Anyone?

Hello,

Please open a ticket about this issue from your control panel. We did make some changes to limit the incoming and outgoing spam, which caused problems for both our customers and the reputation of our mail servers. If our administrators find it necessary, they can make some adjustments on our end, but for that you have to provide as much information as possible - what emails get rejected, the bounce error messages, etc. I will also talk to our admins about services such as MailRoute, but it would be better if you provide more details in a support ticket.

Best Regards,
Tim Smith

Hi Tim Smith - funny you should say that. I'll just leave this sad little ticket exchange for you here. I came to the forums as a last resort after trying to get help through the ticket system. You provided more help and information in a few sentences than the ticket system has given me in three days. I had to do my own research on SPF and SRS to determine what the problem was since the ticket responders refused to read what I sent carefully and provide an intelligent response on policy.






-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Hi,

Some of my emails are bouncing due to failed SPF checks even I have disabled SPF checks for my account. Can you help please?

I can't get email from crypticstudios.com, evite.com, intuit.com or asos.com. Any address with strict SPF records configured isn't coming through.

Please disable SPF checks or exempt the 199.89.0.0/21 block for MailRoute, my spam filter service.


Example error:
2015-03-12T18:59:17+0000 mr005.lax02.mailroute.net D C donotreply@crypticstudios.com gjames@bleuinc.com "" 20150312185915.1856310600B4@mail2.crypticstudios.c om - 6804 3l2zwP2CDSz1T4q5
2015-03-12T18:59:20+0000 mr005.lax02.mailroute.net postfix-gw/smtp[28561]: 3l2zwP4T6Hz1T4NR: to=gjames@bleuinc.com, relay=mail.supremecluster.com[198.23.53.112]:2525, delay=2.7, delays=0.01/0/0.55/2.1, dsn=5.0.0, status=bounced (host mail.supremecluster.com[198.23.53.112] said: 550-[SPF] 199.89.1.8 is not authorized to send mail from crypticstudios.com. 550 Please see http://www.openspf.org/Why?id=donotr...&ip=199.89.1.8 (in reply to RCPT TO command))


-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Hello,

Thank you for contacting our Technical Support Department.

There is a server side check for SPF records for the emails sent to us which can not be disabled.
The needed SPF records must be added to the domains in question.

Best Regards,
James Bradley

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How do I exempt the mailroute domain or IP address block for my domain?

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Hello,

If you wish to allow some specific IP address or IP addresses to be able to send messages through your domain name you must add these to the custom SPF records via Email > SPF Manager:


Please check this again from your end.
Feel free to contact us again, if there is anything else we can help you with.

Best Regards,
Miles Claton

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Since they are using more addresses than I can enter - will adding mailroute.com do it? Because I am still not getting all of my mail after making the changes. Everything was fine before the beginning of march. I need more specific instructions on how to structure my SPF settings to begin getting all of my mail again.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Hello,

I configured the SPF protection according to your MX records and the TXT record looks like this now:

"v=spf1 a:mail.mailroute.net ip4:199.89.1.120 ip4:199.89.2.120 mx ~all"

Please allow 24 hours for the DNS propagation and if the problem still exist, kindly contact the service provider for "mail.mailroute.net" and ask them how the TXT record should be as it all depends on how their system is configured.

Best Regards,
Kamil Hristov

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I will check with them since it's still not working. Will the SPF tool accept wildcards of any kind? They are using a whole BLOCK of IP addresses and I have already been instructed to add all of them.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Hello,

You can set a whole IP range instead of single address, if that is what you are asking for, for example:

instead of 199.89.1.120 and 199.89.2.120, you can set:

199.89.0.0/16

If you have additional questions, do not hesitate to contact us.

Best Regards,
Teo Smith

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Thanks Teo!

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Hello,

You are welcome.

Best Regards,
Teo Smith

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

tweaking my SPF records will not solve my problem. My issue is with RECEIVING email - not sending it. See this page
sent as part of an email bounce message: http://www.openspf.org/Why?id=donotr...&ip=199.89.1.8

Since mail.supremecluster is doing SPF checks on my incoming mail which is forwarded by mailroute.net (my spam filtering service), any domains with strict SPF records will bounce and I will not receive the message.

I need a way to prevent mail.sumpremecluster from bouncing my forwarded mail. Changing the SPF on bleuinc.com WILL NOT WORK.

This started at the end of February, beginning of March when something was changed on the server and I stopped getting all of my email.

How can I get mail.mailroute.net and it's IP address block of 199.89.0.0/21 whitelisted or exempted from the SPF checks on INCOMING mail please?

OR - have spf checks on INCOMING mail for bleuinc.com disabled?

Can you white list mailroute please?

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Hello,

Please note that this is a shared hosting environment and SPF checks can not be disabled per user or per domain. Our mail server will always check if the received mail domain has a SPF record.

To resolve this, you should allow messages from crypticstudios.com to be sent from mail.mailroute.net servers.

Best Regards,
Victor Thomson

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Thank you for responding. "To resolve this, you should allow messages from crypticstudios.com to be sent from mail.mailroute.net servers."

How exactly should I accomplish this? That statement indicates you don't understand the Sender Policy Framework. I am the recipient. I don't have any control over crypticstudios.com or the other domains like asos.com or intuit.com that I am not currently getting email from. Mailroute.net is not bouncing messages - Supremecluster.com is bouncing messages.

If SPF checks can't be disabled, then I need someone to make a provision for my forwarding service so I can continue to get all of my mail like before.

A change was made to the mail server at the end of February without notification. It has broken my mail setup and now I can't get anyone to help.

Why is there no list of exceptions to the SPF checks done by the mail server? I know I am not the ONLY reseller that makes use of an external spam filter service. The spam checking you guys do is horrid.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Hello,

As you can not add the required SPF records, our mail server will not accept messages, which are sent through a server specified in the SPF records for crypticstudios.com. Nor for any other domain that has a SPF record, but sends from a different server. Yes, our mail server checks the SPF record of the incoming messages and bounces them if there is a difference. This is exactly how SPF works.

Best Regards,
Victor Thomson

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Is there anyone else who can review your practices for SPF checks on incoming, forwarded mail? I've already had to move client from Reseller's Panel. If I can't host and use spam filtering I'll need to move ALL of my clients to another hosting provider.


-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Hello,

I have looked up the whole ticket, I am afraid that the SPF checks on incoming emails can not be removed on individual level and the configuration is a server wide one , one which currently we do not have plans of removing.

As such the only option would be contacting whoever is managing the domain to set the needed SPF records.

Best Regards,
James Bradley

That's from ticket #. Many thanks again for your help Tim!! Support Ticket 1448852

Thank you for contacting us and called for our attention to this case.

I will skip what was commented in the given ticket and try to explain the case as detailed as possible.

Your Example error:
2015-03-12T18:59:17+0000 mr005.lax02.mailroute.net D C donotreply@crypticstudios.com gjames@bleuinc.com "" 20150312185915.1856310600B4@mail2.crypticstudios.c om - 6804 3l2zwP2CDSz1T4q5
2015-03-12T18:59:20+0000 mr005.lax02.mailroute.net postfix-gw/smtp[28561]: 3l2zwP4T6Hz1T4NR: to=gjames@bleuinc.com, relay=mail.supremecluster.com[198.23.53.112]:2525, delay=2.7, delays=0.01/0/0.55/2.1, dsn=5.0.0, status=bounced (host mail.supremecluster.com[198.23.53.112] said: 550-[SPF] 199.89.1.8 is not authorized to send mail from crypticstudios.com. 550 Please see http://www.openspf.org/Why?id=donotr...&ip=199.89.1.8 (in reply to RCPT TO command))

Right now:
-------------
SPF record for: crypticstudios.com
SPF records are published in DNS as TXT records.

The TXT records found for your domain are:
MS=ms64807746
v=spf1 mx ptr mx:crypticstudios.com a:mail1.crypticstudios.com a:mail2.crypticstudios.com a:alertmail.crypticstudios.com include:spf.protection.outlook.com -all
C7WcHOdh8JF2t+YTXmf+a/FWka9S9FQXP8sUn+ozT50aqxdj08otYHMHpelQOfAi0lph9eEh TCfrp38QttW1TA==

Checking to see if there is a valid SPF record.

Found v=spf1 record for crypticstudios.com:
v=spf1 mx ptr mx:crypticstudios.com a:mail1.crypticstudios.com a:mail2.crypticstudios.com a:alertmail.crypticstudios.com include:spf.protection.outlook.com -all
-------------

Please pay attention to the "-all" part in the SPF - it means STRICT RULES: all other machines are not authorized

It generally means that the mail server crypticstudios.com is NOT authorized under the SPF for crypticstudios.com to send emails FROM crypticstudios.com

In this particular case donotreply@crypticstudios.com is not authenticated with 199.89.1.8 and the mail server 199.89.1.8 is STRCTLY not allowed to send emails crypticstudios.com according to the SPF.

This is one of the most basic spam protections and forged FROM spam emails practices protection.

With our latest anti-spam updates we are no longer accepting this particular type of emails. It is not an issue with receiving emails but bad sender domain configuration causing the trouble.

If you use the MailRoute Outbound/SmartHost Service and you have SPF records, there's a simple, but important change you need to make to your SPF records.

Add "include:spf.mailroute.net" to your SPF record.

This is one of the most important configuration steps given by the MailRoute support staff when registering to use their filtering service.

If you still have any questions, please let me know.

This is just an update that we found a workaround from our end and applied the solution to prevent future troubles. Pleaes refer to the ticket for more details.
Please use the ticket feedback option if you find you are not getting the proper assistance in the future. Thank you for your time and understanding regarding this matter.