• GoDaddy Community
  • Managing Email

    • Managing Email

    cancel
    Turn on suggestions
    Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
    Showing results for 
    Show  only  | Search instead for 
    Did you mean: 
    DaveWP
    New
    ‎08-14-2019 12:14 PM
    ‎08-14-2019 12:14 PM

    Adding support for smtpout.secureserver.net to spf record for a domain

    I am attempting to set  up a spf record that will only allow Godaddy's  workspace email, gmail, and  my outlook  app to send emails  using my  domain, with all other sources hard failed.    So my spf record  needs to have three permitted sources:

    • workspace email - this is covered by including "MX" in the spf record
    • gmail (using a redirect) - this is covered by including "include:_spf.google.com" in the spf record
    • outlook  application, which according to Godaddy's website, should use a SMTP setting of "smtpout.secureserver.net"

    My problem is that I cannot find a spf definition that covers the actual servers used by Godaddy.   Does anyone have a list of IP addresses used by their SMTP infrastructure, or a spf record that I can use as  a include statement.  I cannot use "secureserver.net" as it drags in all  outlook.com's spf  definition and I overload the limit of 10 indirects permitted under  spf rules. 

     

     

    Reply
    8 REPLIES 8
    PL281
    Super User IV
    Super User IV
    ‎08-14-2019 12:32 PM
    ‎08-14-2019 12:32 PM

    @DaveWP 

     

    Based on a post from 2016 - which goes into detail about cPanel vs WorkSpace vs office365 etc etc etc

     

    v=spf1 include:secureserver.net –all

    this should give you want you need (obviously with your other elements)

    I am a GoDaddy End User - Just Like You
    Check out my site! | I currently manage over 300 WordPress Websites
    * Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

    Once your issue is resolved,
    please be sure to come back and click accept for the solution

    Get Better Support on the Community Boards!
    Etiquette When Asking for Help from the Community

    Reply
    DaveWP
    New
    In response to PL281
    ‎08-14-2019 12:58 PM
    ‎08-14-2019 12:58 PM

    I've  already tried your suggestion, but as I  said in my  original post, I cannot   use your suggestion as the spf record associated with secureserver.net now includes the spf records associated with protection.outlook.com. 

     

    The result is  that when used with google's spf record, I  get too many nested records.

     

    You can see all the nesting by using the following link     secureserver.net

    Reply
    PL281
    Super User IV
    Super User IV
    In response to DaveWP
    ‎08-14-2019 01:14 PM
    ‎08-14-2019 01:14 PM

    @DaveWP 

     

    I see what you are saying....

     

    I guess my question is as the mx toolbox has  the IP addresses you need, can you grab them from there?? and build your SPF record from that?

    Or setup an SPF record for something like spf.yourdomain.com with the IPs from secureserver.net but without the additional includes - and then just have that in your include statement (trying to keep it clean)

    I am a GoDaddy End User - Just Like You
    Check out my site! | I currently manage over 300 WordPress Websites
    * Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

    Once your issue is resolved,
    please be sure to come back and click accept for the solution

    Get Better Support on the Community Boards!
    Etiquette When Asking for Help from the Community

    Reply
    DaveWP
    New
    In response to PL281
    ‎08-14-2019 01:32 PM
    ‎08-14-2019 01:32 PM

    You reply is useful, but this goes back to  my original question:  "Which of the many IP address blocks mentioned in the spf records for   secureserver.net are needed to provide support for smtpout.secureserver.net?".

     

    I've tried asking godaddy and they said they only provide assistance   to enable to send emails via workspace email.   My current approach  to building this list  is to rely on the email servers rejecting an email and getting the  IP address to add to my list.  This is a crapware approach.

     

    Aghhhhhh    !*!*!*!*!*!*!*

    Reply
    PL281
    Super User IV
    Super User IV
    In response to DaveWP
    ‎08-14-2019 02:20 PM
    ‎08-14-2019 02:20 PM

    @DaveWP 

     

    I believe that they all have the potential to be used - but not sure as there are different platforms which use that SPF

     

    Sorry I can't be of further help with that

    I am a GoDaddy End User - Just Like You
    Check out my site! | I currently manage over 300 WordPress Websites
    * Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

    Once your issue is resolved,
    please be sure to come back and click accept for the solution

    Get Better Support on the Community Boards!
    Etiquette When Asking for Help from the Community

    Reply
    JesseW
    Community Manager
    Community Manager
    In response to DaveWP
    ‎08-16-2019 11:47 AM
    ‎08-16-2019 11:47 AM

    Hi @DaveWP. Thanks for posting. The list of IP addresses that may send mail for secureserver.net would be very large. As far as I know, there wouldn't be a way to list them all individually. If there were, it probably wouldn't be advisable as they may change periodically. 

     

    As @PL281 mentioned, v=spf1 include:secureserver.net -all is the correct SPF record to reference all of our mail servers. (One quick note: that is a "-" as opposed to an elongated hyphen. The code block seems to change this character when you copy it.) Based on the information here, the SPF record for secureserver.net only contributes to 4 of the 10 DNS lookup limit. Adding your domain to the mix would increase that to 5. I'm not sure what the SPF you're using from Google, but _spf.google.com only shows 3 lookups. If you could provide specific examples that can be queried, that may help the Community address your concerns. 

     

    JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.
    0 Kudos
    Reply
    DaveWP
    New
    In response to JesseW
    ‎08-17-2019 06:29 AM
    ‎08-17-2019 06:29 AM

    Part of the problem with including   just "secureserver.net" is it  pulls in 3 definition blocks from Outlook.com.  

    spf1.secureserver.com includes the following     include:spf.protection.outlook.com

     

    We get to 10 include definitions if you follow the logic below

     

    1. My domain's SFP record
    2. include spf.secureserver.net
    3. include spf1.secureserver.net
    4. include  spf.protection.outlook.com 
    5. include   spfa.protection.outlook.com
    6. include   spfb.protection.outlook.com
    7. include   _spf.google.com
    8. include     _netblocks.google.com
    9. include  _netblocks2.google.com
    10. include  _netblocks3.google.com 

     

    Hence,   my request for a list  of IP address blocks  that  could be associated when sending emails using the Godaddy SMTP server.   (smtpout.secureserver.net).  This would not be an ideal solution.  my ideal solution would be for Godaddy to publish a spf definition,  say "spfsmtp.secureserver.net" , that I could include a reference to in my domain's spf definition.  

     

    BTW, I used  https://www.dmarcanalyzer.com/spf/checker/ to check my spf record, and it highlighted the problem with the number of spf definition's I was dragging in.  It flagged up the problem that some mail servers may fail emails sent  where there are a large number of includes,.    This triggered my  investigations as I have experienced problems sending emails to some UK government departments  / police authorities with the above list of spf records in the hierarchy for my domain.  However, as I was on the limit I have found  some ISPs are happy .

    Reply
    DougBa
    New
    In response to DaveWP
    ‎10-15-2019 11:10 AM
    ‎10-15-2019 11:10 AM

    I've struggled with authenticating messages sent from secureserver.net too. 4 lookups is just too many, and there's no reason anyone should have to authenticate outlook.com just because they use secureserver.net. The solution I've been using is to route messages from secureserver.net through Google's servers. https://support.google.com/a/answer/2956491?hl=en

    Reply

    You may also like...