Christian writes:
> 550-5.7.26 The MAIL FROM domain [lists.ccalternatives.org] has an SPF record
This says it's parsing your mail session and using the MAIL FROM.
> 550-5.7.26 with a hard fail policy (-all) but it fails to pass SPF checks with > 550-5.7.26 the ip: [192.46.218.224].
At least Google is seeing the mail arrive from the expected IP address.
To best protect our users from spam and > 550-5.7.26 phishing, the message has been blocked.
> Could the hard fail policy be implicated in the gmail rejection?
It certainly could. However I would expect the DSN to say "because of the hard fail specification we are rejecting your email" in that case. This looks like a Gmail policy to me.
> Other than readdressing my server, is there anything else I can do?
I don't think readdressing is going to help unless you're referring to the PTR issue mentioned below.
I see the same SPF record you have described before: lists.ccalternatives.org descriptive text "v=spf1 a mx ip4=192.46.218.224 -all" so I'm not sure what is going on with Odhiambo's lookup. However, there is an error (the '=' after ipv4 should be ':'), and it has some other problems:
- the 'mx' mechanism is a no-op because lists.ccalternatives.org has no MX record.
- the PTR for 192.46.218.224 points to mail.ccalternatives.org, not to lists.ccalternatives.org. Neither should cause an SPF check to fail but they make the check more expensive.
I would simplify your TXT record to "v=spf1 ip4:192.46.218.224 -all" because the 'a' mechanism isn't working and the 'mx' mechanism is a no-op. That's really all you need.
Steve