SPF DKIM failure for mails relayed via Linux Outbound servers
Posted by Varsha Girijan on 05 July 2019 09:57:18 PM
Recently, we came across connects were emails sent via "linux-outbound" server getting rejected at "hdfcbank.com" or "hotmail" due to SPF and DKIM failure.
We usually add SPF as +a:linux-outbound-1.webhostbox.net. This means to allow emails from A records of the domain linux-outbound-1.webhostbox.net. But recently we noticed issues where all the IP addresses of routing server were not added as an A record of the outbound server and hence SPF checks failed. In such cases, we manually tried to include the TXT record, or IP addresses of the relaying server.
Though SPF syntax was correct it was getting perm error while validating (as shown below)
This is because linux-outbound-1.webhostbox.net was added in "include" section of SPF. Which by-default checks for TXT record under txt(spf) record and here in our case we have added IP's as A record instead of TXT for linux-outbound-1.webhostbox.net.
You can check by modifying something like this and it should work.
We do not need to add the shared server IP address separately in the TXT record as it is already included in SPF when we add :mx to it. So you can use final record as below which will include both hostnames(linux-outbound-1.webhostbox.net and linux-outbound.webhostbox.net):
DKIM records can be updated via cpanel itself for the domain.