Our agency has recently been getting messages back that state:
"Mail Delivery System"
>This message was created automatically by mail delivery software.
>A message that you have sent could not be delivered to one or more
>recipients. This is a permanent error. The following address(es) failed:
<>: 550 Validating Sender: 5.1.0
>184.108.40.206 is not allowed to send from <oleanny.com> per it's SPF
>Record. Please inspect your SPF settings, and try again. IB508
>: 550 Validating Sender: 5.1.0
220.127.116.11 is not allowed to send from <bounce.secureserver.net> per it's SPF Record. Please inspect your SPF settings, and try again. IB508 <http://x.co/srbounce>
for a number of our email users.
This has only recently started. We have made no changes to our DNS. I do not even know how to check out SPF records, as we have never had a problem like this.
We are still using the McAfee Saas until we can get a new email security package.
Could anyone help me in tracking down the cause of this and a possible solution? My login credentials to support that once worked seem to have disappeared.
Message was edited by a Moderator to remove all email addresses for privacy and safety of those involved
Sorry this got caught in the spam filters due to all the links and email addresses.
Have moved it provisionally to Saas Email Security for faster attention....I hope.
Do you know of any way that I would be able to communicate directly with support? I am having an extremely difficult time trying to get this figured out. My CEO has come directly to me about not getting important replies.
I am unsure if this is an issue on my side or on some of our various vendors.
Thank you for your help.
It seems that anyone who has an SPF record that reads:
v=spf1 include:spf.protection.outlook.com -all
cannot reply back to our domain.
If you are using the SaaS Email Protection service to send outbound mail and you have issues with mail delivery, you must set up your SPF records as described here to ensure your messages are not being rejected by other mail servers performing SPF validation:
However, if the issue is with inbound email being sent to you (as a SaaS Email customer), then the sender has to make sure they have valid SPF records set up. If you keep having problems with inbound mail failing due to SPF checks, you may have to either add them to the allow list or disable enforced SPF for certain domains.
From you last comment, it appears that the issue is predominantly with inbound emails coming from office 365 hosted domains. It may be that Microsoft's SPF records are out of date - all you can do at this point is hoping for them to correct that.
Also, another thing to consider is, disabling SPF checks at your mail server. As all inbound mail, in your case, will be routed through the mxlogic servers, you must not perform additional SPF checks at your mail servers. All connections to your mail server will come from mxlogic IPs.
I have talked to GoDaddy support who edited our SPF record to read v=spf1 a mx includesecureserver.net -all. I thought the problem had been solved, but it has returned.
Do I need the record to also include something about mxlogic?