Showing results for 
Search instead for 
Did you mean: 

Email delivery failure - message rejected due to SPF policy

Level 1
1 of 4



Currently, I cannot send emails to the domain This behaviour started a couple of days ago and prior to that, it has been working happily for years.


When sending an email, I get the response:

Reporting-MTA: dns; []
Received-From-MTA: dns; xxxxxxxx [y.y.y.y]
Arrival-Date: Sat, 21 Nov 2020 11:45:06 +0100

Final-recipient: rfc822; *E-Mail placeholder*
Diagnostic-Code: smtp; 550 5.7.1 Message rejected due to SPF policy

Last-attempt-Date: Sat, 21 Nov 2020 11:46:12 +0100


Other recipients on the CC list receive the email without problem and when I send an email from my GMail account to the domain, it also arrives without problem so this looks like a Bluewin->Xtra issue only.


Any ideas as to how I can resolve this?


Thanks and regards,


3 Comments 3
Super User
2 of 4
On this page: Set up your Bluewin e-mail account on a PC or mobile phone. Problems sending or receiving e-mails? Repair the settings manually or automatically
On this page:Adjust the settings of your e-mail program if they do not yet comply with the current security standard

5 tips on resolving Bluewin e-mail issues

Issues with sending and receiving e-mails can be a major headache. Common stumbling stones include incorrect passwords, POP3 instead of IMAP and spam or phishing e-mails. The following 5 tips will help you avoid problems with your Bluewin e-mail account

Level 1
3 of 4

Thanks for the reply Black Mamba ... I had found most of these suggestions in my investigations and had tried them all, but it never hurts to double check.


So far, I have found only one domain that is causing me an issue and that is (and this only started in the last week or so) ... I used to be able to send to this domain and I can still send emails to any other address without problems. I know there is no problem with the target email account as if I send an email from my googlemail or hotmail account to an this address, then the email arrives successfully.


I believe that Bluewin uses Cleanmail to filter email and apply rules and I wondered if something had changed there that inhibited sending emails to this domain?


Level 4
4 of 4

Well, SPF (Sender Policy Framework) is a technology to allow a mail recipient (or receiving mail server) to validate if the mail is legit or might have been forged.


How it works:

  • Mail server for (which is receives a mail from a Swisscom mailserver ( in this case
  • The mail server checks in DNS if is legitimate to send e-mails for by checking the SPF record
    • In case of Bluewin the SPF record says: "v=spf1"
      Well this just means we need to check too
    • SPF record says: "v=spf1 ~all"
      Damn, still not the end of the road, we need to check _netblocks* then
    • Checking SPF record says: "v=spf1 ip4: ip4: ~all"

And there you have it, Swisscom will allow to send mails for from IP So this sounds legit actually.


So why is your mail still failing?

To be honest I am not fully sure. The Bluewin SPF entry seems to look alright. Although multiple includes make it hard to read and follow. One possibility is that the target mailserver at is broken and failed to resolve the SPF entry or it does not support includes and therefore cannot validate the entry.


There isn't much Bluewin could do about this if this is the case. Except perhaps changing the SPF record not to use includes, but this is perfectly according to standards and should be supported.


So I think we might look at a broken mailserver implementation or misconfiguration. Perhaps there is a support department at which could provide more information about why their mailserver is refusing a perfectly valid mail delivery attempt.


In general Mail is broken by design. Initially mail was designed for an internet where security does not matter. Everyone could simply chose the from and to fields in an e-mail to their liking. Unfortunately the internet is not the friendly playground as it used to be. Spam and abuse has forced mail providers to introduce filters, authentication, probability checks, spam analyzers etc. Nowadays it's more likely for a mail NOT to arrive than actually being delivered. Mail is broken by design and all the insane amount of energy put into keeping it alive is just wasted effort. Unfortunately it's simple and still widely used - despite the fact messengers taking a lot of load from mails towards instant messaging.

Back to top