Yesterday I called MTS Data Card support but their IVRS system was failing in giving me my balance details. Eventually I decided to email their support and glad to say support email was also easily available on their website.

Today I saw acknowledgement mail in spam. No big deal but I usually dig around genuine mails which go in spam to find exact cause. In this case I found mail was sent to me from  customercare.del@mtsindia.in and the server which relayed this mail was:

121.242.69.80 with rDNS pointer - mtsndmx1.mtsindia.in.

From email headers only one can tell main failure in mail:Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning customercare.del@mtsindia.in does not designate 121.242.69.80 as permitted sender) smtp.mail=customercare.del@mtsindia.in  Thus clearly SPF failure. How?

Quick check on TXT record on root domain:

“v=spf1 a mx include:elabs5.com ~all” “v=spf1 ip4:208.43.252.104 ip4:208.43.252.105 ip4:208.43.252.106 ip4:208.43.252.107 ip4:173.192.233.178/28 ip4:173.193.227.227/27 ~all”

Here’s what’s wrong:

1. Two v=spf1 in SPF isn’t really good. Very likely most of systems will hit for TXT record and will get any on random and eventually use it ignoring whitelisted IP’s in other completely.
2. MTS missed to include 121.242.69.80 the server which is placed on Tata Communications backbone in SPF record. Most of other IP’s mentioned in their SPF belong to Softlayer datacenter.