Views:

Question


I have received a non-delivery report (NDR) email with a SPF validation error. How do I resolve this?
 

Solution


Please contact your Network Administrator for help with this method.

To troubleshoot, you will first need to check that your SPF record includes the Crossware mail servers.

As your email goes through our service, the Crossware server's IP will be referenced in the email headers.
 
NOTE: An SPF record identifies which mail servers are permitted to send email on behalf of your domain.

1. View the header of the email you sent.

For Outlook 2016, double-click the email message to display it in its own full window, select "File" > "Properties" and view the message header in the "Internet headers" field at the bottom of the window.

2. Scan the header text for a mention of "spf=fail".

For example:


3. Check that the IP Address listed next to "sender IP" is a Crossware IP address from this list:
Region: Australia
AUS-EAST -52.147.28.32
AUS-SOUTHEAST -52.189.217.208

Region: Canada
CAN-CENTRAL -52.237.28.198
CAN-EAST -52.242.38.143

Region Europe:
EUROPE-WEST -51.137.107.73
EUROPE-NORTH -40.113.68.44

Region France:
FRANCE-CENTRAL -40.89.153.145

Region USA
US-EAST -104.211.28.205
US-WEST -104.210.63.101

Region: All (Only For Trial Customers or Customers Production Before 25 Nov 2018)
US - 104.41.148.118
EU - 104.40.179.195
AU - 104.210.116.177
Trial - 104.45.140.251
 
If you find spf=fail text with a Crossware IP address, the next step is to confirm that your domain returns an SPF record.
 
4. Log in to Kitterman SPF Record Testing Tool - https://www.kitterman.com/spf/validate.html

5. Type in your "Domain Name" and click "Get SPF Record" (if any).

6. Your SPF record should look similar to this example.

It should NOT return a record that includes the text include:o365.crossware.co.nz -all


You will need to update your SPF record to include a list of Crossware Mail Servers as an allowable sender from your domain.

7. Update your SPF record in your DNS to include

Depending on the Region you have been Provisioned in:
 
Region
Use SPF Record
Trial
include:o365.crossware.co.nz -all
Australia
include:aus.o365.crossware.co.nz -all
Canada
include:canada.o365.crossware.co.nz -all
Europe
include:europe.o365.crossware.co.nz -all
France
include:france.o365.crossware.co.nz -all
USA
include:usa.o365.crossware.co.nz -all
ALL* include:o365.crossware.co.nz -all

*Please only use ALL if you are a Trial Customer or have been Provisioned in Production before 25 November 2018
 
NOTE: How to do this for this will vary depending on your configuration - check with your Network Administrator for assistance.

An example of a DNS record that has been updated to include the include:o365.crossware.co.nz -all value:


8. Use the Kitterman SPF Record Testing Tool (http://www.kitterman.com/spf/validate) again to confirm that include:o365.crossware.co.nz -all appears in your SPF records.

Type in your Domain Name and click Get SPF Record (if any)



The results should look like this example below:


 
NOTE: You will need to allow time for the DNS record changes to propagate which may take up to 24 hours.

9. Send a test email to any external email address to check that your emails are now being sent.
Related Products: CMS O365