I'm trying to setup a Sending Domain on Mandrill but I get a SPF missing error.
My APP is running on AWS, I'm using EC2 and Elastic Beanstalk, and my domain is on Namecheap.
DNS are setup as follow:
CNAME Record @ 'my-instance-id'.elasticbeanstalk.com.
TXT Record @ v=spf1 include:spf.mandrillapp.com ?all
TXT Record @ v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB;
URL Redirect Record www https://myapp.com Permanent (301)
This morning I was able to verify SPF address, and I started to have SPF missing error after updating my DNS with the CNAME entry (actually I just moved my app to AWS).
Any idea on how I can fix this? Thank you!
EDIT
The answer from Mandrill support:
Thanks for writing in. It looks like your "myapp.com" domain is a CNAME to "myapp.eu-central-1.elasticbeanstalk.com". This can make things tricky because in DNS you can't have two records (a TXT-type, and a CNAME-type) with the same name. As a result, you won't be able to set up SPF for "myapp.com". Furthermore, with the way CNAMEs redirect, theoretically it would be possible to set up SPF records at the final destination where those redirects lead to, but unfortunately, Mandrill's SPF and DKIM validator is overly-specific and as such isn't able to verify DNS records for domains that CNAMEs to another domain. Given these limitations, the only real option is to change your "myapp.com" from a CNAME to an A record pointing directly at the IP address at the end of that CNAME chain. You should then be able to set up SPF for this domain.
Actually I'm not sure I've such IP available to point at.. didyou solve similar issue? Thank you
