How to setup correct SPF record

email email-server spf godaddy

15,240

Solution 1

So I finally tracked down the issue (godaddy techincal support said they couldnt help with "scirpting" problems). Turns out that they do have an issue with the SPF records:

Apparently when you setup a new hosting account, the default C:\php5\php.ini file for windows hosts sets the sendmail_from to [email protected], which was the actual sending address of the emails I sent using php's mail() function. I changed this to [email protected] and got a little closer to resolving my issue.

Now to the second issue I was having that was causing the SPF to still fail. It turns out that creating an SPF record with Godaddys default include:spf.secureserver.net contains too many lookups. You can verify this by using this SPF Parser and enter in spf.secureserver.net. You will see there are a lot more then the maximum 10 lookups.

Using Kitterman's validation script, if you enter in spf.secureserver.net, you can see that it shows error PermError SPF Permanent Error: Too many DNS lookups. This is a problem that Godaddy needs to resolve globally (not just for my site). The issue is documented on their site. I did receive a response from them indicating its not their problem:

Also although we provide the ability to create SPF records, the management and setup responsibility are solely the customers responsibility.

I was able to work around this by checking my email headers and finding which server(s) were sending it out (appeared to be range 72.167.234.236-245). Using the SPF Parser I linked above, I was able to determine my site appears to be using spf102.secureserver.net. I'm not sure if this will change for my site and Godaddy has yet to tell me the answer. I changed my SPF record to include spf102.secureserver.net, which does not have the issue of Too many DNS lookups, but it might be an issue if emails could be changed and sent out of say spf101.secureserver.net.

Final working record will be based on the servers that are used for sending out emails, but it should look something like this if you are hosted on and using Godaddys servers:

v=spf1 mx include:spf102.secureserver.net -all

With these two updates I was able to send mail to google and hotmail email accounts and they not longer go to spam/junk folders (yey!)

Thanks to @MadHatter, @gparent and @TheCleaner for their support in tracking this down.

Solution 2

You have entered the wrong IP address in your SPF record.

Here's the current record:

littlejawsbigsmiles.com. 3600   IN      TXT     "v=spf1 a mx ptr ip4:72.167.234.245 -all"

Here's the IP you're sending from:

72.167.234.239

Which is clearly different from 72.167.234.245.

Fix the record so that there's no mistake in it and everything should work fine.

To include a whole address range, use:

"v=spf1 mx ip4:72.167.234.0/24 -all"

By the way, GoDaddy offers a KB article on how to setup an SPF record with them: http://support.godaddy.com/help/article/7926/adding-or-editing-spf-records

15,240

SwDevMan81

Twitter: @SwDevMan81 Mail: SwDevMan81 at Gmail Feel free to ping me for any questions you have. Job Title: Software Engineer Job Develop: Software for radar systems, Software GUI, real time embedded Current Languages: C#, C++, Java AS: Monroe Community College (Engineering Science) BS: University at Buffalo (Computer Science) MS: University at Buffalo (Computer Science & Engineering) MBA: Syracuse University (Business Analytics) Sites: Design Patterns Salt

Updated on September 18, 2022

Comments

SwDevMan81 over 1 year
I am trying to setup a very basic SPF record. I am hosting my website on Godaddy and using Godaddy's email servers. I am using the php mail() call (I know, I've read a ton of places to use PHP Mailer, or others, but I am choosing to the default mail() function and thats not really my question). Right now the spf record in the email is coming back as neutral with the following lines:
```
Delivered-To: [email protected]
Received: by 10.52.171.166 with SMTP id av6csp133324vdc;
        Tue, 16 Jul 2013 07:43:23 -0700 (PDT)
X-Received: by 10.49.104.180 with SMTP id gf20mr2338989qeb.59.1373985802775;
        Tue, 16 Jul 2013 07:43:22 -0700 (PDT)
Return-Path: <[email protected]>
Received: from p3nlsmtp14.shr.prod.phx3.secureserver.net (p3nlsmtp14.shr.prod.phx3.secureserver.net. [72.167.234.239])
        by mx.google.com with ESMTP id d19si710455qey.143.2013.07.16.07.43.22
        for <[email protected]>;
        Tue, 16 Jul 2013 07:43:22 -0700 (PDT)
Received-SPF: neutral (google.com: 72.167.234.239 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=72.167.234.239;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 72.167.234.239 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: from P3NW8SHG339 ([184.168.27.44])
    by p3nlsmtp14.shr.prod.phx3.secureserver.net with 
    id 12jN1m0080x5yNo012jNyX; Tue, 16 Jul 2013 07:43:22 -0700
Date: Tue, 16 Jul 2013 07:43:21 -0700
Subject: Little Jaws Big Smiles Registration Confirmation
X-PHP-Originating-Id: [10610735]
To: "Person" <[email protected]>
From: "Little Jaws Big Smiles" <[email protected]>
Reply-To: "Little Jaws Big Smiles" <[email protected]>
Return-Path: "Little Jaws Big Smiles" <[email protected]>
Message-ID: <[email protected]>
X-Mailer: PHP/5.2.17
MIME-Version: 1.0
Content-type: text/html; charset=ISO-8859-1
Organization: Little Jaws Big Smiles
```
The ip 72.167.234.239 corresponds to p3nlsmtp14.shr.prod.phx3.secureserver.net, which I'm guessing is the mail server actually sending my email.
- I have an A (Host) record setup with my actual IP address of the domain.
- I have the default CNAME (alias) list that was supplied
- I have two MX (Mail Exchanger records) that were supplied
  - mailstore1.secureserver.net
  - smtp.secureserver.net
- There are two default name servers setup
  - ns45.domaincontrol.com
  - ns46.domaincontrol.com
- I've setup the TXT SPF record in the following manner (no quotes because thats how godaddy has you enter it):
  - v=spf1 a mx ptr ip4:72.167.234.245 -all
However this still results in a neutral SPF result. I have waited 48 hours for the record to take action. I have also read the SPF Syntax and I think I've set it up appropriately (but I've never done this before, so I could be completely misunderstanding this)

I have also tried kitterman's validation script with the following result:
```
Found v=spf1 record for littlejawsbigsmiles.com: v=spf1 a mx ptr ip4:72.167.234.245 -all    
evaluating... SPF record passed validation test with pySPF (Python SPF library)!
```
Does anyone see a problem with my record definition or if I am missing anything else?

I am attempting to send mail from [email protected]

Let me know if I need to provide any other information.

Update Per @TheCleaner's request, I followed the instructions on Godaddys site to creating the SPF record. Below are the steps and options I choose with why I selected them.

Under To Add an SPF Record
- Step 4: I selected GoDaddy.com, LLC only
  - I am only sending emails using their servers
- Step 5: I selected All Inbound Servers May Send Mail
  - I am not sure this applies to me, but I selected it just in case it does
- Step 6: I did not select Outbound records.
  - My domain is not a mail server
- Step 7: I did not select PTR
  - My domain is not a mail server
- Step 8: I added 72.167.234.0/24 since this appears to be the mail servers Godaddy uses to send out emails
- I also selected Exclude all hosts not specified here which adds -all
The result SPF record is below. I will try this and post back if this fixes my issues. Please let me know if my assumptions about my steps above are incorrect.
```
v=spf1 mx include:72.167.234.0/24 -all
```
gparent almost 11 years

This, of course, assumes that you're eventually going to send mail from the right domain rather than onlineserver.cc.
SwDevMan81 almost 11 years

I updated the question to include the full header. I am attempting to send it from [email protected]. It also appears that this server is changing (so godaddy must have multiple email servers that send out emails?) Sorry I'm still learning this stuff.
gparent almost 11 years

My answer still applies, and please, stop changing the information all the time! You certainly do NOT own mydomain.com !
SwDevMan81 almost 11 years

Yestarday it appeared to be 72.167.234.236. Is there a way to include 72.167.234.X ?
gparent almost 11 years

So the SPF records tells you what servers are sending out email. It has a few mechanisms to verify this. Now personally I'm not sure how GoDaddy chooses how to send email outbound, but either way based on the headers you posted above I can tell that 72.167.234.239 is attempting to send mail. Assuming that GoDaddy uses the same servers as your domain's MX records to send mail out, you could replace your SPF record with this: v=spf1 mx -all, but there's no guarantee this is how GoDaddy actually operates.
gparent almost 11 years

I added an example of how to permit a whole IP range. Have you considered just asking them? They're obviously the ones most likely to know...
SwDevMan81 almost 11 years

@TheCleaner - Thanks for the post, I'll go through it and point out the options (and why) I selected to see if there are any flaws in im thinking. I'll update may question.
SwDevMan81 almost 11 years

@gparent - Yeah I have emailed their technical support and I've gotten the worst responses you could imagine (basically saying go read this page type of responses). Thanks for the update on the range, I'll see if that helps