I administrate the domain [mydomain.com] which was until now only used for handling mail through Google Mail/Google Apps.
Now I added a server which should be part of the domain without changing the primary purpose. I want the server to be able to send simple administrative mail, so I installed and configured sendmail.
When I send testmails to another Google Mail address the mail gets through but I get this header information:
Received-SPF: pass (google.com: best guess record for domain of [myuser]@[myhost].[mydomain].com designates [myipv6address] as permitted sender) client-ip=[myipv6address];
Now of course I want the validation to pass without guessing but I have probably something wrong in my DNS record.
$TTL 86400 @ IN SOA [mynameserver1]. ( 2013101002 ; serial 14400 ; refresh 1800 ; retry 604800 ; expire 86400 ) ; minimum @ IN NS [mynameserver3]. @ IN NS [mynameserver2]. @ IN NS [mynameserver1]. @ IN A [myipv4address] [myhost] IN A [myipv4address] @ IN AAAA [myipv6address] [myhost] IN AAAA [myipv6address] @ IN MX 1 ASPMX.L.GOOGLE.COM. @ IN MX 5 ALT1.ASPMX.L.GOOGLE.COM. @ IN MX 5 ALT2.ASPMX.L.GOOGLE.COM. @ IN MX 10 ASPMX2.GOOGLEMAIL.COM. @ IN MX 10 ASPMX3.GOOGLEMAIL.COM. @ IN TXT "v=spf1 a:[myhost].[mydomain].com ip4:[myipv4address] ip6:[myipv6address] include:_spf.google.com ~all"
I can’t find the error and would appreciate any help.
You sent email from an address which contains a subdomain of your domain. Your domain has an SPF record, but the subdomain does not. Thus Google makes a “best guess” that your domain’s SPF record should be used. This violates the specification, under which your subdomain would not be considered to have an SPF record, but it usually reflects what senders (whose mail systems are misconfigured) intended.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.