Recently faced mail flow issue that Emails from externally hosted application or email from external IP addresses with internal domain email addresses have been Blocked or Quarantined as SPAM by the Email Gateway Devices like Symantec MessageLabs, Exchange Online Protection, Cisco IronPort, etc.
We have verified the transaction logs and found that the emails have been Blocked or Quarantined as SPAM because Sender Policy Framework (SPF) check has been failed. Then performed in-depth analysis of the email header and found that the Sender IP Address was missing in the current SPF record.
As our DNS Management has been recently migrated and their application will support maximum of 255 character per record, so few IP addresses which have been already in the SPF record was missing in the current SPF record.
After few research, we got the solution by splitting a SPF record to two or more SPF records by using option include in the SPF record.
Key = @
Value: v=spf1 include:spf.abc.com include:spf.def.net include:ghif.net include:spf1.abcd.com –all
Key = spf1
Value: v=spf1 ip4:220.127.116.11 include:spf2.abcd.com –all
Key = spf2
Value: v=spf1 ip4:18.104.22.168 –all
Screen capture of the sample SPF record:
Screen capture of the sample SPF1 record: