How to set up spf records to send mail from google hosted apps to gmail addresses
- by Chris Adams
Hi there,
I'm trying to work out why email I send from one domain I own is rejected by another that I own, and while I think it may be related to how I've setup spf records, I'm not sure what steps I need to take to fix it.
Here's the error message I receive:
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550-Verification failed for <[email protected]>
550-No Such User Here
550 Sender verify failed (state 14).
Here's the response from [email protected]
Delivered-To: [email protected]
Received: by 10.86.92.9 with SMTP id p9cs85371fgb;
Wed, 2 Sep 2009 22:33:32 -0700 (PDT)
Received: by 10.90.205.4 with SMTP id c4mr2406190agg.29.1251956007562;
Wed, 02 Sep 2009 22:33:27 -0700 (PDT)
Return-Path: <[email protected]>
Received: from verifier.port25.com (207-36-201-235.ptr.primarydns.com [207.36.201.235])
by mx.google.com with ESMTP id 26si831174aga.24.2009.09.02.22.33.25;
Wed, 02 Sep 2009 22:33:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 207.36.201.235 as permitted sender) client-ip=207.36.201.235;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 207.36.201.235 as permitted sender) [email protected]; dkim=pass [email protected]
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=auth; d=port25.com;
h=Date:From:To:Subject:Message-Id:In-Reply-To; [email protected];
bh=GRMrcnoucTl4upzqJYTG5sOZMLU=;
b=uk6TjADEyZVRkceQGjH94ZzfVeRTsiZPzbXuhlqDt1m+kh1zmdUEoiTOzd89ryCHMbVcnG1JajBj
5vOMKYtA3g==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=auth; d=port25.com;
b=NqKCPK00Xt49lbeO009xy4ZRgMGpghvcgfhjNy7+qI89XKTzi6IUW0hYqCQyHkd2p5a1Zjez2ZMC
l0u9CpZD3Q==;
Received: from verifier.port25.com (127.0.0.1) by verifier.port25.com (PowerMTA(TM) v3.6a1) id hjt9pq0hse8u for <[email protected]>; Thu, 3 Sep 2009 01:26:52 -0400 (envelope-from <[email protected]>)
Date: Thu, 3 Sep 2009 01:26:52 -0400
From: [email protected]
To: [email protected]
Subject: Authentication Report
Message-Id: <[email protected]>
Precedence: junk (auto_reply)
In-Reply-To: <[email protected]>
This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com. The service allows email senders to perform
a simple check of various sender authentication mechanisms. It is provided
free of charge, in the hope that it is useful to the email community. While
it is not officially supported, we welcome any feedback you may have at
<[email protected]>.
Thank you for using the verifier,
The Port25 Solutions, Inc. team
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: pass
SpamAssassin check: ham
==========================================================
Details:
==========================================================
HELO hostname: fg-out-1718.google.com
Source IP: 72.14.220.158
mail-from: [email protected]
----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: pass
ID(s) verified: [email protected]
DNS record(s):
stemcel.co.uk. 14400 IN TXT "v=spf1 include:aspmx.googlemail.com ~all"
aspmx.googlemail.com. 7200 IN TXT "v=spf1 redirect=_spf.google.com"
_spf.google.com. 300 IN TXT "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ?all"
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: [email protected]
DNS record(s):
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified:
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result: pass
ID(s) verified: [email protected]
DNS record(s):
stemcel.co.uk. 14400 IN TXT "v=spf1 include:aspmx.googlemail.com ~all"
aspmx.googlemail.com. 7200 IN TXT "v=spf1 redirect=_spf.google.com"
_spf.google.com. 300 IN TXT "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ?all"
----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.2.5 (2008-06-10)
Result: ham (-2.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
I've registered the spf records for my domain, as advised here
Both domains pass validate according to Kitterman's spf record testing tools, so I'm somewhat confused about this.
I also have the catchall address set up on the stemcel.co.uk domain here, but I don't have one setup for chrisadams.me.uk.
Instead, we have the following forwarders setup
[email protected] to [email protected]
[email protected] to [email protected]
[email protected] to [email protected]
[email protected] to [email protected]
Any ideas how to get this working? I'm not sure what I should be looking for here.
