Trying to understand SPF

[nzkiwi]

Just signed up as a reseller and trying to get my head around H-Sphere. I have set up a mailbox under my service domain but often messages sent using SMTP via mail4.myservicedomain.co.nz bounce due to "sender domain does not match SPF records".

I have enabled SPF for the domain myservicedomain.co.nz and set the SPF mechanism prefix to "Pass" What else do I need to do to prevent bounces. Bounced messages contain (in part) the following (addresses have been altered to protect from harvesting):

----- The following addresses had permanent fatal errors -----
<[email protected]>
(reason: 587 [email protected] sender domain does not match SPF records)

----- Transcript of session follows -----
... while talking to mail5.quik.com.:
MAIL From:<[email protected]> SIZE=2513 BODY=7BIT
<<< 587 [email protected] sender domain does not match SPF records
554 5.0.0 Service unavailable

--k1EAbPV5009824.1139913445/ns.quik.co.nz
Content-Type: message/delivery-status

Reporting-MTA: dns; ns.quik.co.nz
Received-From-MTA: DNS; barracuda.quik.co.nz
Arrival-Date: Tue, 14 Feb 2006 23:37:21 +1300

Final-Recipient: RFC822; [email protected]
Action: failed
Status: 5.0.0
Diagnostic-Code: SMTP; 587 [email protected] sender domain does not match SPF records
Last-Attempt-Date: Tue, 14 Feb 2006 23:37:25 +1300

 

[Nidhi]

Please open a support ticket with details like your service domain, email id, and bounce message.
To submit a ticket use http://resellerdesk.jodohost.com/support/
or drop a mail at resellerdesk @ jodohost.com

 

[nzkiwi]

Done. Still waiting for ticket to show in Open Ticket History, so can't give ticket #. Other details:
Queue: Support
From: **@****.co.nz
Subject: sender domain does not match SPF records
Timestamp: Wed, 15 Feb 2006 04:10:17 -0500

Still hoping some one can point me to a comprehensive, but easy to understand explanation of how SPF works.

 

[tanmaya]

http://www.openspf.org/
http://en.wikipedia.org/wiki/Sender_Policy_Framework

 

[nzkiwi]

http://www.openspf.org/
http://en.wikipedia.org/wiki/Sender_Policy_Framework

Thanks, helped a lot.

Mail to the recipients address was being forwarded to a second mail server. The second server did an SPF check against the forwarding server instead of against the original sending server. Consequently the check failed.

The solution was to to send the email to the address hosted on the second server. That information was supplied in the bounce.

 

[tanmaya]

SRS is there to rewrite the sender address in case of forwards so that they are correctly identified. But, maybe the primary recepient server isnt SRS compliant.