When the service provider deletes the SPF record: Why DNS alerts are essential
An accidentally deleted SPF entry, an unsuspecting email administrator, and weeks of undetected delivery problems—what sounds like a worst-case scenario actually happened. The case shows how 25Reports not only makes problems visible, but also enables them to be quickly resolved.
How it all began
A customer was operating their email infrastructure using a valid SPF record. When setting up their domain in 25Reports, an initial analysis revealed that the existing SPF record contained unexpected entries – presumably remnants from a previous service provider that would have gone unnoticed without systematic testing.
The email administrator wanted to clean up the record, but faced a common problem: he had no direct access to the DNS management of his domain – a widespread situation familiar to many email administrators. DNS sovereignty lies outside their sphere of influence, so they can only communicate change requests to a service provider.
The error and its consequences
The contracted service provider was supposed to adjust the SPF entry—but instead, he deleted it completely.
Since no alerts had been configured in 25Reports at that time, this serious error initially went unnoticed. It was only when the administrator evaluated the DMARC reports that he noticed that all senders were marked as “unauthorized” – including his own NoSpamProxy instances.
A look at the domain rating in 25Reports confirmed the suspicion: the SPF record no longer existed. In the days that followed, the SPF validation rate deteriorated continuously as more and more legitimate emails failed the SPF check.
A quick solution thanks to 25Reports
With the help of the history feature in 25Reports, the administrator was able to see at a glance exactly when the change had taken place. Even more valuable was the ability to view the previous SPF entry in its entirety. Instead of laboriously reconstructing the correct entry, the service provider was able to retrieve it directly from the history and restore it.
What would have taken hours or days of research without 25Reports was completed in just a few minutes.
Why you should set up alerts
After this incident, the customer immediately set up alerts in 25Reports that automatically notify them of any changes to SPF, DKIM, or DMARC records. This feature would have quickly revealed the error, eliminating the need to wait days to respond—by which time the impact had already manifested in deteriorating delivery rates.
Monitor and optimize DNS entries with 25Reports
25Reports offers exactly the tools that email administrators need in such situations. Continuous monitoring detects problems before they escalate. The history feature enables quick corrections without the need for time-consuming reconstruction. And the alerts ensure that unexpected changes no longer go unnoticed. Particularly helpful: each domain receives a live rating (A to F) with detailed suggestions for improvement for optimal email authentication. This gives you immediately actionable tips for improving your domain security.
If you already use 25Reports, we recommend setting up alerts for DNS changes now. The configuration takes only a few minutes and can save you days of troubleshooting and the associated delivery problems.
Not yet using 25Reports?
25Reports makes DMARC easy. The solution takes care of all your DMARC monitoring needs—automated, graphically presented, and of course GDPR-compliant. Try 25Reports now for 30 days free of charge!
