SPF records

  • 0
  • 1
  • Problem
  • Updated 6 months ago
  • In Progress
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: Archived

Email from my new homestead/roundcube site is being flagged as junk by Outlook.  When I look at the headers, I see:

Received-SPF: Neutral (protection.outlook.com: 66.96.189.2 is neither
 permitted nor denied by domain of snowyriverpm.com)

Similar for Authenticated-SPF.

Do the DNS spf records need to be updated? My domain is hosted by homestead's nameservers. 66.96.189.2 doesn't fit any of the masks I can see on the DNS page. What server IPs are being used to send mail? 
Photo of andrwal3468

andrwal3468

  • 90 Points 75 badge 2x thumb

Posted 6 months ago

  • 0
  • 1
Photo of Drew N

Drew N, Community Manager

  • 257,542 Points 100k badge 2x thumb
You look to have all the right records. Microsoft apparently doesn't like the neutral spf record. You can try changing that to a hard or soft fail to see if it works. If you have an automatic forward on your email a hard or soft fail will likely interfere with the forward. Here are the options for the SPF. It is set by the symbol in front of all at the end.

Enforcement rule is usually one of the following:

  • -all

    Indicates hard fail. If you know all of the authorized IP addresses for your domain, list them in the SPF TXT record and use the -all (hard fail) qualifier. Also, if you are only using SPF, that is, you are not using DMARC or DKIM, you should use the -all qualifier. We recommend that you use always this qualifier.

  • ~all

    Indicates soft fail. If you’re not sure that you have the complete list of IP addresses, then you should use the ~all (soft fail) qualifier. Also, if you are using DMARC with p=quarantine or p=reject, then you can use ~all. Otherwise, use -all.

  • ?all

    Indicates neutral. This is used when testing SPF. We do not recommend that you use this qualifier in your live deployment.

This conversation is no longer open for comments or replies.