile Security Startup. I have completed my Bachelors in Electronic and Telecommunication from KIIT University. You can read my blogs at http://subho.me A budding programmer, hacker and a Party Harder kind of guy :)
Updated on April 21, 2020Comments
-
Subho Halder about 4 years
I am using google apps, and google is handling my email.
I have created the SPF record mention in the help forum in google, but the SPF record did not pass, verified by using [email protected] and [email protected].
After searching a bit I found that the SPF mentioned in google
v=spf1 include:aspmx.googlemail.com ~all
is wrong and buggy, after consulting a hardcore programmer, we created an SPF record as
v=spf1 a mx include:_netblocks.google.com include:aspmx.googlemail.com include:_spf.google.com ~all
This passed the test using both the method mentioned above. However when I send an email to a###l@ind###########cer.org it shows delivery failed with the following message
Delivery to the following recipient failed permanently: a###l@ind##########cer.org Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 The sender did not meet Sender Policy Framework rules. Please see http://spf.pobox.com (state 18).
However if I send mail from Yahoo or Gmail it gets delivered successfully, can anyone help me out?
-
Devon almost 14 yearsYes. This is the correct setting. aspmx.googlemail.com has been replaced by _spf.google.com
-
maxsilver over 13 yearsGoogle's support site verifies this information : google.com/support/a/bin/answer.py?answer=178723
-
toxaq over 13 yearsIncredible that Google didn't notify customers about this?
-
David Carboni almost 12 yearsFor the benefit of Googlers, here's a record that includes Google, plus MX and A records for your domain:
v=spf1 a mx include:_spf.google.com ~all
-
JeremyWeir about 11 yearsNot sure you want the mx there because I don't think google uses the same servers to send as receive. Can anyone verify this?
-
conualfy about 11 yearsdo you know if a record like this is valid?
v=spf1 include:_spf.google.com ~all +a +mx +ip4:193.203.205.41 ?all
-
conualfy about 11 yearsUpdate: Removed the
?all
from the end as I guessed it is a contradiction to~all
and checked with[email protected] and [email protected]
. It seems to be ok. -
Gaia over 9 years@JeremyWeir I don't think MX is needed because google does not recommend it: support.google.com/a/answer/178723?hl=en