Is this SPF Permerror incorrect?
Problem reported by Etienne Wilderink - July 4 at 12:59 AM
Submitted
Hello,

Yesterday we received a mail that was marked as SPF PermError.
After investigating, in my opinion the SPF record is correct. Can someone please take a look at it and tell me if I (or SmarterMail) is wrong?

IP of the sender: XX.XXX.54.179

[2019.07.03] 	SPF Record: v=spf1 include:_spf.XXX.com include:amazonses.com include:spf.XXX.com include:spflive.XXX.com ip4:XX.XXX.54.176/29 mx ~all
23:40:50.020 [29666] Finished SPF check; result = PermError
IP XX.XXX.54.179 is in the ip4:XX.XXX.54.176/29 subnet so I guess it should be valid instead of returning an PermError?
(I thoroughly checked the first 5 digits before replacing them with X)

According to mxtoolbox.com the full SPF record is valid.

Running SmarterMail build 7082

3 Replies

Reply to Thread
0
Ishan Talathi Replied
SPF PERMERROR is a major issue with Smartermail. Smartermail is unable to parse long SPF records or multi level SPF records. Due to this, valid emails are going to spam. 

Placing the sender in Trusted User also doesn't help with SPF showing failed. 

We have a ticket open for over a month with no resolution in sight. 
0
Kyle Kerst Replied
Employee Post
Hello Etienne, this appears to have failed due to the length of the SPF record. The SPF RFC standard states SPF records should be limited in length to prevent DNS timeouts during SPF lookups. The recommendation is to set SPF PERMERROR to 0 in your Settings>Antispam>Spam Checks to ensure users on these domains can deliver mail to your server if you deal with a lot of domains with nested SPF records like this one. 
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
Kyle Kerst Replied
Employee Post
Ishan, quick follow up for you on your comment. First, Trusted Senders are always subjected to SPF and RDNS checks to prevent spammers using your Trusted Senders list to spoof mail to your users. This cannot be disabled, and is an antispam functionality. 

On your SPF PERMERROR issue, I did review this with the assigned tech, and this SPF PERMERROR was not what caused the message to be delivered to spam. In your environment you have already correctly set the PERMERROR value to 0, so this was not included in the spam weight. Instead this user was sent to junk mail due to their email server being on several blacklists. 

The resolution is to reach out to the sending user's administrator to have them request delisting on the given blacklists.
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread