Community Discussions and Support
Thoughts on SPF

OK, the admin says they don't use SPF and that the error was most likely due to the fact that we were between providers. The failure messages were received a couple of hours after I had changed the mx records for our domains and the smart host name in the MercuryC module.

OK, the admin says they don't use SPF and that the error was most likely due to the fact that we were between providers. The failure messages were received a couple of hours after I had changed the mx records for our domains and the smart host name in the MercuryC module.

Hi, Folks

Yesterday we moved our email filtering service from MessageLabs to Webroot.

This resulted in some addresses being bounced back with:

SMTP Server <mail.esdm.co.uk> rejected recipient user@esdm.co.uk (Error following 

RCPT command). It responded as follows: [550 Sender verify failed]

 
I contacted Webroot support and they told me that I need to set up SPF because the 
destination domain uses SPF checking and recognises the fact that our mail server's domain name does
not match the IP/name of the SMTP server used by Webroot to forward the mail (I'm still learning
about this so that may not be technically correct - please bear with me).
 
Sending mail to the same address when we were using MessageLabs was not a problem.
Do I really need to set up a SPF DNS record on the domain that Mercury announces itself as, and point that
record to Webroot's SMTP server's address? The little reading I have done suggests there are drawbacks
(bouncing messages forwards may fail) with SPF but that they are outweighed by the
benefits (validation of Webroot's server from our domains DNS records and a reduction in the amount of spoofed mail that is delivered) .
 
What do you guys think?
&lt;p&gt;Hi, Folks&lt;/p&gt;&lt;p&gt;Yesterday&amp;nbsp;we moved our email filtering service from MessageLabs to Webroot.&lt;/p&gt;&lt;p&gt;This resulted in some addresses being bounced back with:&lt;/p&gt;&lt;pre&gt;SMTP Server &amp;lt;mail.esdm.co.uk&amp;gt; rejected recipient user@esdm.co.uk (Error following RCPT command). It responded as follows: [550 Sender verify failed] &lt;/pre&gt;&lt;pre&gt; &lt;/pre&gt;&lt;pre&gt;I contacted Webroot support and they told me that I need to set up SPF because the &lt;/pre&gt;&lt;pre&gt;destination domain uses SPF checking and recognises the fact that our mail server&#039;s domain name does&lt;/pre&gt;&lt;pre&gt;not match the IP/name of the SMTP server used by Webroot to forward the mail (I&#039;m still learning&lt;/pre&gt;&lt;pre&gt;about this so that may not be technically correct - please bear with me).&lt;/pre&gt;&lt;pre&gt; &lt;/pre&gt;&lt;pre&gt;Sending mail to the same address when we were using MessageLabs was not a problem.&lt;/pre&gt;&lt;pre&gt;Do I really need to set up a SPF DNS record on the domain that Mercury announces itself as, and point that&lt;/pre&gt;&lt;pre&gt;record to Webroot&#039;s SMTP server&#039;s address? The little reading I have done suggests there are drawbacks&lt;/pre&gt;&lt;pre&gt;(bouncing messages forwards may fail) with SPF but that they are outweighed by the&lt;/pre&gt;&lt;pre&gt;benefits (validation of Webroot&#039;s server from our domains DNS records and a reduction in the amount of spoofed mail that is delivered) .&lt;/pre&gt;&lt;pre&gt; &lt;/pre&gt;&lt;pre&gt;What do you guys think?&lt;/pre&gt;

OK, I understand this a little better, now.

I've added a TXT record to the DNS records for the domain and will see how things progress next week when everyone is back at work.

Are there any tests you guys recommend I perform to see how it may be affecting mail delivery?

Thanks!

&lt;p&gt;OK, I understand this a little better, now.&lt;/p&gt;&lt;p&gt;I&#039;ve added&amp;nbsp;a TXT record to the DNS records for the domain and will see how things progress next week when everyone is back at work.&lt;/p&gt;&lt;p&gt;Are there any tests you guys recommend I perform to see how it&amp;nbsp;may be&amp;nbsp;affecting mail delivery?&lt;/p&gt;&lt;p&gt;Thanks!&lt;/p&gt;

I think the reply you got from Webroot is misleading.  I don't think any domain would reject mail which came frrom a domain without SPF records, and certainly not with a message "550 Sender verify failed".  This message is usually from an EXIM mailserver that tries to check that the sender is a valid address that can receive mail.

SPF is specifically a mechanism for checking the origin IP address of emails against information stored in the DNS of the sending domain.  It is criticised by some and has problems with forwarding.  Having SPF records may help marginally with reputation in some email providers, but I've never used it. Not having SPF records should never be a reason for flat rejection of email.

Have you tried to contact the admin at esdm to ask him what checks they use?

&lt;P&gt;I think the reply you got from Webroot is misleading.&amp;nbsp; I don&#039;t think any domain would reject mail which came frrom a domain without SPF records, and certainly not&amp;nbsp;with a message &quot;550 Sender verify failed&quot;.&amp;nbsp; This message is usually from an EXIM mailserver that tries to check that the sender is a valid address that can receive mail.&lt;/P&gt; &lt;P&gt;SPF is specifically a mechanism for checking the origin IP address of emails against information stored in the DNS of the sending domain.&amp;nbsp; It is&amp;nbsp;criticised by some and has problems with forwarding.&amp;nbsp; Having SPF records may help marginally with reputation in some&amp;nbsp;email providers, but I&#039;ve never used it. Not having SPF records should never be a reason for flat rejection of email.&lt;/P&gt; &lt;P&gt;Have you tried to contact the admin at esdm to ask him what checks they use?&lt;/P&gt;

Thanks, Paul.

I have mailed esdm and requested further information.

After adding the SPF record to the collection of DNS records for the domain I resent the problem message and it was accepted.

I will let you know more when I receive a response.

Cheers!

&lt;P&gt;Thanks, Paul.&lt;/P&gt; &lt;P&gt;I have mailed esdm and requested further information.&lt;/P&gt; &lt;P&gt;After adding the SPF record to the collection of DNS records for the domain I resent the problem message and it was accepted.&lt;/P&gt; &lt;P&gt;I will let you know more when I receive a response.&lt;/P&gt; &lt;P&gt;Cheers!&lt;/P&gt;
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft