Issue with SPF syntax
-
Hello,
I am having issues receiving emails from a supplier of ours. The error is in the SPF lookup:
Tue 2024-01-09 06:59:42: Performing SPF lookup (lanhaiceramics.com / 183.56.219.201)Tue 2024-01-09 06:59:43: * Policy: v=spf1 include:corp.21cn.com. -allTue 2024-01-09 06:59:43: * Evaluating include:corp.21cn.com.: performing lookupTue 2024-01-09 06:59:43: * Evaluating include:corp.21cn.com.: no match; no SPF record in DNSTue 2024-01-09 06:59:43: * Evaluating -all: matchTue 2024-01-09 06:59:43: * Result: failTue 2024-01-09 06:59:43: ** Reject 550 183.56.219.201 is not allowed to send mail as lanhaiceramics.comNow, I think the error stems from the dot behind com:Policy: v=spf1 include:corp.21cn.com. -allOne of the reasons why I believe so is because I did a syntax check:Passed with Warnings
The policy is syntactically valid, but there are warnings—it may not work as you would expect.
- WARNING
The domain name for the "include" mechanism ends with a dot. Trailing dots should not be used, because they introduce ambiguity. Evaluation results may depend on the SPF client implementation.
Might this be the issue and if so, is there a work-around or a bug that can be fixed?Thank you very much!Best regards,Johan
- WARNING
-
Arron Staff
Its a bug in SecurityGateway, the "." after the domain name is not being hanlded correctly. You can work around it by adding the sending IP to the allow list. We hope to have a fix available in a couple of days.
-
Hello Arron,
To be clear, that would be in patch 9.5.3 correct?
-
Arron Staff
We are intending to include the fix in SecurityGateway 9.5.3.