How to Designate an IP Address as Permitted Sender
If you have your own domain handling email, then chances are you may run into email issues. It is extremely important that you properly designate your IP Address as a permitted sender.
First, let’s test to see if your domain is a permitted sender.
Log into your domain’s email account, brant@example.com let’s say. Send an email to another email account that you have access to. Just to name a few… gmail, Yahoo!, or Hotmail.
The important part is for you to view headers of this email, often referred to as “Show Full Headers”.
You will see something that looks like this, but note the SPF softfail error:
—- Original message —–
X-Received: by 10.224.25.8 with SMTP id x8mr31561868qab.77.1382465370255;
Tue, 22 Oct 2013 11:09:30 -0700 (PDT)
Return-Path: brant@example.com
Received: from my3.example.com (my3.example.com. [64.131.70.223])
by mx.google.com with ESMTPS id k5si10380639qen.50.2013.10.22.11.09.30
for send@domain.com
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Tue, 22 Oct 2013 11:09:30 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning brant@example.com does not designate 64.131.70.223 as permitted sender) client-ip=64.131.70.223;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning brant@example.com does not designate 64.131.70.223 as permitted sender) smtp.mail=brant@example.com
Tue, 22 Oct 2013 11:09:30 -0700 (PDT)
Return-Path: brant@example.com
Received: from my3.example.com (my3.example.com. [64.131.70.223])
by mx.google.com with ESMTPS id k5si10380639qen.50.2013.10.22.11.09.30
for send@domain.com
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Tue, 22 Oct 2013 11:09:30 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning brant@example.com does not designate 64.131.70.223 as permitted sender) client-ip=64.131.70.223;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning brant@example.com does not designate 64.131.70.223 as permitted sender) smtp.mail=brant@example.com
If you see Received-SPF: pass in the header then you have nothing to worry about. However, as you can see from above, I have a softfail issue. You may also see some with “fail”.
The fix is actually pretty easy. Login to your registrar where you registered the domain. What we need to do is create a new TXT record and add that specific IP (64.131.70.223) as a permitted sender.
The record will look something like this:
TXT example.com “v=spf1 ip4:64.131.70.223 ~all”
Add this entry to your registrar and wait for the record to update across the web. You can test your TXT / SPF entry with this handy tool.
A few things to note here:
- Make sure you use the quotation marks around the whole thing. (Do not just copy and paste from here because WordPress sometimes uses a different characters for quotes.)
- The last part ~all designates a softfail for any non permitted senders. Softfail basically means that you haven’t finalized your email settings yet. These emails have a chance of getting through, even though they fail.
- Once you send another test email and confirm that you PASS, change the ~all to -all. This means that any emails not from your designated senders should fail.
Sounds great, but what happens when you use another email provider, like mailjet to send email on your behalf?
Your TXT entry will then look like this:
TXT example.com “v=spf1 ip4:64.131.70.223 include:spf.mailjet.com -all”
Setting up email can be a bit frustrating, so hopefully this helps speed things along.
Still confused? You may also find Eric’s article on setting up SPF records useful.