I'm observing mail sent though Sonic's SMTP serving failing SPF checks. This could lead to mail being dropped or marked as spam by the destination.
Example headers for a message from a @sonic.net address to a @live.com address:
157.131.0.51 is indeed not permitted:
Should this SPF record be updated to match the current set IPs used for SMTP?
Example headers for a message from a @sonic.net address to a @live.com address:
Code: Select all
Authentication-Results: spf=softfail (sender IP is 157.131.0.51)
smtp.mailfrom=sonic.net; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=sonic.net;compauth=pass
reason=105
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
sonic.net discourages use of 157.131.0.51 as permitted sender)
Received: from b.mail-forward.sonic.net (157.131.0.51) by
VI1EUR06FT059.mail.protection.outlook.com (10.13.6.222) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.5395.14 via Frontend Transport; Tue, 5 Jul 2022 18:12:27 +0000
Code: Select all
$ dig +short -t txt sonic.net
"v=spf1 include:mail.sonic.net ~all"
$ dig +short -t txt mail.sonic.net
"v=spf1 ip4:64.142.105.165 ip4:64.142.111.80 ip4:64.142.111.50 ip4:69.12.208.71 ip4:69.12.221.231 ip4:157.131.224.64/26 ip4:184.23.168.64/28 ip6:2001:5a8:601:4000::0/64 -all"