Overview
This article will address the issue where emails are being blocked by the Sender Policy Framework (SPF) anti-spam filter even though the correct SPF entry exists for the sender's domain.
Solution
The first step is to determine what the SPF record of the sender's domain is. This can be achieved by running the following command in a Command Prompt:
nslookup -type=text <domain>
This command will produce a result similar to the following:
outlook.com text = "v=spf1 include:spf-a.outlook.com include:spf-b.outlook.com ip4:157.55.9.128/25 include:spf.protection.outlook.com include:spf-a.hotmail.com include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
Make a note of this result.
The second step is to determine why Sender Policy Framework blocked the message. By following the steps in the "Case 2: Email was blocked by the module" section of the linked article, you will obtain the sender's actual IP address, from the ..\GFI\MailEssentials\AntiSpam\DebugLogs\ase_spf.txt
logfile. Look for a block similar to the one below, and make a note of the IP address:
"info ","ase_spf","Received-SPF: fail (: domain of gfitest.com does not designate 72.9.101.247 as permitted sender) client-ip=72.9.101.247; envelope-from=gfitest@gfitest.com; helo=;"
"info ","ase_spf","SPF tested. [Performing action]"
"info ","ase_spf","Setting actions data ..."
"info ","ase_spf","Informing ASE of spam [2]..."
Don't follow the note in the mentioned section of the linked article as that particular action is replaced by the steps below:
If the sender's SPF record does not contain the actual IP address obtained earlier, you have the following options:
- If this IP is one of your perimeter servers, please modify the Perimeter Server configuration so the IP is no longer blocked by future SPF checks
-
If the sender is trusted, add the IP or the email address to the list of exclusions:
- Open the MailEssentials Configuration UI and navigate to Anti-Spam > Anti-Spam Filters > Sender Policy Framework
- Add the IP to the IP Exceptions tab or the email address to the Email Exception tab
- Apply the changes
Testing
After applying the steps above, emails should no longer be blocked by the SPF filter.
If the issue still persists, please generate the troubleshooting logs as follows:
- Make sure that you have tracing enabled.
- Wait for at least 30 minutes to gather enough information and for the issue to be reproduced.
- Run the troubleshooter:
- Start > Programs > GFI MailEssentials > Troubleshooter
- Follow the Log Generation Wizard for collecting the required and pertinent information.
- Select New Case when completing the log generation to attach the logs to a new case that will be automatically created, or open a support ticket manually and attach the logs to that ticket, so that the Support team can investigate the problem.