How to Add an SPF Record For Your VPM Mail
Email Authentication Considerations for VPM POP Mail accounts
If you are using email addresses on your VHOST using mkvpm
, for example if your VHOST is “myvhost.com” and you've used 'mkvpm' to create a POP3 email account me@vhostcity.net
, you may have noticed that your SMTP mail from the client you've set up quite correctly, when sent to Gmail users, you are getting rejected with a message that looks like the following:
----- The following addresses had permanent fatal errors ----- [somebody@gmail.com] (reason: 550-5.7.26 This mail is unauthenticated, which poses a security risk to the) ----- Transcript of session follows ----- ... while talking to gmail-smtp-in.l.google.com.: >>> DATA <<< 550-5.7.26 This mail is unauthenticated, which poses a security risk to the <<< 550-5.7.26 sender and Gmail users, and has been blocked. The sender must <<< 550-5.7.26 authenticate with at least one of SPF or DKIM. For this message, <<< 550-5.7.26 DKIM checks did not pass and SPF check for [vhostcity.net] did <<< 550-5.7.26 not pass with ip: [205.166.94.24]. The sender should visit <<< 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for <<< 550 5.7.26 instructions on setting up authentication. 17-20020a630611000000b004fb921d0184si10555596pgg.146 - gsmtp 554 5.0.0 Service unavailable
To prevent this, you need need to add a SPF record to your VHOST's .dns file so Gmail and other services won't reject your emails as spam.
We want to add a record to the DNS file for your VHOSTed domain that points to whatever the SDF mail server is doing, so the record will point to SDF's SPF record, or if that isn't available, won't either authenticate or say it's spam.
Steps:
- Edit $HOME/.dns/yourdomain to add an spf record
It will look like the following:
;PDNS:205.166.94.20 ;SDNS:192.67.63.35 IN NS ns-a.sdf.org. IN NS ns-b.sdf.org. IN NS ns-c.sdf.org. IN NS ns-d.sdf.org. IN MX 50 mx.sdf.org. IN A 205.166.94.17 $ORIGIN vhostcity.net. www IN CNAME vhostcity.net.
- To map to whatever SDF is doing, add a
TXT
directive lineunder the '$ORIGIN' line
that looks like this:@ IN TXT “v=spf1 include:mx.sdf.org ~all”
. Now it will look like:
;PDNS:205.166.94.20 ;SDNS:192.67.63.35 IN NS ns-a.sdf.org. IN NS ns-b.sdf.org. IN NS ns-c.sdf.org. IN NS ns-d.sdf.org. IN MX 50 mx.sdf.org. IN A 205.166.94.17 $ORIGIN vhostcity.net. www IN CNAME vhostcity.net. @ IN TXT "v=spf1 include:mx.sdf.org ~all"