Why was my email not delivered! What is an SPF?
My Email was rejected because of an SPF check?
Some security for an insecure protocol
There are many reasons why emails are undeliverable. In general terms email is one of the most insecure communication mechanisms on the internet (but we won't digress), however SPF was created to offer a level of protection. This protection as with most security features can lead to usability issues, in the case undeliverable emails.In this post we will explore and explain the reasons for why an SPF record can cause delivery issues, why these these happen and how to address the issue (and add an extra layer of security).
What is SPF?
SPF was designed to overcome a problem in emails.
As email is such a loose format, it doesn’t take much effort for a malicious user to pretend to be sending emails as any other person.
Emails are very rarely sent from the same server that hosts your domain (yourwebsite.com.au), so there was a need to verify if the mail server sending emails had authority to send on your behalf.
SPF stops unauthorised mail servers from pretending to be you by only allowing a set of whitelisted servers to send emails.
Why am I getting these bounce backs then?
If you are getting bounce backs related to SPF failure, it is because you have not whitelisted our mail servers for your domain. Other mail servers will need to know that Secure-ISS has the ability to send emails on your behalf through our servers.
So how can I fix it (Specifically for Secure-ISS Customers)?
To fix the bounce backs you will need to update your SPF to include our mail servers, and optionally any other mail servers you are sending emails through. This also includes any website forms or accounting programs you might have that send emails for you.
To access your SPF record, you need access to your domains DNS settings. These can usually be found by logging into the console where you purchased your domain.
If you still don’t know where this is, a free online whois tool will help you locate your domains host, such as https://www.whois.com/whois/
Once you are logged in you will be able to configure DNS settings, you want to create a new record called a TXT record, and use the values supplied below:
If you do not currently use email anywhere else, then you can use the following SPF without issues:
v=spf1 mx a ip4:202.174.102.3 include:zimbra.secure-iss.com include:cloudex.secure-iss.com ip4:202.174.102.7 -all
If you already have an existing SPF record then you can just modify your existing one by copy and pasting the following into your existing SPF near the end, for example:
An existing spf record:
v=spf1 mx a include:spf.office365.com ip4:153.246.125.122 -all
Modified to include Secure-ISS servers:
v=spf1 mx a include:spf.office365.com ip4:153.246.125.122 ip4:202.174.102.3 include:zimbra.secure-iss.com include:cloudex.secure-iss.com ip4:202.174.102.7 -all
In Summary
SPF may appear confusing but it can be relatively simple once you get the hang of it. If you are still having issues then feel free to drop our Team a line or send through an email and we will be happy to help.
Emails are very rarely sent from the same server that hosts your domain (yourwebsite.com.au), so there was a need to verify if the mail server sending emails had authority to send on your behalf.
SPF stops unauthorised mail servers from pretending to be you by only allowing a set of whitelisted servers to send emails.
Why am I getting these bounce backs then?
If you are getting bounce backs related to SPF failure, it is because you have not whitelisted our mail servers for your domain. Other mail servers will need to know that Secure-ISS has the ability to send emails on your behalf through our servers.
So how can I fix it (Specifically for Secure-ISS Customers)?
To fix the bounce backs you will need to update your SPF to include our mail servers, and optionally any other mail servers you are sending emails through. This also includes any website forms or accounting programs you might have that send emails for you.
To access your SPF record, you need access to your domains DNS settings. These can usually be found by logging into the console where you purchased your domain.
If you still don’t know where this is, a free online whois tool will help you locate your domains host, such as https://www.whois.com/whois/
Once you are logged in you will be able to configure DNS settings, you want to create a new record called a TXT record, and use the values supplied below:
If you do not currently use email anywhere else, then you can use the following SPF without issues:
v=spf1 mx a ip4:202.174.102.3 include:zimbra.secure-iss.com include:cloudex.secure-iss.com ip4:202.174.102.7 -all
If you already have an existing SPF record then you can just modify your existing one by copy and pasting the following into your existing SPF near the end, for example:
An existing spf record:
v=spf1 mx a include:spf.office365.com ip4:153.246.125.122 -all
Modified to include Secure-ISS servers:
v=spf1 mx a include:spf.office365.com ip4:153.246.125.122 ip4:202.174.102.3 include:zimbra.secure-iss.com include:cloudex.secure-iss.com ip4:202.174.102.7 -all
In Summary
SPF may appear confusing but it can be relatively simple once you get the hang of it. If you are still having issues then feel free to drop our Team a line or send through an email and we will be happy to help.
