SPF record is valid, but Gmail refuses the message

[magick]

Hi to all,

I setted correctly the SPF record in cPanel with IP address of my hosting provider, but when I send a message to Gmail account by client I have this error:

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
host gmail-smtp-in.l.google.com [142.250.27.27]
SMTP error from remote mail server after end of data:
550-5.7.26 This mail is unauthenticated, which poses a security risk to the
550-5.7.26 sender and Gmail users, and has been blocked. The sender must
550-5.7.26 authenticate with at least one of SPF or DKIM. For this message,
550-5.7.26 DKIM checks did not pass and SPF check for [mydomain.org] did not
550-5.7.26 pass with ip: [185.201.19.56]. The sender should visit
550-5.7.26 https://support.google.com/mail/answer/81126#authentication for
550 5.7.26 instructions on setting up authentication. bt23-20020a170906b15700b0098cf1b12715si3646930ejb.581 - gsmtp

I don't know this IP 185.201.19.56, searching on Google I found this: IP Geolocation Information of 185.201.19.56.

How come this happens? Can I add IP 185.201.19.56 in SPF record?

 

[quietFinn]

I suggest that you contact your hosting provider regarding this.

I believe it'll work if you add this to the SPF record:
include:spf.antispamcloud.com

 

[sparek-3]

This can also happen if you are forwarding mail. This is why forwarding mail off of your server is a bad idea. If forwarding mail off of your server had never been a thing, then SPF would stop A LOT of the email spoofing and spamming that goes on.

If you have a mydomain.com email address that forward to your gmail.com email address, then if someone from a yahoo.com address sends an email to your mydomain.com email address - that message will get forwarded to your gmail.com address. Gmail will get the message, see that it's from a yahoo.com email address, and see that the message is coming from your server's IP address. The yahoo.com SPF record is not going to authorize your server's IP address as being a legitimate source for yahoo.com email. So Gmail may reject the message with an error to the one similar to what you are seeing.

 

[magick]

This can also happen if you are forwarding mail. This is why forwarding mail off of your server is a bad idea. If forwarding mail off of your server had never been a thing, then SPF would stop A LOT of the email spoofing and spamming that goes on.

If you have a mydomain.com email address that forward to your gmail.com email address, then if someone from a yahoo.com address sends an email to your mydomain.com email address - that message will get forwarded to your gmail.com address. Gmail will get the message, see that it's from a yahoo.com email address, and see that the message is coming from your server's IP address. The yahoo.com SPF record is not going to authorize your server's IP address as being a legitimate source for yahoo.com email. So Gmail may reject the message with an error to the one similar to what you are seeing.

Thank you for your help.

Sorry I don't understand. If I receive an email to "[email protected]" and this is forwarded to Gmail, should it not be anyway my domain the sender?

In any case, that email account have not forward. In addition the error happens when I sent an original message, not forwarded, by client.

Other email account in this domain have forwarding, but they works correctly.

 

[cPanelWilliam]

Hello!

Does your server have a smart host set up? Based on the bounceback error, it appears your mail is being relayed from 185.201.19.56. You stated that you do not recognize this IP address, but it does appear to belong to a mail service (antispamcloud.com). If you are using this mail service to relay email, they likely have their own SPF record they recommend using for your domain.

 

[magick]

Hello!

If you are using this mail service to relay email, they likely have their own SPF record they recommend using for your domain.

No, I'm not using this mail service, maybe my hosting provider is using it.
In any case, the provider suggest me to replace the original SPF record " "v=spf1 +mx +a +ip4:94.yyy.yy.y ~all" (ip4:94.yyy.yy.y is the address of my server), with "v=spf1 include:spf.domain.it ?all" (domain.it is the domain of my hosting provider). I don't understand because in the new record there is not "+mx +a" and because it have "?all" in place of "~all".

 

[quietFinn]

You could just add "include:spf.domain.it" to your current spf record, that should work.