Messed up SPF record of domain

Yesterday I called MTS Data Card support but their IVRS system was failing in giving me my balance details. Eventually I decided to email their support and glad to say support email was also easily available on their website.

Today I saw acknowledgement mail in spam. No big deal but I usually dig around genuine mails which go in spam to find exact cause. In this case I found mail was sent to me from and the server which relayed this mail was: with rDNS pointer -

From email headers only one can tell main failure in mail:Authentication-Results:; spf=softfail ( domain of transitioning does not designate as permitted sender) Thus clearly SPF failure.


Quick check on TXT record on root domain:

"v=spf1 a mx ~all" "v=spf1 ip4: ip4: ip4: ip4: ip4: ip4: ~all"

Here’s what’s wrong:

  1. Two v=spf1 in SPF isn’t really good. Very likely most of systems will hit for TXT record and will get any on random and eventually use it ignoring whitelisted IP’s in other completely.
  2. MTS missed to include the server which is placed on Tata Communications backbone in SPF record. Most of other IP’s mentioned in their SPF belong to Softlayer datacenter.

Hope someone from MTS will find this post and eventually work on fix! :)