Having trouble with SPF Record

  • Posted September 6, 2014

I’m trying to understand SPF records. I was under the impression SPF is used to give permission to hosts to send emails on the domain’s behalf (eg: from address). But this doesn’t look right.

I have a test domain: I added a TXT SPF record: “v=spf1 a mx ip4: ~all”

;; ANSWER SECTION:		300	IN	TXT	"v=spf1 a mx ip4: ~all"

I sent a test email from my work account to a address. I have Postfix configured to forward to My vhost ( has been set to accept

I did successfully get the email within Gmail. However, I found this in the headers:

Received-SPF: fail ( domain of does not designate as permitted sender) client-ip=;
   spf=hardfail ( domain of does not designate as permitted sender);

I don’t get it. I sent the email to is my vhost IP address. It is in my spf record. What is this message actually saying? Why does it appear to me to be saying doesn’t permit my vhost as a permitted sender?


This comment has been deleted

Addition: upon further reading of SPF records, I’m starting to see my original view was a bit off. I was under the impression to address would be the tested record when relaying from my vhost. Now, I’m starting to see why this is failing:

  • is the original sender, originally sent from my work’s SMTP relay. Sending an email directly to results in a Received-SPF: pass.

Because the email is being forwarded, it’s changing the SMTP relay to my vhost. And since isn’t set to allow my vhost to be an originating SMTP sender, it’s resulting in a fail.

SPF Records are really just for sending emails, not validating send routes.

New Question: Is there anything I can do to tell @gmail that my vhost is a valid relay for

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.


Okay, so I did a little more research and I found some interesting things:

SPF “breaks” email forwarding.


Yup! So, the solution here is to use SRS, in combination with SPF. I found a great quick tutorial for installing a PostSRS deamon:

In addition to this, I highly recommend updating ‘mydomain’ to be the desired from: domain you’ve setup SPF against. In addition, change the postsrsd process to run under ‘postfix’ in /etc/default/postsrsd.

ps -ef | grep postfix should then show a new postsrsd process, with your domain under -d parameter.

Did you add it a TXT record on your DO DNS tab to match the spf?