On Wed, Jun 04, 2025 at 09:34:58AM -0400, Bill Cole wrote: > The current SPF record for klovia.htt-consult.com is "v=spf1 mx -all" which > is an assertion that the domain never generates any email.
While the rest sounds reasonable, I'm not sure if this is correct? AFAIK, "v=spf1 mx -all" is an assertion that domain sends mail only via the server which is set as MX for that domain. I.e. in this particular case, it is equivalent to "v=spf1 a:klovia.htt-consult.com -all" or "v=spf1 ip4:23.123.122.149 -all" which would be just fine, if that was the server which is sending email. However, it seems that mail was actually sent by different server: medon.htt-consult.com [23.123.122.148], which causes the SPF failure. If both of those servers are supposed to be sending mails claiming to be from *@htt-consult.com, then you should put both of them in SPF record, e.g. "v=spf1 mx a:klovia.htt-consult.com a:medon.htt-consult.com -all" (that "mx" is not necessary, but probably won't harm, and might help a little from the problem repeating in the case servers change in the future) -- Opinions above are GNU-copylefted.
