SymptomsMy server myserver.com cannot receive messages from some email addresses, for example from the email@example.com address.
CauseThe issue may be due to SPF filtering. SPF test involves matching IP address of sender with a rule, determined in sender's SPF record, which is set up as special DNS record in sender's DNS zone. Thus SPF may block emails in certain conditions.
Diagnostics1. Check if SPF filter on myserver.com is set up to reject all mail that fails to pass SPF test ('Tools & Settings' -> 'Mail Server Settings' -> 'SPF Checking mode').
2. Check if the sender’s SPF record looks like:
[firstname.lastname@example.org ~]# host -tTXT email.com
email.com descriptive text "v=spf1 ptr -all"
Such record means that receiving hosts, should only accept mail if IP address of sender resolves to the sender's (sub)domain (i.e. *.email.com.) Otherwise, the message should be rejected.
3. Check if the sender’s IP address does not resolves back to *.email.com. As in this example:
[email@example.com~]# host -tmx email.com
email.com mail is handled by 10 mail.email.com.
[firstname.lastname@example.org~]# host mail.email.com.
mail.email.com has address x.x.x.x
[email@example.com~]# host x.x.x.x
x.x.x.x.in-addr.arpa domain name pointer anotherdomain.com.
If all of the above conditions are true, follow the resolution part below.
ResolutionThe ideal solution should be applied by administrators of the email.com server -- they should either include anotherdomain.com into their SPF record or send email from a correct IP address.
However in some cases it may be difficult to get in touch with them. In that case the only solution that can be implemented on your server to avoid SPF rejection is to adjust server's policy not to reject mail if it fails SPF check ('Tools & Settings' -> 'Mail Server Settings' -> 'SPF Checking mode') or disable SPF checking altogether.
Note: Adding the email.com’s IP address to your server-wide mail settings' whitelist will not solve the issue, because white list only affects mail authentication (i.e. hosts from white list can relay mail through the server without authentication).