Skip to main content

SPF Softfail

Comments

7 comments

  • cPRex Jurassic Moderator
    Hey there! First of all, but not being familiar with the tools, you've definitely done your homework! You're correct that this isn't a cPanel problem, but we'll still see if we can come up with something. I'm not sure the SPF record is formatted correctly as the additional "+" signs could be causing the issue. Instead of this: v=spf1 +mx +a +ip4:xxx.xxx.xxx.xxx +ip4:yyy.yyy.yyy.yyy +ip4:23.83.208.0/20 +include:relay.mailchannels.net -all Could you try this? v=spf1 ip4:xxx.xxx.xxx.xxx ip4:yyy.yyy.yyy.yyy ip4:23.83.208.0/20 include:relay.mailchannels.net +a +mx -all and see if that changes things?
    0
  • robm79
    Thanks for the reply. Unfortunately the version of cPanel we have 102.0.18 doesn't let us change the SPF record directly - it's all done through selecting text boxes on a web page, then joined together by cPanel. No option to actually edit the text - can't remove the + characters, can't change the order of the bits and pieces. The preview box at the bottom is not editable.
    0
  • cPRex Jurassic Moderator
    Ah, thanks for that. If you're using the interface tool, then it's definitely correct. I'm just not as used to seeing the + before each address, but a bit more research shows me that is fine. Unfortunately I don't have any other good ideas as to why you'd be experiencing those issues. It might be best to try and reach out to Gmail support directly to see if they could give you more details on specifically why they are flagging the message. As another possible test, do you experience the same issue with other major providers, like Yahoo or Hotmail?
    0
  • sparek-3
    Are you setting the SPF record for [font="courier new">cp11.ourisp.com.au? The line: [font="courier new">[plain]spf=softfail (google.com: domain of transitioning ourusername@cp11.ourisp.com.au does not designate 23.83.209.80 as permitted sender)[/plain] Would seem to indicate that the message is being sent by [font="courier new">[plain]ourusername@cp11.ourisp.com.au[/plain] Perhaps that's not the intended sender? What nameservers or DNS server is handling world-wide Internet traffic for the hostname [font="courier new">[plain]cp11.ourisp.com.au[/plain] The cPanel interface will only update the DNS record on the DNS server that the cPanel server is authorized to use (i.e. the same server itself or an attached DNS cluster). If you are using a 3rd party nameserver service (i.e. CloudFlare), then updating the SPF record in the cPanel interface will have no bearings on what the rest of the world sees when it does an SPF lookup. If you're on Linux, then running: [font="courier new">dig cp11.ourisp.com.au TXT will show the SPF record as the rest of the world sees it. Just don't run this command on the same server that is hosting the account, because you may be using local DNS on that server (not recommended). If it's not showing the SPF record that you have set in your cPanel, then you're either not using the correct nameservers or there is a DNS issue some where that is preventing the update.
    0
  • robm79
    Hi sparek-3, The server is not ours; it's a shared server run by a web-hosting company in another city. Edit: I run windows but learnt today how easy it is to make a bootable linux thumbdrive. Ran the dig command and got: cp11.ourisp.com.au 1440 IN TXT "v=spf1 +mx +a +ip4:xxx.xxx.xxx.xxx ~all" SERVER: 127.0.0.53#53 (127.0.0.53) *Note: the xxx.xxx.xxx.xxx matches the first IP address in our SPF record. My two takeaways from this are: 1. The SPF record I fill in on cPanel isn't used - it's different, no reference to the second IP4 address, no reference to relay.mailchannels.net. Our webhosting company must set the SPF record elsewhere, presumably for the entire cp11 shared server in toto, hosting as it does 10 or 20 or 50 websites/domain names. 2. There is a ~ tilde before "all", not a minus sign. That was mentioned on one of the other threads I looked at a few days ago; changing it to a minus sign fixed the other person's problem, from memory. Now I can't find the thread. But the ~ is not what I put into cPanel, again making me think that our SPF record is set elsewhere, not by me through cPanel. Are those two guesses reasonable? Your question regarding who the sender is is interesting. As far as we're concerned emails go out from the address "donotreply@ourclubname.org.au". We have various mailboxes set up in cPanel e.g. president@ourclub.org.au, info@ourclub.org.au etc. Send an email to those addresses and it arrives and auto-forwards. When I go to "Email Deliverability" in cPanel I get one option: Manage Domain for ourclub.org.au The Manage Domain page (anonymised) screengrab is shown. Mail HELO is cp11.ourISP.com SPF record "NAME" is ourclub.org.au So the answer to your question is - I don't know what the SPF record is associated with - the cp11 server or the webaddress ourclub.org.au and I'm also not sure who the intended sender is. But I guess it's ='donotreply@ourclub.org.au'>donotreply@ourclub.org.au Edit: I suspect it's ourclub@cp11.ourISP.com that is the sender. The web-hosting company consider us to be their client "ourclub" residing on their server cp11, along with 10 or 20 or 50 other websites. They send our email from their cp11 server. Lower down there is a reverse DNS pointer PTR record pointing from the cp11 server to our domain name, presumably for incoming email? (When I do a who-is on the IP address zzz.zzz.zzz.zzz it comes back "Permission denied.") I also don't know what nameserver is handling Domain Name lookup for the CP11 server.... OK a quick google shows 3 nameservers ns1-, ns2-, and ns3.ourisp.com.au but they are reported having IP addresses and being owned by another company in Australia that I've never heard of. cPRex, not sure about other big email companies, but on my small local ISP mails that come in to my personal email address also have SPF softfail. I never noticed because it was not enough to trigger their spam-filter. Following the link on the "Manage Domains" page to the "Zone Editor" I can text-edit the SPF record. Also MX records and A records. Not really keen to alter anything; too much chance of breaking it through ignorance. Thanks everyone for all the help. Rob
    0
  • cPRex Jurassic Moderator
    I'm wondering if the issue is simply that the DNS is managed on a separate machine by the host, and they just need to update the SPF to what you have configured in cPanel.
    0
  • robm79
    cPRex I think you're right, sparek-3 too. The nameservers at the third-party company have incorrect SPF record, and I can't change that through cPanel to our web-hoster's server. Our web-hoster has overlooked the problem, easy enough to see how they could have - in their place I would have, too. I've passed on all your and sparek-3's ideas to our web-hoster, hopefully you're right and they'll recognise that and fix the problem. Thanks again for your help. Rob
    0

Please sign in to leave a comment.