SPF relayed through an anti-spam service question

Can someone please shed some light on what this means?

I get the following error in the exim_mainlog:

2016-01-06 10:59:12 H=s30.spamh.com [66.135.37.10]:55726 I=[1.2.3.4]:25 X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=no F=<sender@sender.com> rejected RCPT <receiver@receiver.com>: SPF: 66.135.37.10 is not allowed to send mail from sender.com

I'm thinking this means that the SENDER has set a hard-fail for the SPF. And since e-mail is sent from a 3rd party anti-spam filtering service, Cpanel is saying, "spamh.com's IP address isn't on the list so i'm hard-failing".

Is this correct? In which case, if any of our clients use a 3rd party filtering service, doesn't this mean we have to either WHITELIST their IP address or disable SPF checking?

It's not very reasonable to tell every potential sender to "change your SPF to a soft-fail". Or am I missing something?

Thanks,


Lawrence

 

Hi Michael,

Thanks for the messages. After some more digging, I think adding spamh.com's IP addresses to the whitelist will fix the problem.

Your solution wouldn't be practical. @receiver is the one using the 3rd party anti-spam service.

So every time @sender1.com or @sender2.com sends an e-mail and it gets bounced, it is impractical for the RECEIVER to contact the SENDER and then tell them to update their SPF to include spamh.com's IP addresses (or A-records).

Hopefully this helps someone else. I'll post back if there's still issues or wouldn't mind any other suggestions. So far the 3 are:
1) Disable SPF checks on Cpanel
2) Add spamh's IP addresses to the whitelists
3) Tell the sender to update their SPF to include the spamh A-records.

Thanks.