You are probably visiting this page because a message was blocked by our inbound mail server software with an SPF error along the lines of


1.2.3.4 does not pass SPF checks for example.com


The message was blocked because of a misconfiguration in the sender's e-mail system. The example error above could be explained as; the sending server 1.2.3.4 was not allowed to send e-mail as @example.com according to example.com's SPF settings.


How you should deal with this depends on who you are;


  • If you are the sender of the original e-mail (example.com in the example above) you should contact your administrator (organization's IT department), because it's most likely your fault
  • If you were the intended recipient of the original e-mail or user of the anti-spam system that blocked it, you don't need to do anything at all; it's most likely not your fault


Long answer

SPF (Sender Policy Framework) is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses.


In other words, the sender (example.com in the example above) specifies in his domain's DNS server which IP addresses that the company uses for sending e-mail. If someone tries to send (spoof) an e-mail from an IP address not listed in the DNS (1.2.3.4 in the example above) the message should be rejected.


As a consequence, the owner of an anti-spam system that receives an e-mail that violates SPF shouldn't do anything to resolve this; it's the sender's responsibility.


You can check the IP Addresses / Servers that are permitted to send email for a domain by using http://www.kitterman.com/spf/validate.html


Resolution Path


If the sender (example.com) did not have ANY SPF records defined we would not be failing them. However they have taken the time to configure SPF and we will honor their configurations. Please contact the sender of the message and have them adjust their SPF records to include the failing IP address.