Your Achievements
Level 1
0% to
Level 2
Next /
to gain points, level up, and earn exciting badges like the new Applaud 5 BadgeLearn more!
View All BadgesSign in to view all badges
Open Alert Bar

SPF issues - Email Deliverability PowerPack

Mackenzie_Warre
Level 2
Level 2
‎04-12-2018 07:14 AM
‎04-12-2018 07:14 AM

SPF issues - Email Deliverability PowerPack

Can someone talk to me about SPF validation? We have the Email Deliverability PowerPack (250ok)which shows whether DKIM and SPF are valid for each email send (among other things).

Every few sends, the 250ok tool shows our SPF as failing. However, when when I run the DSN check in the Marketo admin area, our DKIM and SPF are verified, and there are clicks and opens in the email performance report. Maybe I'm misunderstanding what the 250ok tool is supposed to be telling me. Maybe the seed list doesn't match our actual audience closely enough. Maybe something really is wrong with our SPF.

How can I troubleshoot this?

0 Likes
2,828
Reply
3 REPLIES 3
Jim_Thao7
Level 9
Level 9
‎04-12-2018 07:26 AM
‎04-12-2018 07:26 AM

Re: SPF issues - Email Deliverability PowerPack

This is what I got from the 250ok support site.  I'd recommend starting with these.  Similarly, I'm sure you can contact their support team for further assistance.

It’s not uncommon for DKIM or SPF records to be partially invalid. This can stem from a number of issues:

  • occasionally, DNS glitches (receiver-side or sender-side) can lead to temporary authentication errors at specific ISPs
  • invalid DKIM key or SPF record
  • inadequate DKIM bit strength
  • DKIM hash mismatch, sometimes caused by a forwarded message
  • too many DNS lookups in SPF record
  • new sending IP is provisioned but not included in an updated SPF record

When any of these issues are the case, we make sure to point out the specific ISPs that are having issues so you can better diagnose the problem:

0 Likes
2,467
Reply
Alyssa_Meyer
Level 2
Level 2
‎06-21-2019 12:57 PM
‎06-21-2019 12:57 PM

Re: SPF issues - Email Deliverability PowerPack

I'm not familiar with the Email Deliverability PowerPack but try checking your SPF record on a website like this one: https://mxtoolbox.com/spf.aspx

It should tell you WHY your record is invalid. Our SPF record was recently invalid because it had too many DNS lookups (the max is 10). However, it has always said it was verified in Marketo. I think Marketo might just verify that it exists rather than verifying that it is valid. 

Even though our SPF record was invalid, we didn't notice any deliverability or engagement issues. But we still removed a lookup that we no longer needed because it was added when we were using a different emailing platform. Our record is back to valid now.  Hope this helps! 

2,468
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎06-21-2019 01:42 PM
‎06-21-2019 01:42 PM

Re: SPF issues - Email Deliverability PowerPack

I think Marketo might just verify that it exists rather than verifying that it is valid.

Absolutely right! And that's why it's really dangerous to include Marketo's SPF in your SPF when you don't need to. I've written extensively about these issues at https://blog.teknkl.com/tag/spf/.

Even though our SPF record was invalid, we didn't notice any deliverability or engagement issues.

If you aren't using a branded envelope sender in Marketo, SPF doesn't matter at all. 

But if you break your main corporate domain's SPF, it's non-Marketo emails that are affected (by not getting the positive weight of an SPF PASS, which to be fair isn't the same as an SPF FAIL). And it also allows malicious people to impersonate your corporate domain, in direct contradiction to the reason you'd have SPF in the first place.

2,468
Reply
Home