SPF softfail for forwarded emails to Gmail account

domain-name-systemspf

I've been able to make SPF pass on all the sent emails from my Postfix server. But for forwarded domains which simply redirect email to my gmail id I see softfail in the SPF.

For example if I send email from a hotmail account to contactus@workingwoman.org then it is forwarded to test email id ragraggupta8899@gmail.com.

I've added SPF header "spf1 a mx -all" for my hostname(host.tariffplans.com) as well for all domains. The A record of all domains/subdomains is correctly pointing to my server IP : 23.239.30.81

But in the forwarded email header .. Google shows it as softfail. What could be the problem?:

Delivered-To: rag.raggupta8899@gmail.com
Received: by 10.114.96.70 with SMTP id dq6csp51447ldb;
        Sat, 19 Jul 2014 23:05:03 -0700 (PDT)
X-Received: by 10.182.65.66 with SMTP id v2mr22896624obs.74.1405836302184;
        Sat, 19 Jul 2014 23:05:02 -0700 (PDT)
Return-Path: 
Received: from host.tariffplans.com (tariffplans.com. [23.239.30.81])
        by mx.google.com with ESMTPS id js4si25593503obc.98.2014.07.19.23.05.01
        for 
        (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Sat, 19 Jul 2014 23:05:02 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning bhasker@hotmail.com does not designate 23.239.30.81 as permitted sender) client-ip=23.239.30.81;
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning bhasker@hotmail.com does not designate 23.239.30.81 as permitted sender) smtp.mail=bhasker@hotmail.com
Received: from BLU004-OMC4S20.hotmail.com (blu004-omc4s20.hotmail.com [65.55.111.159])
    (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits))
    (No client certificate requested)
    by host.tariffplans.com (Postfix) with ESMTPS id 668E01E1619
    for ; Sun, 20 Jul 2014 11:35:01 +0530 (IST)
Received: from BLU181-W79 ([65.55.111.136]) by BLU004-OMC4S20.hotmail.com with Microsoft SMTPSVC(7.5.7601.22712);
     Sat, 19 Jul 2014 23:05:01 -0700
X-TMN: [mcaEHqstvkaYJBg7Y5zPleq+hEPF4BC7]
X-Originating-Email: [bhasker@hotmail.com]
Message-ID: 
Content-Type: multipart/alternative;
    boundary="_dfcd1b0c-5d39-4204-a29c-16fb51556946_"
From: Bhasker Yamsani 
To: "contactus@workingwoman.org" 
Subject: testing
Date: Sun, 20 Jul 2014 02:05:00 -0400
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 20 Jul 2014 06:05:01.0018 (UTC) FILETIME=[8A96E3A0:01CFA3E0]

Best Answer

Your server host.tariffplansindia.com is receiving a mail from outside, in this case bhasker1@hotmail.com. The receiver on your host is contactus@indianworkingwoman.org. Now your server relays that mail (without changing the envelope From-address) to gmail. The gmail server now gets a mail from your server host.tariffplansindia.com with envelope-From bhasker1@hotmail.com. Now the SPF-Record of hotmail.com forbids all senders except its own, and you can't do anything about that. SPF breaks this kind of mail-forwarding, that's a known issue, but it's also solved by Sender Rewriting Scheme (SRS) from Open SPF.

Using SRS, the relaying mailserver can rewrite the envelope-From so that it comes from a domain you control the SPF record for (host.tariffplansindia.com). Unfortunately, setting up SRS on a mailserver requires - in most cases - compiling and installing software by hand, there is only a very limited variety of available implementations and also an existing question of how to perform SRS on postfix.

Related Topic