I’m not sure how to fix the below error; hopefully I’ve provided enough information:
550 <IP Address> is not allowed to send mail from [domainname.com](http://domainname.com). Please see the SPF record, with scope mfrom, identity [info@domainname.com](mailto:info@domainname.com), and ip <IP Address>
I don’t know anything about SPF records (this stuff was migrated from a different host to Amazon by someone else). The way I THINK this works is that the email is sent to a filter and it’s the filter that’s denying the email from passing/forwarding to the email receiver. The site is hosted on Amazon AWS with the SPF record: v=spf1 include:spf.protection.outlook.com -all
The site is set up to send security reports to an email address hosted elsewhere .
I don’t know where to begin to ‘fix’ the problem. I’ve read many solutions that were anywhere from completely rewriting the SPF record to just changing the ‘-all’ to ‘~all’.
I would appreciate ANY clarification and an explanation on a possible solution.
This is not some filter denying the email, this is the destination server denying the email.
What SPF is for is a record in the DNS that confirms that the sender of the email is actually allowed to send the email. The SPF record you have now tells email servers that outlook is allowed to send email on behalf of your domain (as stated by the include:spf.protection.outlook.com bit) and no one else is (the -all part).
When you change -all to ~all you’re basically saying “I think the list before is complete, but I might have forgotten something”. Some email servers are lenient to this, but it’s not ideal.
Where is the sent email actually coming from? If it’s coming from AWS servers you should include their IP in the SPF record. Suppose the IP is 1.2.3.4 then the SPF record would become
Hey, rpkamp. I tried what you recommended and still get the error (“v=spf1 include:spf.protection.outlook.com a:209.85.208.196 ~all”).
Let me see if I can expand on the error: 550 (Google IP) is not allowed to send mail from [domainname.com](http://domainname.com). Please see the SPF record, with scope mfrom, identity [info@donmainname.com](mailto:info@domainname.com), and ip (Google IP).
The original domain registar is with Network Solutions. We have the site hosted on AWS. The emails are with Google. I was recommended by AWS to duplicate all of the DNS records (MX, TXT, A, etc.) and create Hosted Zones for those and point the DNS to AWS.
The website has contact forms and THAT data comes in just fine via email. But if I need a security report auto emailed from the website, that’s when we get the error message.
I even REMOVED the SPF line in the TXT record from the AWS Hosted Zone record and we still got the same error message after running a test, if that helps.
Message not delivered There was a problem delivering your message to thisuniqueemail@domain.com . See the technical details below, or try resending in a few minutes.
550 209.85.167.66 is not allowed to send mail from websitedomain1.com. Please see the SPF record, with scope mfrom, identity `info@websitedomain1.com, and ip 209.85.167.66
While rpkamp did his best to explain to me what causes it and made a suggestion to a possible solution, I’m still not closer to solving the problem for that ONE particular email address–no matter what I change in the SPF record to in Amazon’s AWS Hosted Zone record.