I see this in headers of received e-mail, sent from one server I maintain to another of my servers: Code: Authentication-Results: e-mailserver.abc.fi; dkim=fail (headers rsa verify failed) header.d=xyz.fi header.s=default header.b=DMWw09YK; dmarc=none; spf=none (e-mailserver.abc.fi: domain of [email protected] has no SPF policy when checking <IP-number>) [email protected] The domain xyz.fi does have SPF record, and it permits sending by e-mailserver.xyz.fi. Why does authentication say it has no SPF policy? It is true that "domain" e-mailserver.xyz.fi does not have SPF, but it is not a domain but an FQDN.
I'll try that. I have not known SPF can be given to hostname, but seems it is possible. Let's see how that affect authentication. I do find it a bit strange to assign SPF to a hostname, though.
I agree. I used it for the domain of the email address as well but after having issues with email sending via ISPConfig GIt server, I've created an SPF record for the server hostname and it helped in that case.
I try to create spf records for all hostnames, usually just a 'v=spf1 a -all' because they don't normally send mail directly, but spf records aren't inherited from the domain or anything, every hostname needs one. (Our main domain has over 400 spf records.) The amount of spam those stops isn't huge, but it's not zero. You can also create one for '*' but that only applies to hostnames which aren't explicitly defined, so you still have to add one for all defined hostnames.
Now the issue is solved, spf=pass where it was none yesterday. I feel like all I knew about how SPF worked is wrong.