3
Does SmarterMaill run SPF check on something more than return-path?
Question asked by William Leaver - 2/5/2021 at 4:28 PM
Unanswered
Consider these first two headers from an incoming email that failed SPF:

Return-Path: <bounces+15088242-88b7-[redacted]@front-mail.found.app>
Received: from o6.front-mail.frontapp.com (o6.front-mail.frontapp.com [168.245.4.42]) by mail.[redacted] with SMTP
    (version=TLS\Tls12
    cipher=Aes256 bits=256);
   Fri, 5 Feb 2021 15:15:45 -0600
Here's the header showing the SPF failure:

X-SmarterMail-Spam: Reverse DNS Lookup [Passed]: 0, Null Sender: 0, Message Sniffer [code:0]: 0, SPF [Fail]: 10, DK [None]: 0, DKIM [Pass]: 0, SpamHaus DBL [count:1]: 20
Here's the SPF record for front-mail.found.app:

v=spf1 include:sendgrid.net ~all

Here's the SPF record for sendgrid.net:

v=spf1 ip4:167.89.0.0/17 ip4:208.117.48.0/20 ip4:50.31.32.0/19 ip4:198.37.144.0/20 ip4:198.21.0.0/21 ip4:192.254.112.0/20 ip4:168.245.0.0/17 ip4:149.72.0.0/16 ~all

The sending IP of this email was 168.245.4.42, which is covered by ip4:168.245.0.0/17 from the sendgrid SPF record, so why did it fail SPF?

Is SmarterMail checking the FROM header as well, and wouldn't that be against the SPF spec?

5 Replies

Reply to Thread
0
Douglas Foster Replied
Your analysis seems correct, so you should open a support ticket.

0
Ron Raley Replied
The SPF spec indicates a record can have up to 10 DNS lookups.

I don't know how this is counted.  In this example, is SmarterMail performing 1 DNS lookup, or 8?
0
Sébastien Riccio Replied
Here it should count at most 2 lookups.
The lookup to get the domain SPF and the lookup of the sengrid include.

IIRC it counts a lookup everytime it needs to do a DNS lookup, so that is not needed on IP/ranges values.

Sébastien Riccio System & Network Admin https://swisscenter.com
0
Steve Norton Replied
'Antispam/Spam Checks/SPF' does have an option to 'Scan From header instead of Return Path'. This is against the spec and should not be used. Is it enabled in your case?
0
William Leaver Replied
Steve:

Yep I poked through the AntiSpam settings about a week ago and found that option was checked and causing the problem. Came back today to update in case anyone else ends up in the same nuckleheaded situation lol.
Secure Hosting • Business Email • Live Streaming

Reply to Thread