Wrong default SPF record?

On my box the default SPF record for my domain is v=spf1 mx -all
I’ve always been in the understanding that it should be v=spf1 mx ~all to allow it.

The reason I’ve been digging into this problem is that all my e-mail is flagged as spam at gmail and outlook. This has been the case for multiple years now.

Hi dofl,

-all is a more strict policy than ~all and it’s recommended one. I assume you are sending e-mails only via your box.domain.com, if you are sending from other IP’s not matching your mx record i.e. box.domain.com ipv4 or ipv6 IPs this will be marked as spam.
If that’s not the case then your best starting point is to get an e-mails headers from spam classified Gmail and outlook and start analyzing them.
Google Header Analyzer
MS Hotmail/Outlook Header Analyzer

And try to work your way up for each one. I assume you have done basic checks with https://mxtoolbox.com/ and nothing has been flagged by 159 test that it performs?

PS I know MX could be confusing because it’s for receiving emails. But in this case, sending and receiving subdomain and IPs are the same once for default MIAB setup. Check if your RPT records match for ipv4 and ip6 and on default setup they would be box.domain.com, or whatever you had chosen instead box subdomain name.


Hi mveplus,

I’ve dug a bit deeper and you are right about the -all being preferred above ~all.

Some information about my box; it’s been running almost 3 years from the same IP. The IP is clean from any blacklists. MXtoolbox reports that all 159 tests pass successfully and mail-tester.com gives a rating of 10/10. This has always been the case these years.

My box also takes over the DNS. The PRT record resolves the IP to the box it’s hostname. Everything is set as it should be, but still both Gmail and Hotmail tend to move all my e-mail into their spam filters. I’ve recently overruled the SPF record to ~all and none of my mail is being flagged as spam anymore. I don’t have a mail header at my disposal to check the headers, but that would have made it easier. But for now I’m happy that I can e-mail everyone since all these years.

Thanks for the tips and I’m curious of more people have the same problem with spam filters.

Dofl, Thanks for drawing the full picture :wink: for us.
That’s interesting and annoying as well. I’m in the same boat as well but just with Hotmail/Outlook, it will flag my e-mails as spam always! I have followed all guides out there for compliance and analyzers and go over any publicly available info in a search for answers why?

My results MXtoolbox and Mail-tester and similar mail-test-apps are always excellent. I host my mail server for a long time, but recently I moved to MIAB and moved from Digital Ocean to VPS.net and now I’m with Linode. Alyaws my IPs were clean except for Linode one was in one of the blacklists when I moved over - it was because the whole IP sub-range was blacklisted - someone being naughty - so I’ve contacted the blacklist guys and they removed my IP -v4 ( v6 was okay). I’m also using MIAB an NS and PRT are fine for IPv4 and IPv6.

I’ve created e-mail my accounts with Hotmail and Google so I can test deliverability from time to time and also have the header information.
With Google, I never had a serious issue - just a while ago my e-mails were going it not spam but were before I moved to MIAB and reason was I forgot to include my IPv6 in SPF policy, and sometimes my emails would be sent emails via IPv6 and other times via IPv4 and they were flagged only when sent over IPv6. However, after moving to MIAB this is not an issue anymore.

But Hotmail/Outlook is another fish, and they still put all my e-mails to spam! I’m not sending any “business e-mails” and I’m low volume sender. I’m registered with their Junk Email Reporting Program (JMRP) and Smart Network Data Services program (SNDS) and after contacting them to Reported deliverability problem, finally, they have conditionally mitigated my IP ( I’ve contacted them 4 times before and application was rejected, but once my emails were never delivered even in the Junk to Outlook e-mail but they were successfully sent out from my Box, confirmed by the mail logs.)
So now e-mails from my Box are at least delivered to Junk mail folder in Hotmail/Outlook, and if I analyze the headers from my Hotmail/Outlook received e-mails - there is no clue why this is moved to Junk folder - the flag set by MS servers is NSPM but it’s still delivered there.

I gave up on them! But now you are giving me a hope and I’ll try SPF change and see the results.

In my expierince, even though the online anti spam checks, are nice. They are not fool proof, the actual anti-spam companies like CloudMark, AT&T and others use thier own customized, and modified lists.

Which even in my experience, every half a year I have to write up a Anti-Spam request for whitelisting, the IT divisions, at these companies rather take an approach that is block all, ask questions later. If you are getting bounce backs, read the return email header information. They tell you where to go for removal, and how to contact them.

In my experience, CloudMark, and AT&T are the hardest to get removals from, It took me 4-5 requests, until I spammed AT&T’s Twitter account till they budged. CloudMark, needed a reminder. 90% of the time, these are form fill outs.

Find out who the anti-spam company/lists are they are causing your issues. Post them here, and it will likely go away soon after.

Thanks, ricky1146,

Yes, you’re right - mail testing apps can’t give you the full picture but at least they are a good starting point. Thanks for CloudMark & AT&T hint I was not aware of these at all - who is using them?

MS Hotmail/Outlook - I’ll have a look but they seem to use a few stages to flag your incoming emails one of them for sure is:
Symantec Lists - my box is OK on that one.
Outlook also uses their internal lists and sender/organization reputation lists and I can’t find any info out there.
Except contacting them via Sender Information for Outlook.com Delivery But if somebody reading this thinks this will solve magically the deliverability issues with MS, Please! be reasonable and don’t spam them if you don’t have done and cover at least their basic compliance checks for your sending mails server.


Hotmail/Outlook departments, are easy. They actually respond with someone from the IT department back. Which shows, they are human, somewhere. The others are automatic. I just know AT&T is the most difficult. I’ve been listed, at least 4 times, which I had to vent my frustrations with them. Even suggesting they call my phone number, to verify my legitimacy

This topic was automatically closed after 61 days. New replies are no longer allowed.