Email Deliverability "SPF is not properly configured for this domain." not reading into Included Files

[thowden]

Hi All

To clarify the title:
Email Deliverability: In a CPanel account, not the WHM console for the server.
Error Message is displayed (sometimes): "SPF is not properly configured for this domain."
Cause: This feature is not reading the Included Files.

Server is CPanel 94.08 which sync's with a cluster of CPanel DNSOnly servers for external resolution.

SPF record for the domain exists:
v=spf1 +a include:spf.protection.outlook.com include:spf.example-domain.com -all

while CPanel is recommending to specifically include the local IP (e.g. 123.456.123.456) - 'Must include' - implying it is broken and will not work without this.
Recommended record example:
v=spf1 +a +ip4:123.456.123.456 +include:spf.protection.outlook.com +include:spf.example-domain.com -all

Main issue: The 'included' file "spf.example-domain.com" already has the requested local IP address in it and the inclusion of this new record is redundant.
Testing via multiple sources confirms that it will and does work.

So why does CPanel not fully validate the existing SPF record ? It appears that Cpanel Email Deliverability test is not recursing into the include file(s).

Side issue:
Using the + sign with the include: statement is redundant as include means 'pass' sources within the file.

Is anyone else seeing this issue ?

Thanks
Tony

 

[cPRex]

Hey there! I can't say I've seen other reports like this. It might be best to open a ticket with our team so we can check your specific configuration.

 

[osirion]

I'm having the same issue here.
I have a domain where they dont handle the mail locally, the mail is handled externally by a remote mail service (Remote Mail Exchanger set).

Email Deliverability claims " Problems Exist (SPF)". Its saying I must include "ip4:serverip" for it to be correct, but surely thats not required if mail is all handled remotely?

 

[thowden]

Hi

I am not so sure it is the same issue but perhaps associated.

Your initial question should be where is the DNS managed ? If that is managed on your CPanel server then yes the SPF record should be there and potentially include the CPanel IP so that any email sent from the server(account) for the client is authorised within the SPF record.

The next question is what format does your SPF record have today and what needs to be changed, if anything. But first things first, how is the DNS managed ?

Hope this helps.
Tony

I'm having the same issue here.
I have a domain where they dont handle the mail locally, the mail is handled externally by a remote mail service (Remote Mail Exchanger set).

Email Deliverability claims " Problems Exist (SPF)". Its saying I must include "ip4:serverip" for it to be correct, but surely thats not required if mail is all handled remotely?

 

[cPRex]

@osirion - that's correct - if the mail is being handled externally, it's safe to ignore that recommendation.

 

[osirion]

Thanks for confirming @cPRex ! Would be nice if cPanel was smart enough to ignore it though!

 

[cPRex]

Could you submit a feature request about that using the link in my signature, and then I can bring it up with the team?