SPF relayed through an anti-spam service question

[Maknet Corp]

Can someone please shed some light on what this means?

I get the following error in the exim_mainlog:

2016-01-06 10:59:12 H=s30.spamh.com [66.135.37.10]:55726 I=[1.2.3.4]:25 X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=no F=<[email protected]> rejected RCPT <[email protected]>: SPF: 66.135.37.10 is not allowed to send mail from sender.com

I'm thinking this means that the SENDER has set a hard-fail for the SPF. And since e-mail is sent from a 3rd party anti-spam filtering service, Cpanel is saying, "spamh.com's IP address isn't on the list so i'm hard-failing".

Is this correct? In which case, if any of our clients use a 3rd party filtering service, doesn't this mean we have to either WHITELIST their IP address or disable SPF checking?

It's not very reasonable to tell every potential sender to "change your SPF to a soft-fail". Or am I missing something?

Thanks,


Lawrence

 

[cPanelMichael]

Hello

Typically the person in control of the SPF record will add the host or IP address of the relay server to ensure SPF compliance. You can disable SPF checking on your server if you want to allow email from senders who have not completed that step.

Thank you.

 

[Maknet Corp]

Hi Michael,

Thanks for the messages. After some more digging, I think adding spamh.com's IP addresses to the whitelist will fix the problem.

Your solution wouldn't be practical. @receiver is the one using the 3rd party anti-spam service.

So every time @sender1.com or @sender2.com sends an e-mail and it gets bounced, it is impractical for the RECEIVER to contact the SENDER and then tell them to update their SPF to include spamh.com's IP addresses (or A-records).

Hopefully this helps someone else. I'll post back if there's still issues or wouldn't mind any other suggestions. So far the 3 are:
1) Disable SPF checks on Cpanel
2) Add spamh's IP addresses to the whitelists
3) Tell the sender to update their SPF to include the spamh A-records.

Thanks.