1
  • I have my own registered domain.
  • I have a dedicated IP for my domain.
  • I use a shared hosting service for my website.

I want to send mail with php's function mail();. I have created one email account with my domain name.

The problem is that all the mail that I send using this function goes to the recipient's SPAM folder. I checked my domain name in several black lists but it's ok, it's not blacklisted.

When I send an email to a Gmail account, the next header appears:

info@mysite.com via cl02w01.xpress.com.mx (mysite.com is fictitious)

What should be the spf record for my domain? Considering that I have a dedicated IP, I use a shared hosting service which has a shared IP and that my mail is sent through cl02w01.xpress.com.mx according to Gmail.

UPDATE: I edited the SPF record for my site, it used to contain the dedicated IP address for my domain, it still contains my shared ip address because I'm using a cPanel wizard to create it and I can't remove it because it says the following:

The main server interface IP cannot be removed from this list if it is present. The following IP is the main server interface IP: xxx.xxx.xxx.xx

I don't understand this since I have a dedicated IP.

But now the messages are delivered in the recipient's inbox. I don't think just because I removed my dedicated IP address from the spf record now the messages are delivered correctly. Can someone explain this?

ecantu
  • 121
  • 4
  • You could use a very simple (but hopefully effective) record, such as `v=spf1 a mx -all` - essentially saying that the only permitted senders of emails for your domain are servers matching the A records and MX records of your site, and deny all other IPs/domains. If you have more than one domain (or want to send emails using other servers) you will need to modify it, of course. (You may also be able to sign (DKIM) the emails using a script such as phpMailer) – cyberx86 Nov 11 '11 at 01:45
  • Wrong recommendation. @ecantu - for mail-related question don't mask your domain. It's useless and don't add any security, but give troubles on tests. – Lazy Badger Nov 11 '11 at 02:47
  • @LazyBadger - you've piqued my curiosity. You recommend adding the IP of the site and (what is possibly) the mail server. The DNS config should have an A record point to the site's IP address, and the MX record(s) pointing to the mail servers - even for a shared hosting plan (although, adding the A record of the mail relay would have merit). Unless addresses in addition to those found in the A record and MX records are permitted (e.g. offsite servers), it seems redundant to include them. What purpose do these additions serve? – cyberx86 Nov 11 '11 at 03:24
  • RTFM! There aren't such thing (in common) as **site-MX**, only **domain MX**. Site (on shared hosting) may have only CNAME to hoster's permanent name. If site's IP for any reason will not be in allowed list - cl02w01.xpress.com.mx may reject incoming mail. If cl02w01.xpress.com.mx IP will not be in allowed list - collector on the other side may reject incoming mail from untrusted relay – Lazy Badger Nov 11 '11 at 03:30
  • possible duplicate of [How to set SPF record?](http://serverfault.com/questions/269900/how-to-set-spf-record) – mailq Nov 11 '11 at 12:40
  • @mailq I think my question is really specific. – ecantu Nov 11 '11 at 17:55

2 Answers2

1

Add IP of site and IP of cl02w01.xpress.com.mx into allowed IP-list in SPF-record of cyberx86, use Wizard for building full records

Lazy Badger
  • 3,137
  • 15
  • 13
0

You need a static address with proper DNS records, or you should use a relay server. My article on Detecting Email Server Forgery may explain some of the issues you are encountering. I have found the web sites and other automated email senders tend to be poorly configured.

Your ISP should have a relay server you can use. If you use a relay server, add its name or IP address to an A specification in your SPF record. My article on Securing you Email Reputation with SPF should help you decide what you need. The correct record depends on how you route your email.

An SPF record like 'v=spf1 a:cl02w01.xpress.com.mx mx -all' should handle you needs. You will still to ensure that mail can be sent to mysite.com. In particular, make sure you accept email to postmaster@mysite.com and abuse@mysite.com.

EDIT: www rarely should be the domain on email it emits. Even it is the domain on the host usually won't have the correct rDNS setup. It is best for the web server to relay via the MX, or other appropriate server. SPF for www in most domains should be v=spf1 -all.

BillThor
  • 27,737
  • 3
  • 37
  • 69
  • MX and www can be separated, www emit e-mail as starting point. Better to mention it's IP also – Lazy Badger Nov 11 '11 at 03:37
  • Thanks, I'll try your recommendations. I just think there are too many variables to *play* with and it's taking a lot of time. – ecantu Nov 11 '11 at 17:59