Some of my sent messages are being refused by recipient email servers. The complaint is “550 5.7.1 Connection refused … (in reply to MAIL FROM command)” and “550 #5.7.1 SPF unauthorized mail is prohibited”.
When I verify my domain’s SPF record (ecovillage.cc) at SPF Record Checker - Free SPF Lookup , everything checks out.
What could the problem be? Thank you!
~Christian
Your current SPF record is:
v=spf1 -all
The responses you are getting from the other mail servers are in line with that record, because the record indicates no mail servers are authorized to send on behalf of this domain.
The Dmarcian test is only verifying the record syntax is correct. It is not verifying if it is a record you desire to use.
MaiB should have automatically created a suitable SPF record for your domain when you created an email account for it. Did you customize this domain?
Thank you Openletter. No I did not customize this domain. I just checked the web admin for MIAB and all checks on the System Status Checks are clean for the domain box.ecovillage.cc. Questions: should I have box.ecovillage.cc as my sending From: email address? Should I have a separate DNS entry for eccovillage.cc without the subdomain of ‘box’?
One more thing: I did however turn off IPv6 on the server as I read that would help reduce spam blocks. Could that be the problem?
Thanks again.
If you are using your domain without a subdomain, it should have either an email user account or an alias associated with that domain. MiaB will configure the records automatically.
I have that in place.
do status checks report anything for the domain without any subdomains? It will be checked separate from checks with a subdomain.
No. Everything lists as checking out with and without the subdomain.
Are you able to send a message from a mail account not hosted by MiaB to an address using the domain without the subdomain?
yes. no problem. I just did another test to confirm.
In the Custom DNS page, do you have any txt records for the domain without subdomains?
yes I do. I have 3 of them
google-site-verification
v=spf1 -all
_token._dnswl.ecovillage.cc
Delete the v=spf1 -all record.
Note that due to the TTL of 86400, it may take a long time before other mail servers acknowledge the change.
done. I have deleted the v=spf1 -all record.
Servers that haven’t recently looked up your record will report the change. You can see one here by checking the txt record on your domain.
I just checked it using that tool. Must still be cached as it reported TXT v=spf1 mx -all
should I reboot the server ?
That is the new record.
Your first record:
v=spf1 -all
This configuration means no server is authorized to send mail on behalf of the domain (-all).
Your current record:
v=spf1 mx -all
This configuration means that servers in the mx record of the domain (mx) can send mail on behalf of the domain and no other servers can send mail on behalf of the domain (-all).
aaah. I’ll resend the emails I was having rejected and see what happens. if you don’t hear from me, the problem was solved! thank you again for all your time and attention!
Note that it may take a day or two for the previous servers to renew their caches, so they will behave according to the previous record.
oh yes. tnx for the reminder.
This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.