I'm seeing neutral/softfail errors on our SPF info on remote email servers - how do I correct this?
I've read this ask mefi
post (the only one I could find on setting up SPF, but I'm still confused as to what I need.
I have 5 domains that use a single email server. The reverse lookup for the email server name point to our firewall address, which routes mail to the email server (on a DMZ and using NAT). This may not be the best way to do this but it's what I have available now. I am going to move the email server to a publicly accessible address in the future.
In any case, everything works fine but looking at headers on email received at remote servers sent from domains other than our main domain get "softfail" errors for SPF info (IP addresses and domain names changed):
Received-SPF softfail (google.com: domain of transitioning me@OurSecondDomain.com does not designate 188.8.131.52 as permitted sender) client-ip=184.108.40.206;
Authentication-Results mx.google.com; spf=softfail (google.com: domain of transitioning me@OurSecondDomain.com does not designate 220.127.116.11 as permitted sender) smtp.mail=me@OurSecondDomain.com
And a "Neutral" result:
Received-SPF neutral (google.com: 18.104.22.168 is neither permitted nor denied by domain of me@OurMainDomain.com) client-ip=22.214.171.124;
Authentication-Results mx.google.com; spf=neutral (google.com: 126.96.36.199 is neither permitted nor denied by domain of me@OurMainDomain.com) smtp.mail=me@OurMainDomain.com
Our DNS is set up at HostGator (ick):
mail.OurMainDomain.com. 600 IN A 188.8.131.52
ourmaindomain.com. 600 IN TXT v=spf1 +a +mx +ip4:184.108.40.206 ?all
OurSecondDomain.com.com. 600 IN TXT v=spf1 a mx include:websitewelcome.com ~all
(I don't understand the txt record above - they add it automatically.. I don't even know what "websitewelcome.com" and 220.127.116.11 are?)
Is the TXT record(s) what is causing the neutral/softfail errors? How do I set up a "good" SPF record?
*The real reason for this question is that email from users on OurSecondDomain.com sent to a _single_ domain (and no others that I have been informed of) apparently never reach recipients there. Test messages, real messages anything. Although the logs of the SMTP transactions on our server show the messages as queued on the remote end there, they (recipients at remote domain) say they never receive it...? Email from OurMainDomain.com does get there, so I am wondering if the SPF record has anything to do with it or am I just barking up the wrong tree..?