Symptoms
Outgoing emails are going to the spam folder due to SPF soft fail. The soft fail indicates that the SPF record does not match a DNS check for the SPF record for the domain but, the receiving server should still accept the email anyway.
Description
Emails that end up in the spam or junk folder due to an SPF soft fail is commonly due to a mismatch of an SPF record. Here an example of a soft fail in the email header from a cPanel server to Google:
ARC-Authentication-Results: i=1; mx.google.com;
spf=softfail (google.com: domain of transitioning email@domain.tld does not designate 192.0.2.0 as permitted sender) smtp.mailfrom=email@domain.tld
Workaround
Ensure that the SPF record matches what is provided with a DNS check.
To perform a DNS check on a Linux based workstation (such as an Apple device), you can use the "dig" tool:
dig TXT domain.tld +short
To perform a DNS check on a Windows based workstation, you can use the nslookup tool:
nslookup -type=txt domain.tld
To verify if the above SPF record matches what is on the server, you will need to review the DNS zone.
Here is an example of a check with a mismatched SPF record:
[ From workstation ]
cPAgent@cPanel.net [~] # dig TXT domain.tld +short
"v=spf1 a mx include:domaintwo.tld ~all"
cPAgent@cPanel.net [~] #
[ From server ]
[cpanel root@server ~]cPs# grep spf /var/named/domain.tld.db
domain.tld. 14400 IN TXT "v=spf1 +a +mx +ip203.0.113.0 ~all"
[cpanel root@server ~]cPs#
If you are using a 3rd party DNS service, you need to copy the SPF record from your cPanel & WHM server to that 3rd party DNS service.
For more information on hard fail vs soft fail please review the additional article:
Comments
0 comments
Article is closed for comments.