Back to Community Threads
Google is failing the spf record when the ip listed in the spf record matches the ip listed as the outbound ipv4 in smartermail.
Question asked by Nextmeta - 3/3/2022 at 11:01 AM
Answered
N
We have two domains that Google is giving warnings on, saying they cannot authenticate the email came from the specific server.  I went into Smartermail and designated an Outbound IPv4 on both domains.  Each domain has a different designated ip.  I then created an spf record for each domain and added the ip address into each spf record.  This worked for one domain and Google is no longer failing the spf record. However, on the other domain Google is still failing the record.  Below is the spf record for each and the message Google is returning for each.

Spf record - v=spf1 mx ip4:208.xxx.xxx.xx ~all 
spf=softfail (google.com: domain of transitioning office@xxxxxxx.xxx does not designate 208.xxx.xxx.xx as permitted sender)

Spf record - v=spf1 mx ip4:208..xxx.xx.xxx ~all 
spf=pass (google.com: domain of ministry@xxxxxxxx.xxx designates 208.xxx.xx.xxx as permitted sender)

1. Does anyone know why Google would pass one record and softfail the other, when both domains have been setup the same way and the spf records have been setup in the same format?

2. Is there some other configuration in Smartermail that I would need to look at, other than the Outbound IPv4 area, so that Google recognizes the IP as a permitted sender??
Tony Scholz Replied
3/3/2022 at 1:41 PM
Employee Post
Hello, 

If you go to mxtoolbox and check the IP against the domain what do you get?

for example if you type in your details in the below format and search it will verify the IP against the SPF for that domain. 

SPF:{DOMAIN}:{IP}

The results should show what the public is seeing for your records. 



In the Delivery logs on the server is the message going out on the correct IP you set up? 

Thank you
Tony
Tony Scholz Lead Network/System Administrator SmarterTools Inc. www.smartertools.com
N
Nextmeta Replied
3/3/2022 at 2:04 PM
Marked As Answer
The correct spf records show up at MX Toolbox.  The ip on the delivery logs show the correct ip.  I am wondering if it was some type of cache issue on Google's servers.  It has been a few days since I changed the SPF record, but after I posted this thread Google finally started this afternoon passing the spf record for the domain they were failing.  It seems to be working as it should now.
Kyle Kerst Replied
3/3/2022 at 2:38 PM
Employee Post
That is great to hear! Google does cache DNS records for some time so that makes sense. You can mitigate this by modifying the TTL (Time To Live) for those DNS records ahead of time, forcing Google to acquire updated results sooner.
Kyle Kerst Lead Internal Network/System Administrator SmarterTools Inc. smartertools.com
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Remote Server returned: '602' errorSmarterMail > Troubleshooting
Spam and Security Checks for IPv6 SystemsSmarterMail > Antispam and Antivirus
Key Feature and Version Milestones in SmarterMailSmarterMail
SmarterMail for Linux – SSL/TLS & Certificate ReferenceSmarterMail > Server Configuration and Management