SPF Passes when it should fail - Proof Inside.
Problem reported by Henry Timmes - September 8, 2015 at 5:05 PM
Submitted
Below is an email I received - Notice how SmarterMail Stamps it SPF_PASS
 
The SPF record is located here https://www.unlocktheinbox.com/dnslookup/spf/kmee.com.br/ as seen below.
 
v=spf1 ptr ip4: ip4:107.170.8.74 ip4:104.236.72.63 ip:167.114.145.180 a:mailgun.org include:_spf.google.com include:mailgun.org include:us-west-2.amazonses.com -all
There's a few issues: 
 
1) "ip4:" by itself is incorrect
2) ip:167.114.145.180 is also incorrect 
 
Now this person fixed #2 already - when brought to their attention, their spf now reads.  
v=spf1 ptr ip4: ip4:107.170.8.74 ip4:104.236.72.63 ip4:167.114.145.180 a:mailgun.org include:_spf.google.com include:mailgun.org include:us-west-2.amazonses.com -all
But they didn't fix #1 yet. 
 
Scott Kitterman SPF tester (He drafted the standard ) results are seen below. http://www.kitterman.com/spf/validate.html
 
SPF record lookup and validation for: kmee.com.br

SPF records are published in DNS as TXT records.

The TXT records found for your domain are:
v=spf1 ptr ip4: ip4:107.170.8.74 ip4:104.236.72.63 ip4:167.114.145.180 a:mailgun.org include:_spf.google.com include:mailgun.org include:us-west-2.amazonses.com -all 

Checking to see if there is a valid SPF record. 

Found v=spf1 record for kmee.com.br: 
v=spf1 ptr ip4: ip4:107.170.8.74 ip4:104.236.72.63 ip4:167.114.145.180 a:mailgun.org include:_spf.google.com include:mailgun.org include:us-west-2.amazonses.com -all 

evaluating...
Results - PermError SPF Permanent Error: Invalid IP4 address: ip4:
Here's is the email SmarterMail Stamped as SPF_PASS.
 
Return-Path: <0000014faec4da6c-ea9d5249-bf15-48d8-a491-1518c7892968-000000@us-west-2.amazonses.com>
Received: from a27-11.smtp-out.us-west-2.amazonses.com (a27-11.smtp-out.us-west-2.amazonses.com [54.240.27.11]) by mail.unlocktheinbox.com with SMTP
	(version=TLS\Tls
	cipher=Aes256 bits=256);
   Tue, 8 Sep 2015 17:03:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
	s=7v7vs6w47njt4pimodk5mmttbegzsi6n; d=amazonses.com; t=1441746180;
	h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:Feedback-ID;
	bh=eWFb4Ipxq0Bw6I9XUj0aPBsf5NO32WDNV1voQR+ORQ8=;
	b=N5aTY2pVoy31jnMlMVnKcojp3pc5lFvvtJG7WiSqjIdpaHi2bWWz9EJ3IMOwCC/L
	lM+aEmsLUnfCAMaSnB2Ev6nBSNtwtJL5TFAmcoJDdtpFysEcpOP7ZLiHz+E2FBZ/1Uf
	sz4vTEvZ7GozAfOL9mgT0CCFd8n3M8EUbhr7MHDs=
DKIM-Filter: OpenDKIM Filter v2.9.2 selor.kmee.com.br C578E12023D
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kmee.com.br;
	s=1C89F724-75E2-11E4-B0E0-7CB3C78BEDB1; t=1441746178;
	bh=eWFb4Ipxq0Bw6I9XUj0aPBsf5NO32WDNV1voQR+ORQ8=;
	h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type;
	b=U62FUfTwqMe+S5Bccq8CVgJyS6OQt1sSJitGck3u9VWSVAvbKa+c1sfZARl7lx58P
	 h3uCpXG+4rV0XE92D+8MHFGojcPmHB24jcAgwjZ9uGkURpdC5koECY/Ftn6+S6mNbm
	 D90aGECX2AGaiAvoV4fgMmD3KBGOV0DNvRD9mcdw=
Date: Tue, 8 Sep 2015 21:03:00 +0000
From: Ananias Filho <ananias@kmee.com.br>
To: mailtest@unlocktheinbox.com
Message-ID: <0000014faec4da6c-ea9d5249-bf15-48d8-a491-1518c7892968-000000@us-west-2.amazonses.com>
Subject: 
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_260_15590621.1441746178574"
X-Originating-IP: [172.16.247.80]
X-Mailer: Zimbra 8.6.0_GA_1178 (ZimbraWebClient - GC44 ([unknown])/8.6.0_GA_1178)
Thread-Topic: 
Thread-Index: Yh8d9qr8mkCq2MPqjO1Tt6OZ8FGY1A==
X-SES-Outgoing: 2015.09.08-54.240.27.11
Feedback-ID: 1.us-west-2.D6Hg/7g382e7oe87YaKQ4CL1FhuiT4Ds5bUHGZOkXkQ=:AmazonSES
X-SmarterMail-Spam: SpamAssassin -6 [raw: -3], SPF_Pass, DK_None, DKIM_Pass
 
www.unlocktheinbox.com

3 Replies

Reply to Thread
0
User Replied
Thanks, we will fix that.
0
Software Operations Replied
Invalid SPF syntax does not appear to be fixed yet (2016-11)
 
For example, the following SPF record reported an SPF pass:
  v=spf1 ip4:192.168.122.121 +a +mx + ~all
 
The www.kitterman.com/spf/validate.html validator reported:
Results - PermError SPF Permanent Error: Unknown mechanism found: +
 
Should an invalid SPF record be marked as PASS ?
0
Bruce Barnes Replied
Too many lookups. SPF is limited to a MAXIMUM of 10 lookups. Adding AMAZOB and MAILGUN blows it up and it will abort.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread