SPF records for SMTP out of date?

General discussions and other topics.
5 posts Page 1 of 1
by msiegen » Tue Jul 05, 2022 11:39 am
I'm observing mail sent though Sonic's SMTP serving failing SPF checks. This could lead to mail being dropped or marked as spam by the destination.

Example headers for a message from a @sonic.net address to a @live.com address:

Code: Select all

Authentication-Results: spf=softfail (sender IP is 157.131.0.51)
 smtp.mailfrom=sonic.net; dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=sonic.net;compauth=pass
 reason=105
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
 sonic.net discourages use of 157.131.0.51 as permitted sender)
Received: from b.mail-forward.sonic.net (157.131.0.51) by
 VI1EUR06FT059.mail.protection.outlook.com (10.13.6.222) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.5395.14 via Frontend Transport; Tue, 5 Jul 2022 18:12:27 +0000
157.131.0.51 is indeed not permitted:

Code: Select all

$ dig +short -t txt sonic.net
"v=spf1 include:mail.sonic.net ~all"
$ dig +short -t txt mail.sonic.net
"v=spf1 ip4:64.142.105.165 ip4:64.142.111.80 ip4:64.142.111.50 ip4:69.12.208.71 ip4:69.12.221.231 ip4:157.131.224.64/26 ip4:184.23.168.64/28 ip6:2001:5a8:601:4000::0/64 -all"
Should this SPF record be updated to match the current set IPs used for SMTP?
by kgc » Tue Jul 05, 2022 12:25 pm
Yes, mail doesn't typically flow out the IP you've seen here but it can under some circumstances. Updated. Thanks for the report.
Kelsey Cummings
System Architect, Sonic.net, Inc.
by msiegen » Tue Jul 05, 2022 1:37 pm
Awesome, thanks for the speedy fix!
by drgray » Wed Aug 09, 2023 6:08 pm
Hello - I am still receiving the same error message despite this supposedly being fixed. Here's the message:

ARC-Authentication-Results: i=1; mx.google.com;
spf=softfail (google.com: domain of transitioning lgray@woodfish.org does not designate 64.142.111.80 as permitted sender) smtp.mailfrom=lgray@woodfish.org
Return-Path: <lgray@woodfish.org>
Received: from c.mail.sonic.net (c.mail.sonic.net. [64.142.111.80])
by mx.google.com with ESMTPS id k17-20020a056402049100b0050bc78388c0si5027687edv.570.2023.05.05.17.38.08
for <sam.slesinger@gmail.com>


Can you please advise on how to proceed here? I can receive from, but am unable to send to, any Gmail addresses due to this problem.

Thanks.
by msiegen » Wed Aug 09, 2023 8:42 pm
Hi drgray,

It looks like you're sending from @woodfish.org, so you'll need to update the SPF record on that domain. That is currently set to:

Code: Select all

$ dig -t txt +short woodfish.org.
"v=spf1 include:spf.cloudus.oxcs.net ~all"
You'll need to either change spf.cloudus.oxcs.net to mail.sonic.net (assuming you no longer use oxcs.net), or add a second include statement (if you intend to continue sending via both). You can configure this at your DNS provider, who appear to be worldnic.

By doing this you're informing receiving servers (like Gmail) that you authorize Sonic's mail servers to send mail on behalf of woodfish.org.
5 posts Page 1 of 1

Who is online

In total there are 6 users online :: 0 registered, 0 hidden and 6 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: No registered users and 6 guests