Sender Policy Framework rules

[CCSI]

when sending and email to a certain domain (lamar.com) I get back an error that reads:

"There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.

The sender did not meet Sender Policy Framework rules. Please see http://spf.pobox.com>"


I went to spf.pobox.com, but I am too unfamiliar to understand what it is they are telling me.

Can any of you tell me what to do to resolve this issue.

Thanks

David Riggs

 

[nobaloney]

You don't have an SPF record for lamar.com.

What version of DirectAdmin are you running; all recent versions should be able to create an SPF record (actually a txt record in a special format) that will satisfy the requirements.

Navigate to the DNS zone file for lamar.com, and click on [delete] but without actually checking anything to delete. Depending on the version of DA you're running, that should create the SPF record in your zone file.

Then try the email and see if it gets through; if it doesn't you should update DA, and then go through the steps above.

Jeff

 

[CCSI]

Jeff,

I wasn't specific enough... lamar.com is not on my da server. It is hosted by some other company. User accounts on my server (from any of my domains) can NOT send to anyone at lamar.com due to the previous error message I posted.

Thanks for your attempt. Don't give up!!!!

David Riggs

 

[nobaloney]

Then make sure you have an spf record for your domain.

If you post your domain name, one of us can check your domain for spf compliance.

Jeff

 

[CCSI]

ccsionline.net is one, and hpbclife.com is the other

Thanks again Jeff!!!!!

 

[nobaloney]

Your SPF records appear to be set up properly:

;; ANSWER SECTION:
hpbclife.com. 14400 IN TXT "v=spf1 ~all"

and

;; ANSWER SECTION:
ccsionline.net. 14329 IN TXT "v=spf1 ~all"

So it appears as if lamar.com is blocking domains using an SPF record to specify that all mailservers may send email for the domain.

Imho it's way too early in the spf game for anyone to block based on spf at all, but of course that's their right.

Certainly they shouldn't be blocking based on ~all; even the inventor of spf says so.

Regarding softfail (~all) responses, he says:

SPF queries that do not match any other mechanism will return "softfail".
Messages that are not sent from an approved server should still be accepted but may be subjected to greater scrutiny.

Perhaps you should try replacing ~all with ?all, which means (neutral). It should mean the same as not returning a record at all.

I'd be very curious to see if they'll accept email from you with a ?all published in your record instead of ~all.

Jeff

 

[CCSI]

Jeff,

Thanks for checking for me! I appreciate it. One more thing... where do I go to make the change? (Is the change going to be global for all accounts on my da or do i just do it for the one domain that is in question?)

I have no clue where to go to change it either way. Any advice is appreciated.

Thanks

David Riggs

 

[nobaloney]

To just see if it makes a difference you can change the domain's zone file, which should be at:

/var/named/example.com.db

and then restart named:

# /etc/rc.d/init.d/named restart

(you do NOT type the "#" sign; it's just to show that you do this from the root prompt)

To change it for all your domains, edit the file at:

/usr/local/directadmin/data/templates/custom/named.db

and then send DA a command to rewrite all the zone files:

# echo "action=rewrite&value=named" >> /usr/local/directadmin/data/task.queue

and then afterwards restart named:

# /etc/rc.d/init.d/named restart

I strongly recommend testing first. You might have to wait up to 24 or more hours after testing to make sure the record has propagated.

Jeff