Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
219
Views
0
Helpful
5
Replies

SPF: mailfrom identity sender@domain.tld None

jerryv
Level 1
Level 1

‎03-12-2025 05:38 AM

Hi, what could be reason for SPF mailfrom identity = None? There are multiple emails sent from same sender, using same sender email server etc. Some messages passed successfully (SPF aligned True), some are moved to quarantine (SPF aligned False).

The only difference I could find in message tracking reports and mail_logs.txt files is the mailfrom identity passes (Pass) or fails (None).

- SPF: mailfrom identity sender@domain.tld None 

- SPF: mailfrom identity sender@domain.tld Pass (v=spf1)

Any idea what is happening?

 

Labels:
0 Helpful
5 Replies 5

Ken Stieers
VIP
VIP

‎03-12-2025 06:31 AM

Are the mails hitting different ESAs that might be pointed at different DNS servers?

0 Helpful

jerryv
Level 1
Level 1
In response to Ken Stieers

‎03-12-2025 08:10 AM

There is indeed ESA cluster containing two ESA appliances. I have checked the DNS settings already - both appliances are using same DNS servers, same order/priority.

0 Helpful

Ken Stieers
VIP
VIP
In response to jerryv

‎03-12-2025 08:52 AM

Check the logs on the mail that's failing and see if its going through one ESA vs. the other. If its failing through only one of them, I'd clear the DNS cache on it (Networks/DNS/Clear DNS Cache button in the bottom left.
Then go to the CLI on that box and dig the domain in question and see if you get better results.

0 Helpful

Dustin Anderson
VIP Alumni
VIP Alumni

‎03-12-2025 06:37 AM

Realistically, probably a DNS issue. SPF is a DNS TXT record and if it can't look it up would be the none causing a failure if they are also using DMARC. You may want to look at what you use for DNS and see if it is timing out on lookups.

 

Ways to test.

Windows, pull up a CMD prompt and type nslookup.

it will default to your DNS server, if your gateway uses another, you switch with this command.

server=<ip or name>

now the command to check txt record

set type=txt

then do a lookup for the doamin.

domain.tld.

You must end with a period or it will append your domain onto it.

Try it multiple times to see if you get a timeout or not.

0 Helpful

jerryv
Level 1
Level 1
In response to Dustin Anderson

‎03-12-2025 08:19 AM

I have tried this multiple times on both appliances in cluster: no issues.

Maybe there was some network glitch, maybe provider's DNS (temporary) issue.

I'll keep monitoring this, thank you both for hints.

0 Helpful
Customers Also Viewed These Support Documents