It looks like you are facing issues with SPF (Sender Policy Framework) records for multiple domains on the same IP address, particularly with emails failing SPF checks. Let’s break down the issue and see how you can resolve it.
Understanding SPF Records
An SPF record is used to specify which mail servers are allowed to send email on behalf of your domain. When a mail server receives an email, it checks the SPF record of the sender’s domain to ensure that the sending server is authorized to send emails for that domain.
Issue Analysis
From your description:
Main domain: SPF is working fine.
Other domains: SPF check fails with a “does not designate permitted sender hosts” error.
You’ve set up an SPF record for the other domains to include the main domain, but it’s still failing. This suggests that either the SPF record isn’t properly set up or there’s a problem with how SPF records are being interpreted.
Steps to Resolve the Issue
Verify SPF Records Syntax and Include Directives
Ensure that the SPF records for each domain are correctly formatted and include necessary directives. Specifically:
Main Domain SPF Record:
less
v=spf1 ip4:86.127.60.59 ~all
Other Domain SPF Record:
makefile
v=spf1 ip4:86.127.60.59 include:maindomain.com ~all
This means that emails from the other domains should pass SPF checks if they come from the IP 86.127.60.59 or if the SPF check on maindomain.com passes.
Check SPF Record of the Main Domain
Ensure that the SPF record for maindomain.com is correct and properly configured to include all IP addresses that may send mail on behalf of that domain. For example, if maindomain.com has:
less
v=spf1 ip4:86.127.60.59 ~all
It should be valid.
Check DNS Propagation
Sometimes DNS changes take time to propagate. Use an online SPF checker or DNS lookup tool to ensure that the SPF records have been updated across all DNS servers.
Test SPF Records
Use online SPF validators such as MXToolbox SPF Record Checker to verify that the SPF records are correctly set up and that the include directive resolves as expected.
Avoid SPF Record Length Limits
Ensure that the SPF records are not too long or too complex. SPF records have a 255-character limit for a single TXT record and a 10 DNS lookup limit. If the record becomes too complex, consider simplifying it.
Cloudflare Configuration
Ensure that Cloudflare is correctly handling the TXT records:
Go to the Cloudflare dashboard.
Navigate to the DNS settings for each domain.
Verify that the SPF records are correctly entered as TXT records.
Check for SPF Syntax Errors
Verify that there are no syntax errors in your SPF records. Even a small typo can cause SPF checks to fail.
Example Configuration
Assuming you have the following setup:
Main Domain SPF Record (honeybadger.it):
less
v=spf1 ip4:86.127.60.59 ~all
Other Domain SPF Record (example.com):
makefile
v=spf1 ip4:86.127.60.59 include:honeybadger.it ~all
You should be able to send emails from example.com using the same IP as honeybadger.it if both domains have the SPF records correctly set up.
Troubleshooting Steps
Verify SPF Record Lookup: Use dig or an online tool to check the SPF record directly:
arduino
dig +short TXT example.com
Check SPF Record Inclusion: Ensure that include:honeybadger.it resolves to a valid SPF record for the main domain.
Inspect Email Headers: Look at the full email headers of the failed SPF check to diagnose where the failure is occurring.
By following these steps and verifying each component, you should be able to resolve the SPF issues and ensure that emails sent from all domains pass the SPF check. If you continue to face issues, you may want to reach out to Cloudflare support or consult with your email service provider for further assistance.