How to fix "SPF fail - not authorized" or "DMARC Evaluation" errors
SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting and Conformance) are both extensions to Internet e-mail. Their purpose is to prevent unauthorized people from forging your e-mail address and pretending to be you.If email sent from your MIDAS room booking and resource scheduling system is returned (bounced back) to you with a delivery failure such as:
- "Message rejected due to SPF fail - not authorized"
- "DMARC Evaluation" error
- "Email rejected due to security policies"
Take for instance the following example Scenario:
- Your MIDAS system is running on domain "A".
- Your MIDAS system is configured to send emails to appear as though they are sent from an email address belonging to domain "B" (i.e. your own organization's domain)
- An email is sent from your MIDAS system to a recipient with an email address on domain C
This can be resolved in a number of ways, depending upon the level of administrative access you have to "domain B" (your own domain):
If you are the domain's administrator:
If you own/administer "domain B" (For example, you've configured your MIDAS to send email from "[email protected]" and you also administer the root "yourdomain.com" domain), then you can add domain A (where your MIDAS system resides) to domain B's (your organization's own domain) SPF record, so that domain A is authorized to send email on domain B's behalf.
If your MIDAS system is cloud-hosted by us (i.e. domain A), you can create/modify domain B's SPF record to simply include "include:_spf.midas.network
". For example, domain B's modified SPF record may then look like this:
v=spf1 +a +mx include:_spf.midas.network ~all
If your MIDAS system is hosted elsewhere, you can create/modify domain B's SPF record to include the IP address and/or the domain where your MIDAS system resides, for example:
v=spf1 ip4:x.x.x.x a:your_midas_domain ~all
SPF entries are TXT records within your domain's DNS. If you're not sure how to set/modify DNS records for your domain (i.e. domain B), you'll need to defer to your domain's administrator, registrar, or hosting provider who should be able to make the necessary adjustments to your DNS record.
Remember, a domain may only have a single SPF record. If your domain already has an existing SPF record, you'll need to modify this, rather than creating a second SPF record. Multiple SPF records for a single domain are invalid.
If you are not the domain's administrator:
If you don't own/administer "domain B" in the original scenario, then you have two options:
1) Configure your MIDAS email settings to send email directly via your domain's own SMTP servers. You can configure these settings via MIDAS Admin Options → Manage MIDAS → Email. Once correctly configured, all subsequent email sent from your MIDAS system will instead be relayed through your organization's own SMTP servers rather than be sent directly from the server where your MIDAS resides, or another SMTP server. This will mean that there won't be a mismatch between the "virtual" email address(s) you're sending from and actual mail server they're being sent from.
Alternatively;
2) Change the email address(s) from which outgoing emails are being purportedly sent from in your MIDAS system. For example, if you're attempting to send emails purportedly to be from "domainX", and "domainX" itself prohibits sending of email from @domainX addresses from non-domainX servers, change the email address in MIDAS to instead be for a domain which will allow sending of email from external servers.
← Return to the Knowledge Base