Consider these first two headers from an incoming email that failed SPF:
Return-Path: <bounces+15088242-88b7-[redacted]@front-mail.found.app>
Received: from o6.front-mail.frontapp.com (o6.front-mail.frontapp.com [168.245.4.42]) by mail.[redacted] with SMTP
(version=TLS\Tls12
cipher=Aes256 bits=256);
Fri, 5 Feb 2021 15:15:45 -0600
Here's the header showing the SPF failure:
X-SmarterMail-Spam: Reverse DNS Lookup [Passed]: 0, Null Sender: 0, Message Sniffer [code:0]: 0, SPF [Fail]: 10, DK [None]: 0, DKIM [Pass]: 0, SpamHaus DBL [count:1]: 20
Here's the SPF record for front-mail.found.app:
v=spf1 include:sendgrid.net ~all
Here's the SPF record for sendgrid.net:
v=spf1 ip4:167.89.0.0/17 ip4:208.117.48.0/20 ip4:50.31.32.0/19 ip4:198.37.144.0/20 ip4:198.21.0.0/21 ip4:192.254.112.0/20 ip4:168.245.0.0/17 ip4:149.72.0.0/16 ~all
The sending IP of this email was 168.245.4.42, which is covered by ip4:168.245.0.0/17 from the sendgrid SPF record, so why did it fail SPF?
Is SmarterMail checking the FROM header as well, and wouldn't that be against the SPF spec?