email flagged as spam (spf softfail) - what spf setting to allow cloudfilter servers?

fredko
Grasshopper
‎2023-01-17 01:08 PM

Hi - I send email from my own domain, mydomain.ca, through shaw's mail.shaw.ca smarthost.  I set an spf txt field with my domain provider as:

"v=spf1 +a +mx +a:smtp-out-so.shaw.ca +a:smtp-out-no.shaw.ca ~all"

This used to work fine, but some time earlier this year it seems shaw started to divert my outgoing emails through cloudfilter.net servers, I guess to filter spam.  Now the receivers indicate spf softfails (as per the "~all" tag), since the receiver no longer sees the "originating" server as a shaw server.

What cloudfilter server/IP range should I specify in the spf txt field so receiving servers give an spf pass?  In other words, what will receiving servers see as the originating IP/server?

Thanks!

Labels (1)
Labels
0 Kudos
Reply
2 Replies

--- The "nslookup" command-line utility is your friend: $...

mdk
Legendary Grand Master
‎2023-01-18 08:12 AM

@fredko --- The "nslookup" command-line utility is your friend:

$ nslookup -ty=mx shaw.ca.
shaw.ca MX preference = 0, mail exchanger = shw-central.mx.a.cloudfilter.net

$ nslookup smtp.shaw.ca.
Name: shawmail.glb.shawcable.net
Addresses: 64.59.128.135 , 64.59.136.142
Aliases: smtp.shaw.ca

 

0 Kudos
Reply
Reply
Loading...

Thanks for the reply - that got me on the right track and...

fredko
Grasshopper
‎2023-01-19 12:24 PM

Thanks for the reply - that got me on the right track and it's working now.

In case anyone else has this problem, what I first did was use a command like

host -t txt shaw.ca

to get the spf txt record for shaw.ca (I'm sure you could use nslookup or dig instead).  The result is:

shaw.ca descriptive text "v=spf1 mx ip4:3.97.99.32/31 ip4:3.97.99.42/31 ip4:64.59.134.0/25 ip4:64.59.136.128/27 ip4:204.209.208.40/31 ip4:204.209.208.150/28 ~all"

Some of those IP's are indeed the IP's my outgoing emails get tagged as coming from by the receivers.  Now I could just add those IP's to my own domain's spf txt field.  But instead I did a simpler approach, and just added

include:shaw.ca

to my domain's spf field.  This means any IP's shaw.ca deems acceptable for outgoing emails will be acceptable by me, and if shaw changes those IP's in the future I won't have to make any changes myself.

Reply
Reply
Loading...
TALK TO US
We're here to help
Connect on Live Messaging
Chat on Messenger
Direct Message on Twitter