Shopify's SPF DNS information is wrong!

Travis_Truax
New Member
2 0 0

We have been trying to get someone at Shopify to recognize that their SPF info isn't completely right and haven't been able to get to a support person that understands SPF so far.

Someone at Shopify please look at:

http://www.openspf.org/FAQ/Common_mistakes#helo

Your smtp servers have hostnames like, smtp-relay.ash.shopify.com and smtp-relay.chi2.shopify.com, etc. Your SPF record includes smtp.shopify.com, which does include the actual IP addresses that those smtp hosts hit the outside world with, such as 23.227.37.240, however it does not include the IP addresses that those hosts resolve to via DNS - 172.24.16.170, 172.24.8.35, etc.

So your SPF info correctly contains the IPs that the email is sent from, but since your smtp servers say HELO with a specific hostname smtp-relay.ash.shopify.com and NOT smtp.shopify.com, your SPF record does not contain all of the IPs necessary to authenticate the message.

Either the Shopify DNS info is wrong and should not be resolving to those IPs, or the SPF is wrong and should include all of the IPs that the smtp server hostnames resolve to.

We are currently working around the omitted HELO hostnames by adding an extra a:smtp-relay.chi2.shopify.com mechanism to our SPF record (along with the normal include: that Shopify provides) for each Shopify smtp server that we know the name of, but Shopify needs to fix this. This is a fragile setup that will break every time our email goes out a Shopify smtp server that we didn't know about (and had no way of knowing about, ahead of time).

Please fix.

Thanks,

    Travis- 

 

0 Likes
Brandon4
New Member
1 0 0

I'm having the same problem. Here's the bounced email:

This is the mail system at host smtp-relay.chi2.shopify.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

...

554 This server requires you to send from an IP address specified by the SPF

0 Likes
Peter_Kay
Shopify Partner
1 0 0

We have the same problem. Why not create an spf record to handle all of shopify.com, e.g. [yourdomain.com.  IN TXT "v=spf1 mx a include:shopify.com ?all"]

0 Likes
Laser_Beams
New Member
5 0 0

Hi Peter,

   That's the normal way it would be setup- and why there's a problem.

   The "include" mechanism just adds the SPF record(s) for their domain, which are where the problem lies.

   The only reason we're adding the "a" mechanism additions for their actual smtp server host addresses is because they don't have this stuff listed in their own SPF. There might be better ways to work around it though. If you think of something, please share.

0 Likes
Gerald2
New Member
4 0 0

I'm also having a hell of a time getting this SPF TXT record to work and would really appreciate some Shopify support to step in and advise besides the standard response. The stated format (v=spf1 include:shopify.com) does not work. Talked to my hosting support and they say it needs to be in this format...

v=spf1 +mx +a ip4:xxx.xx.xx.xxx [my server's IP address] include:shops.shopify.com ~all

That doesn't work either. So email doesn't work and I'm at a stand-still and can't open my store. Could we get a little help here? Thanks

0 Likes
Gerald2
New Member
4 0 0

I'm also having a hell of a time getting this SPF TXT record to work and would really appreciate some Shopify support to step in and advise besides the standard response. The stated format (v=spf1 include:shopify.com) does not work. Talked to my hosting support and they say it needs to be in this format...

v=spf1 +mx +a ip4:xxx.xx.xx.xxx [my server's IP address] include:shops.shopify.com ~all

That doesn't work either. So email doesn't work and I'm at a stand-still and can't open my store. Could we get a little help here? Thanks

0 Likes
Gerald2
New Member
4 0 0

I'm also having a serious problem with this SPF TXT Record on my custom domain, and Shopify's support "Gurus" have no clue what to suggest except get a G-Suite or Zoho mailbox. I have my own web hosting as a Reseller and have unlimited mailboxes, and I'm NOT going to use a Gmail address to send emails to my customers. Seriously? 

My host (Site5) says I need to adjust the TXT Record to: 

v=spf1 include:shops.shopify.com +mx +a ip4:xxx.xxx.17.243 ~all 

...where that IP is mine. I have my MX Record Email Routing set to Local Mail Exchanger. Email works To and From email addresses from my various domains, but does not work when sending from a Gmail address to my help@chargerpacksonline.com mailbox, which is what most of my customers will be doing when contacting my Support. It DOES work however when sending TO a Gmail address, just not FROM. ???

My tech support ran some diagnostics and finds that Google says that Shopify's 23.27.38.32 IP is unresponsive: "Non-existant domain". So it's not resolving for email. The IP is resolving however, for my A Records that successfully resolves and points to my Shopify site at http://chargerpacksonline.com.

> chargerpacksonline.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: chargerpacksonline.com
Address: 23.227.38.32

> 23.227.38.32
Server: google-public-dns-a.google.com
Address: 8.8.8.8

*** google-public-dns-a.google.com can't find 23.227.38.32: Non-existent domain

 

I'm getting Google email notifications saying the email couldn't be delivered for the following reason and will keep trying for 48 hrs...

Final-Recipient: rfc822; help@chargerpacksonline.com
Action: delayed
Status: 4.4.1
Diagnostic-Code: smtp; The recipient server did not accept our requests to connect. 
 [chargerpacksonline.com. 23.227.38.32: timed out]
 


This is how my DNS is currently setup:

chargerpacksonline.com.    3600    A    23.227.38.32
ftp.chargerpacksonline.com.    3600    A    xxx.xxx.17.243
mail.chargerpacksonline.com.    3600    A    xxx.xxx.17.243
*.chargerpacksonline.com.    3600    A    23.227.38.32
www.chargerpacksonline.com.    14400    CNAME    shops.myshopify.com.
chargerpacksonline.com.    3600    TXT    v=spf1 include:shops.shopify.com +mx +a ip4:xxx.xxx.17.243 ~all    

I don't get it. Does anyone have any suggestions besides using a G-Suite or Zoho(?) mailbox? I can't open my store without this working for support questions. Thanks ahead of time.

0 Likes