-1

I have had a couple of emails not arrive in my inbox. One resent the email and I received it, the other told me that the error was: non valid MX response

I have been looking at my AWS SPF records and using the Kitterman testing tools

I currently have the following DNS record:

talkingcouch.uk.    TXT     "v=spf1 include:amazonses.com -all" 300

but I also had an SPF version as well. I deleted it as it seems to be recommended (by MXToolBox) to only have a TXT version.

The problem I am getting is with the Kitterman Test an SPF record tool (the one at the bottom of the page). I enter in:

IP Address: 54.229.95.254 (The AWS SES instance that sends my email)
Mail From address: my_email_address

and the result is:

Input accepted, querying now...
Mail sent from this IP address: 54.229.95.254
Mail from (Sender): my_email_address
Results - FAIL Message may be rejected

I have tried various IP addresses and Kitterman says my SPF record is valid.

The MXToolBox passes my SPF record.

Why am I failing the Kitterman test, or more importantly why can some people not get emails into my inbox?

UPDATE: I added "v=spf1 +ip4:54.229.95.254/32 -all" as per Esa's comment and it works fine.

Doahh
  • 191
  • 1
  • 1
  • 5
  • He didn't say to replace the record, he said to add that part. It's also not advisable (see his edit). You entered your own e-mail into the "Mail from" form, which was wrong from the beginning. – faker Mar 29 '15 at 11:52
  • Why are you looking at the SPF record? You should be looking at the MX record. The SPF record designates which server(s) **SEND** email for a specific domain. The MX record designates which server(s) **RECEIVE** email for a specific domain. Your problem is **RECEIVING** email **TO** your domain, not **SENDING** email **FROM** your domain. – joeqwerty Mar 29 '15 at 15:40

2 Answers2

2

If you are using Amazon SES you should not setup your own SPF record.
Mail is sent with a different Mail-From domain which has correct SPF records.
See: http://docs.aws.amazon.com/ses/latest/DeveloperGuide/spf.html

If you query the amazonses.com TXT record you'll also see that the IP you mention is not in there.
That record you setup is definitely doing more damage than good.

faker
  • 17,496
  • 2
  • 60
  • 70
1

Your include:amazonses.com has SPF record:

"v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 -all"

Your IP 54.229.95.254 is not in that range. Your SPF record syntax is ok, so it passes all syntax related tests. Your SPF passes, but it is configured to FAIL with this IP.

If you wish to use SPF, which is against recommendation, you should add 54.229.95.254, or the whole missing block +ip4:54.224.0.0/12 to your SPF record.

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129