Why this IP may send in the name of the domain? - ORF Forums

Why this IP may send in the name of the domain? RSS Back to forum

1

Hi,

My SPF:

v=spf1 ip4:187.50.45.16/29 ip4:186.225.123.80/29 include:spf.protection.outlook.com -all

When I test this IP: 200.174.18.225 the result is:

200.174.18.225 may send in the name of the domain.

Why?

Thanks,

by Murilo 5 years ago
2

@Murilo: I tested this IP and policy in our tester and the result is SPF Unknown (now called PermError in the SPF RFC), which means that it is impossible to tell whether the policy allows this IP to send emails in the name of the domain. In ORF, this causes the SPF test to be skipped.

The PermError is caused by the include mechanism (include:spf.protection.outlook.com). The SPF policy of Microsoft/Outlook has the following:

ptr:o365filtering.com

As the IP 200.174.18.225 has no PTR record, the SPF evaluation results in Unknown/PermError.

By the way, even the SPF RFC states that the ptr mechanism should not be used, ever:

http://tools.ietf.org/html/rfc7208#section-5.5

"This mechanism is slow, it is not as reliable as other
mechanisms in cases of DNS errors, and it places a large burden on
the .arpa name servers. If used, proper PTR records have to be in
place for the domain's hosts and the "ptr" mechanism SHOULD be one of
the last mechanisms checked. After many years of SPF deployment
experience, it has been concluded that it is unnecessary and more
reliable alternatives should be used instead. It is, however, still
in use as part of the SPF protocol, so compliant check_host()
implementations MUST support it."

by Krisztián Fekete (Vamsoft) 5 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2