Logo Questions Linux Laravel Mysql Ubuntu Git Menu

SPF=Neutral sending through gmail





I'm using phpMailer on a Linode server. The DNS records are set to allow sending through the gmail mail server which is hosing my mail account [email protected]. I just added DKIM to try to get the SPF rating up. The DKIM apparently is fine but I still get SPF Neutral.

The sender set up is:

        $mail = new PHPMailer();
        $mail->SMTPKeepAlive = true;
        $mail->SMTPAuth   = true;
        $mail->SMTPSecure = "tls";                 // sets the prefix to the server
        $mail->Host       = "smtp.gmail.com";      // sets GMAIL as the SMTP server
        $mail->Port       = 587;                   // set the SMTP port
        $mail->Username   = "[email protected]";  // GMAIL username
        $mail->Password   = "*******************";            // GMAIL password
        $mail->isHTML(true); // send as HTML
        $mail->WordWrap   = 100; // set word wrap
        $mail->Sender = "[email protected]";

        $mail->DKIM_domain = "oiyc.org";
        $mail->DKIM_private = "*********/rsa.private"; //path to file on the disk.
        $mail->DKIM_selector = "mainkey";// change this to whatever you set during step 2
        $mail->DKIM_passphrase = "";
        $mail->DKIM_identity = $mail->Sender;

Here is the source received from an email sent through my linode server.

            Delivered-To: ********@gmail.com
            Received: by with SMTP id p82csp1388830lje;
                Sun, 4 Feb 2018 11:11:56 -0800 (PST)
            X-Received: by with SMTP id h73mr11556131pfk.143.1517771515865;
                Sun, 04 Feb 2018 11:11:55 -0800 (PST)
            ARC-Seal: i=1; a=rsa-sha256; t=1517771515; cv=none;
                d=google.com; s=arc-20160816;
            ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
            ARC-Authentication-Results: i=1; mx.google.com;
                dkim=pass [email protected] header.s=20150623 header.b=ytsz7YWm;
                spf=neutral (google.com: is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
            Return-Path: <[email protected]>
            Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [])
                by mx.google.com with SMTPS id i3sor1037208pgs.91.2018.
                for <********@gmail.com>
                (Google Transport Security);
                Sun, 04 Feb 2018 11:11:55 -0800 (PST)
            Received-SPF: neutral (google.com: is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=;
            Authentication-Results: mx.google.com;
                dkim=pass [email protected] header.s=20150623 header.b=ytsz7YWm;
                spf=neutral (google.com: is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
            DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
                d=oiyc-org.20150623.gappssmtp.com; s=20150623;
            X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
                d=1e100.net; s=20161025;
            X-Gm-Message-State: AKwxytcQCxD/95gmJfS/DyCC4XOh8K3K+Jj9QONeHmVyCH5ebJDtxvIl tQwyBjpS9etVQopYODbtnZZ2Kw0k1Pc=
            X-Google-Smtp-Source: AH8x227kdTn+9Ee7QoJFUYDPq/ax7LmKHzsDAtCNr/5cL0MidmAB3GWuEw4RU28Zb3jl8Kx0uAnegw==
            X-Received: by with SMTP id u77mr6305435pgb.401.1517771515191;
            Sun, 04 Feb 2018 11:11:55 -0800 (PST)
            Return-Path: <[email protected]>
            Received: from oiyc.org ([2600:3c01::f03c:91ff:fe56:5129])
                by smtp.gmail.com with ESMTPSA id m65sm14046167pfc.150.2018.
                for <********@gmail.com>
                (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
                Sun, 04 Feb 2018 11:11:54 -0800 (PST)
            From: Bob Brunius <[email protected]>
            X-Google-Original-From: Bob Brunius <********@gmail.com>
            Date: Sun, 4 Feb 2018 11:11:53 -0800
            To: ********@gmail.com
            Reply-To: Bob Brunius <********@gmail.com>
            Subject: A different sort of test 123d
            Message-ID: <[email protected]>
            X-Mailer: PHPMailer 6.0.3 (https://github.com/PHPMailer/PHPMailer)
            List-Unsubscribe: <[email protected]>, <https://oiyc.org/membershipDatabaseForms/unsubscribe.php?email=********@gmail.com&member=242>
            MIME-Version: 1.0
            Content-Type: multipart/alternative; boundary="b1_MR3sDgtyN4siuc2vYCZLxL34VuLFlexvK0WbbcEH7FA"
            Content-Transfer-Encoding: 8bit

            Content-Type: text/plain; charset=us-ascii

            Hello 12345678-abcd

            Content-Type: text/html; charset=us-ascii

            <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
            Hello 12345678-abcd
like image 472
Bob Brunius Avatar asked Feb 04 '18 19:02

Bob Brunius

People also ask

Does Gmail do SPF checks?

In Gmail, click Show original for a message, then check the SPF status in the original message.

How do I turn off SPF in Gmail?

To turn off SPF for your domain, delete the DNS TXT record for SPF at your domain provider. Use the steps in Add your SPF record at your domain provider as a guide. For help with turning off SPF for your domain, contact your domain provider. Google doesn't support issues with your domain host.

How do I fix SPF email error?

This error occurs when Sender Policy Framework (SPF) validation for the sender's domain fails. If you're the sender's email admin, make sure the SPF records for your domain at your domain registrar are set up correctly. Office 365 supports only one SPF record (a TXT record that defines SPF) for your domain.

What does SPF mean in Gmail?

SPF (Sender Policy Framework) is an email authentication standard that helps protect senders and recipients from spam, spoofing, and phishing. By adding an SPF record to your Domain Name System (DNS), you can provide a public list of senders that are approved to send email from your domain.

3 Answers

Currently your SPF record is published in your DNS as...

"v=spf1 include:_spf.google.com include:oiyc.org ~all"

which has an include:oiyc.org recursively referencing itself. This is technically incorrect, but strangely may work if the preceding mechanism include:_spf.google.com is satisfied and returns a result to the SPF query. Therafter the include:oiyc.org mechanism will cause the lookup to fail, so the ~all mechanism would never be processed.

The include: mechanism is intended to reference an externally published set of SPF details, usually at a different domain.

I suspect that you intended to reference the IP address of your own domain, presumably defined in DNS as an A record for the bare domain name, in which case you would us the mechanism a:oiyc.org which can itself be shortened to just a

So your resulting TXT record might be something like...

"v=spf1 include:_spf.google.com a ~all"

like image 69
Gavin Jackson Avatar answered Oct 20 '22 17:10

Gavin Jackson

There is no connection between using DKIM and SPF.

From the log:

Received-SPF: neutral (google.com: is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=;

When checking for the SPF record, this happens:

$ host -t TXT oiyc.org
oiyc.org has no TXT record

This means, you haven't set up any SPF rules. Therefore, there cannot be a SPF check. As the message states, there is no reason to have anything other than neutral.

This also applies to ARC-Authentication-Results and Authentication-Results headers.

like image 28
rollstuhlfahrer Avatar answered Oct 20 '22 17:10


The SPF that was supposed to add for the current IP listed is

@ TXT "v=spf1 a ip4: ~all"

visit this link to create and the SPF : https://mxtoolbox.com/SPFRecordGenerator.aspx

like image 32
althaf a s Avatar answered Oct 20 '22 17:10

althaf a s