Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
alya
Staff
Staff

Created on ‎01-12-2025 11:58 PM Edited on ‎01-12-2025 11:58 PM By Staff

Article Id 369682

Troubleshooting Tip: How to troubleshoot the ‘SPF=PERM-ERROR the SPF record is invalid’ error

Description

This article describes how to troubleshoot the 'SPF=PERM-ERROR the SPF record is invalid' error.
Scope FortiMail.
Solution
  1. The FortiMail detected the below error in the email cross-search log:
  • Classifier: SPF check.
  • SPF=PERM-ERROR: (envelope from: userA@example.com) the SPF record for example.com is invalid.

 

  1. Check current DNS settings in FortiMail, and navigate under System -> Network -> DNS tab.
  2. Query the TXT record from the configured DNS server:

 

exec nslookup name example.com type txt

 

Verify if the result is the same as the TXT record configured in the domain DNS.

 

Example output as below :

 nslookup.png

 

  1. If the output is not the same as configured in the DNS, try to change to a private DNS server or any other DNS server to verify the result.

 

To specify a particular server, add the server option to the nslookup command.

exec nslookup name example.com type txt server [x.x.x.x]

Verify the correct format for the SPF or if is there any typo error in the above output.

 

  1. If all output is correct, perform another email test to verify the result.
466
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.