SpamAssassin test says "SPF:HELO does not match SPF record"
"mail-tester.com rejected a message from a mail server claiming to be mars.domain.com.
mail-tester.com received a message from mars.domain.com (xxx.xxx.xxx.xxx) from a mail server claiming to be mars.domain.com.
However, the domain mars.domain.com has declared using SPF that it does not send mail through mars.domains.com (xxx.xxx.xxx.xxx). That is why the message was rejected."
I've been reading the SPF documentation repeatedly and still can not exactly comprehend what is the correct syntax to use. Here is my current DNS.
MX
mars.domain.com 10
A
xxx.xxx.xxx.xxx
- xxx.xxx.xxx.xxx
www xxx.xxx.xxx.xxx
mars xxx.xxx.xxx.xxx
TXT
v=spf1 mx -all
- v=spf1 -all
www v=spf1 -all
mars v=spf1 mx -all
As far as I understand, I have told it "hostnames that appear in mx records and have a matching A record are allowed to send". Which, in this case, you can see it is…
So exactly what is missing, here?!
openspf's page is suggesting I change it to "v=spf1 mx a:mars.domain.com -all" which seems unnecessary. I already have mars.domain.com with an SPF record and an A record, which should match the "mx" part of the spf1 definition, right?
4 Replies
Regards.
> mars v=spf1 mx -all
This line says that the only allowed sender from the domain mars.domain.com is the MX for mars.domain.com which doesn't seem to exist. There are several ways to fix depending on your intent for using mars as a subdomain, but you probably want to either create an MX for mars.domain.com or change the "mx" to "a" in this line of the SPF.