Gmail doesn't consider valid SPF

1
votes

According to SPF validation tool available on http://www.kitterman.com/spf/validate.html my domain has correctly configured SPF record: v=spf1 ip4:111.222.333.444 include:zoho.com ~all

I'm sending emails from:

  • zoho.com (this validates in Gmail and email comes immediately)
  • my server via PHP using sendmail (this doesn't validate and email comes with about 122 seconds delay)

    Delivered-To: [email protected]
    Received: by 10.107.31.138 with SMTP id 123xxx123xxx123;
            Sun, 9 Apr 2017 04:10:44 -0700 (PDT)
    X-Received: by 10.28.40.198 with SMTP id 567xxx567xxx.567.567567567;
            Sun, 09 Apr 2017 04:10:44 -0700 (PDT)
    Return-Path: 
    Received: from sd-111111.dedibox.fr ([111.222.333.444])
            by mx.google.com with ESMTPS id 12345678.12.2017.04.09.04.13.25
            for 
            (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
            Sun, 09 Apr 2017 04:10:44 -0700 (PDT)
    Received-SPF: neutral (google.com: 111.222.333.444 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=111.222.333.444;
    Authentication-Results: mx.google.com;
           spf=neutral (google.com: 111.222.333.444 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
    Received: from sd-111111.dedibox.fr (localhost [127.0.0.1]) by sd-111111.dedibox.fr (8.15.2/8.15.2/Debian-3) with ESMTP id xxxxxxxxxxx for ; Sun, 9 Apr 2017 13:11:24 +0200
    Received: (from www-data@localhost) by sd-111111.dedibox.fr (8.15.2/8.15.2/Submit) id v39BBO6a028991; Sun, 9 Apr 2017 13:11:24 +0200
    Date: Sun, 9 Apr 2017 13:08:42 +0200
    Message-Id: 
    To: [email protected]
    Subject: the subject
    X-PHP-Originating-Script: 1000:mail.php
    From: [email protected]
    Reply-To: [email protected]
    X-Mailer: PHP/7.1.3-3+deb.sury.org~xenial+1

    hello

How can I fix this?

The message is Gmail couldn't verify that my-domain.com actually sent this messages (and not a spammer). and it links to https://support.google.com/mail/answer/180707

(I should point out that I made the SPF record correct many days ago and all DNS servers have surely been updated by now. It currently has TTL set to 30 seconds anyway for several weeks.)

UPDATE: I just noticed that GMail is seeing that the email is sent from sd-11111.dedibox.fr and not from 111.222.333.444 but doing ping sd-11111.dedibox.fr returns this exact ip: Reply from 111.222.333.444: bytes=32 time=38ms TTL=52 so I'm still clueless why it doesn't consider the IP?

1
phpemailsendmailspf
sd-11111.dedibox.fr doesn't resolve to any IP for me. Is it only defined within your network? If so, Gmail wouldn't be able to resolve it either. - JLRishe
All IPs, IDs and domain names were replaced with placeholders to conceal private information. Entering sd-11111.dedibox.fr or 111.222.333.444 in the browser (port 80) opens exactly the same Apache/PHP homepage. - Koam
Unless this is also caused by your anonymization, it looks like Google are trying to verify the domain listed as "smtp.mailfrom", rather than / as well as the domain listed as "From". - IMSoP
Anonymized things were: [email protected], two SMTP ids, ESMTP id, timestamps, sd-111111.dedibox.fr, 111.222.333.444 and [email protected]. The rest is intact. Therefore, what is attached to "smtp.mailfrom" is not modified except for the domain name. - Koam

1 Answers

1
votes

Without real IP's or domain names, it's going to be hard to help you troubleshoot. Based on the Make Believe example everything is fine.

If that's the case, it's usually because you might have a hidden control character or something in your SPF record causing the issue. My suggestion will be to delete your old SPF record and add a new one retyping it.

You can send emails to reflectors such as 

[email protected]
[email protected]

To verify if other mail servers also flag your SPF with an error.