How to configure SPF and DKIM to prevent mail going to spam folder

4.1k views Asked by At
x-store-info:4r51+eLowCe79NzwdU2kR0zqpsRfiBoycNOl1Rdc4Wf7430jtHWQcYIrKJBAYArutl6yTQ5VQNWAmHikfoeKC6OfxZYs5RQXt5EONp5Fb+tgLbPo7J+jhd2D/FrCdQyzXUlVTtfPnBo=
Authentication-Results: hotmail.com; spf=softfail (sender IP is 184.168.200.138) [email protected]; dkim=none header.d=.com; x-hmca=fail [email protected]
X-SID-PRA: [email protected]
X-AUTH-Result: FAIL
X-SID-Result: FAIL
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD00
X-Message-Info: 3c21WZ1hAlvCXlgKMA/ssa/7uuyagef91LCbCD/6jerOOAesLoOF4khK55lv2648aOXN6IForiFWbNDXvt/F9pKgiEmQYyMILkICTpe+/i4pqZfOZymIYT4r8X/NfvkTbHXIijHuSgajahEKBV0qUiO6J/PlRheu+fHREz1zY9V0xz2tq5KTm2vBIQsSTbcG/VCzyglz1h9bRD91eSWpB+xt4cfKRwkgKlCJsJhnftc=
Received: from p3nlsmtpcp01-01.prod.phx3.secureserver.net ([184.168.200.138]) by SNT004-MC2F6.hotmail.com with Microsoft SMTPSVC(7.5.7601.22751);
     Wed, 26 Nov 2014 15:19:28 -0800
Received: from p3plcpnl0474.prod.phx3.secureserver.net ([50.62.176.1])
    by p3nlsmtpcp01-01.prod.phx3.secureserver.net with : CPANEL :
    id LPHH1p01e02B8ka01PHHME; Wed, 26 Nov 2014 16:17:17 -0700
Received: from kumani11 by p3plcpnl0474.prod.phx3.secureserver.net with local (Exim 4.84)
    (envelope-from <[email protected]>)
    id 1Xtlrr-0002Gt-Tx
    for *EMAIL*@live.co.uk; Wed, 26 Nov 2014 16:19:27 -0700
To: Neil <*EMAIL*@live.co.uk>
Subject: Ad Reply on
X-PHP-Script:.com//adreply.php for 5.151.130.2
Date: Wed, 26 Nov 2014 23:19:27 +0000
From: <[email protected]>
Reply-To: <[email protected]>
Message-ID: <[email protected]>
X-Priority: 1
X-Mailer: PHPMailer 5.2.4 (https://github.com/Synchro/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="b1_d6832c41b94a8dcf73b6660427bfbd46"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - p3plcpnl0474.prod.phx3.secureserver.net
X-AntiAbuse: Original Domain - live.co.uk
X-AntiAbuse: Originator/Caller UID/GID - [940112 956] / [47 12]
X-AntiAbuse: Sender Address Domain -.com
X-Get-Message-Sender-Via: p3plcpnl0474.prod.phx3.secureserver.net: authenticated_id: kumani11/from_h
X-Source: 
X-Source-Args: /usr/sbin/proxyexec -q -d -s /var/run/proxyexec/cagefs.sock/socket /bin/cagefs.server 
X-Source-Dir:.com:/public_html/
Return-Path: [email protected]
X-OriginalArrivalTime: 26 Nov 2014 23:19:28.0495 (UTC) FILETIME=[6CFA07F0:01D009CF]

--b1_d6832c41b94a8dcf73b6660427bfbd46
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When creating a mail with PHPMailer my emails are getting sent to the spam folder of my recipients mailbox

I have been told I need to configure my SPF and DKIM correctly, I think I have done this already on my GoDaddy account for SPF - @ v=spf1 a mx ptr include:secureserver.net ~all

Has anyone else got any ideas why my mail might be going to spam? Have I missed out any headers that you can tell?

1

There are 1 answers

1
Ángel On BEST ANSWER

Your SPF record is v=spf1 a mx ptr include:secureserver.net ~all

This allows sends from:

  • a → domain.com host (23.229.191.2)
  • mx ➜ mail.domain.com. (a CNAME for domain.com, so 23.229.191.2 too)
  • ptr → Any ip matching your domain when doing a reverse lookup. As 184.168.200.138 is p3nlsmtpcp01-01.prod.phx3.secureserver.net, it doesn't match your domain.
  • include:secureserver.net → include secureserver.net email policy, which is

v=spf1 ip4:207.200.21.144/28 ip4:12.151.77.31 ip4:69.64.33.132 ip4:68.233.77.16 ip4:184.168.131.0/24 ip4:173.201.192.0/24 ip4:182.50.132.0/24 ip4:170.146.0.0/16 ip4:174.128.1.0/24 ip4:173.201.193.0/24 include:spf-ss1.domaincontrol.com -all

in turn including spf-ss1.domaincontrol.com:

v=spf1 ip4:174.128.7.0/24 ip4:206.252.132.65 ip4:24.75.14.201 ip4:144.202.243.25 ip4:68.232.128.0/19 ip4:216.55.155.13 ip4:216.55.162.41 ip4:195.246.112.0/24 include:spf-ss2.domaincontrol.com include:spf.messaging.microsoft.com -all

and spf.messaging.microsoft.com

v=spf1 ptr:protection.outlook.com ptr:messaging.microsoft.com ptr:o365filtering.com -all

The sending ip 184.168.200.138 is not on any of those ranges. Thus SPF verification fails.

It's odd that 184.168.200.138 isn't listed on the secureserver.net spf. It could be a mistake, or maybe they don't intend users to include their policy on their domains, and thus only list their own email-sending ips, and not user servers.

How to make spf pass? The simplest way is to explicitely list the sending ip:

ip4:184.168.200.138

However, given that your server ip could change unexpectedly you may also want to allow all secureserver.net hosts with

ptr:secureserver.net

In summary, I would use the following p

v=spf1 a mx ip4:184.168.200.138 ptr:secureserver.net ~all

I have removed ptr (since you don't seem to have a dedicated ip whose reverse dns you could set) and the include:secureserver.net that wasn't working.