SPF Error - ORF Forums

SPF Error RSS Back to forum

1

The following SPF Record caused IP adddres 17.158.233.229 to be blocked under SoftFail. Can anyone confirm the cause?

"v=spf1 ip4:17.0.0.0/8 ~all"

This is seems to be a regular issue for us so I really need to get to the bottom of the cause. The only thought I have is that when ORF first used SPF that I discovered the recommendation of adding a + before IP4. If that is the issue then unfortunately it has become the standard method and online tests confirm that is is correctly written; and we will face having to stop using the SPF record for SoftFail.

Any help on this would be greatly appreciated.

by Steven Richards 7 years ago
2

@Steven Richards: Are you sure it was the SPF test that blacklisted the email? I have checked the above record with ORF and it returned SPF Pass, because 17.0.0.0/8 covers 17.158.233.229. The lack of + sign does not change anything, because when the qualifier is missing, + is assumed (so ip4: is read by ORF as +ip4).

If the ORF logs confirm that it was the SPF test that caused the blacklisting, I recommend checking of the DNS servers specified for ORF cache a previous copy of the SPF record that has different data.

by Peter Karsai (ORF Team) 7 years ago
(in reply to this post)

3

@Peter Karsai (ORF Team): Thank you for your reply. I'm glad to hear that the SPF record itself isn't the cause however rather concerned as to the potential cause. Your reply on quering the DNS servers used by us for the SPF record was a sensible one and one I should have thought of without thinking. That said I have checked the DNS servers and the response from all DNS servers listed by ORF were queried with the same response. I will continue to scratch my head on this one.

Just to confirm here is the message off ORF (with starred entries for privacy/security reasons.

Version: 4.4 REGISTERED
Log Mode: Verbose
Server: ****
Source: SMTPSVC-1
Time: 05/03/2012 14:47:23
Class: Blacklist
Severity: Information
Actions: Reject
Filtering Point: Before Arrival
HELO/EHLO Domain: (not available)
Related IP Address: 17.158.233.229
Message ID: (not available)
Email Subject: (not available)
Sender: ****@me.com
Recipient(s):
* *******
Message:
Recipient blacklisted by the SPF test (sender forged per policy of "me.com", SPF result: SoftFail).

by Steven Richards 7 years ago
(in reply to this post)

4

@Steven Richards: this is interesting indeed... When you query the SPF policy of the domain "me.com" via nslookup using the same server ORF uses, what do you get? (cmd, nslookup, server=,set q=txt, me.com)

by Krisztian Fekete 7 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2