0

I use 1and1 Ionos for my email server - I can't send emails to people who use google gmail

spf record v=spf1 include:_spf.perfora.net include:_spf.kundenserver.de ~all

I am not sure what I can do - I updated spf 2x

Need help here

 SMTP error from remote server for TEXT command, host: gmail-smtp-in.l.google.com (142.251.4.27) reason: 
550-5.7.26 The MAIL FROM domain [bhbfunding.com] has an SPF record with a hard
550-5.7.26 fail policy (-all) but it fails to pass SPF checks with the ip:
550-5.7.26 [74.208.4.194]. To best protect our users from spam and phishin g,
550-5.7.26 the message has been blocked. Please visit
550-5.7.26  https://support.google.com/mail/answer/81126#authentication fo r more
550 5.7.26 information. x10-20020a056902102a00b0066cc0f73bbasi6170373ybt.4
86 - gsmtp
vidarlo
  • 6,654
  • 2
  • 18
  • 31
Victor Castillo
  • 1
  • 1
  • 1
  • 2
    I don't see your SPF record. `dig txt bhbfunding.com` shows `v=spf1 include:secureserver.net -all` instead. – ceejayoz Jul 15 '22 at 14:34
  • I used v=spf1 include:secureserver.net -all 2 days ago and nothing happen same issue and then IONOs changed it to v=spf1 include:_spf.perfora.net include:_spf.kundenserver.de ~all – Victor Castillo Jul 15 '22 at 14:38
  • Should I change it back ? – Victor Castillo Jul 15 '22 at 14:38
  • You should change it to correctly reflect the servers the domain permits to send email on its behalf. I don't know which set is correct. Whose infrastructure do you use to send emails? – ceejayoz Jul 15 '22 at 14:42
  • 2
    Your DNS records says that it's `v=spf1 include:secureserver.net -all`. Are you sure you're changing it in the correct place? – vidarlo Jul 15 '22 at 14:42
  • yes - it was changed yesterday. @vidarlo – Victor Castillo Jul 15 '22 at 14:45
  • We use exchange the host is 1and1/IONOS @ceejayoz – Victor Castillo Jul 15 '22 at 14:46
  • @VictorCastillo That could mean the record didnt propaged yet, or where you changed it are slow to start the propagation. – yagmoth555 Jul 15 '22 at 14:48
  • I changed is back to v=spf1 include:secureserver.net -all - how long will it take so our emails wont be blocked from google ? – Victor Castillo Jul 15 '22 at 14:51
  • 1
    If you use 1and1's email servers, that SPF is wrong. `secureserver.net` is GoDaddy's. – ceejayoz Jul 15 '22 at 15:01
  • 2
    @yagmoth555 unlikely if he changed yesterday; TTL is 3600. I also tried asking NS records directly; same reply. My conclusion is that Victor has in fact not changed anything, and thus probably is looking at the wrong place. – vidarlo Jul 15 '22 at 15:04
  • 2
    @vidarlo My guess: OP's using 1&1 for hosting, GoDaddy for domain. They're making DNS changes at 1&1, but the domain's still pointed at GoDaddy's nameservers. – ceejayoz Jul 15 '22 at 15:05
  • I tried dealing with IONOS - I am not looking at the wrong place. the domain is with godaddy but my email server is with IONOS. all I know my emails is not reaching my customers who uses gmail - We don't do mass marketing at all so no reason our emails should be flagged as phishing. what can I do to resolve this issue? – Victor Castillo Jul 15 '22 at 15:13
  • Thank you all - you guys helped. you are right the wrong place - Godaddy dns to match IONOS - both has the same record - v=spf1 include:_spf.perfora.net include:_spf.kundenserver.de ~all is the corrected one – Victor Castillo Jul 15 '22 at 15:23

1 Answers1

3

Google's error indicates your email was sent with the IP 74.208.4.194. A quick Whois indicates that's a 1&1 email server.

_spf.perfora.net appears to include this IP in its range, so this record:

v=spf1 include:_spf.perfora.net include:_spf.kundenserver.de ~all

would be correct. However, your domain currently has this SPF record:

v=spf1 include:secureserver.net -all

which is GoDaddy's SPF record. That's why Google rejected the email.

Use the correct SPF record. If you send from both 1&1 and GoDaddy, you may need to combine the two. Make sure you're changing the records in the right place; bhbfunding.com is currently set to use GoDaddy's nameservers, so that's where you need to change the SPF.

ceejayoz
  • 32,910
  • 7
  • 82
  • 106
  • okay thank you - I added the spf1 v=spf1 include:_spf.perfora.net include:_spf.kundenserver.de ~all - on godaddy dns manage settings – Victor Castillo Jul 15 '22 at 15:19
  • @VictorCastillo I see them now. Try sending a new email. If you still get an error, be aware that Google may have cached your record for an hour or two. – ceejayoz Jul 15 '22 at 16:47