Help me understanding SPF signature please!

How To
1

Hello,

I have troubles sending emails using the email module from Make to a PDF invoices mailing address from a bank (Payhawk).

When I send emails manually from an application (Spark), they are being processed correctly by the receiver.
When I send emails with the Make module, I get a Delivere Status failiure, with the message that the “SPF signature is not valid or missing”.

It’s important to mention that mailing with Make to customers (gmail, outlook, … ) never has been a problem, however sometimes our emails get into the junk, so that might be related to this issue.

I asked the customer service from Payhawk why they cannot process my emails, and they told me this:


The SPF checks are not passed for the following IPs:

* 209.85.221.48
* 209.85.221.45
* 209.85.128.52
* 209.85.128.54

Only one IP address is passing the check so far (with 4 email passes) and this is 83.217.72.86.

image
image901×910 56.7 KB

I also called to our hosting company, they tell us I have to enter an extra “include” for make.com in our spf records

2

SPF failure means that the DNS settings for your domain mundero.de does not list your email server’s IP address in the SPF record.

This has nothing to do with Make.

Your current SPF record looks like this:

Type Name Content TTL
TXT mundero.de "v=spf1 a mx ip4:185.182.56.120 a:spf.spamexperts.axc.nl ~all" Auto

To resolve this, go to your DNS registrar’s website and change the DNS record to this:

Type Name Content TTL
TXT mundero.de "v=spf1 +all"                                                                                  Auto

This allows emails from your domain to be sent from any IP address.

If you want to only specify those five IP addresses, it should look like this:

Type Name Content TTL
TXT mundero.de "v=spf1 ip4:209.85.221.48 ip4:209.85.221.45 ip4:209.85.128.52 ip4:209.85.128.54 ip4:83.217.72.86 include:mundero.de -all" Auto

Hope this helps! Let me know if there are any further questions or issues.

@samliew

P.S.: Investing some effort into the Make Academy will save you lots of time and frustration using Make.

1 Like
3

This was incorrect advice. Make does not send the actual email.

Make logs into your email server using the established connection credentials, and then your email server sends the emails out.

Therefore, including make.com in the SPF records wouldn’t have helped.

Hope this helps! Let me know if there are any further questions or issues.

@samliew

P.S.: Investing some effort into the Make Academy will save you lots of time and frustration using Make.

4

Hello, thanks. Our domain is www.mundero.be (instead of .de)

Currently this is in our spf:
image

We want a safe system, so we need -all in the ending.
I just learned that the “mx a” in the beginnen of the record means it includes our A-records, isn’t that enough?

Also adding: when I send emails from my application Spark there is no problem. Doesn’t Spark also log in to our mailserver?

5

ChatGPT may just have given me the solution:

image
image627×504 37.6 KB

6

However, I think it’s dangerous to add spf.google.com, won’t my domain be vulnerable for scam?