Friday, April 13, 2012, 11:59
Solution ID: 00000092
What is Sender Policy Framework (SPF)? How does it work? How can I prevent SPF issues?
550-5.1.1 SPF Block: YOUR DNS says [192.168.1.13] can't send mail(ID:l15I924U002784))
This sort of reject message occurs when a sender is blocked because of an SPF failure. Sender Policy Framework (SPF) is a great method for verifying the authenticity of e-mail. E-mail is very prone to spammers spoofing other peoples e-mail addresses. When an e-mail is crafted, you can say you are anyone you wish! Spammers take advantage of this to give themselves more credibility and deflect bounce messages to other people.
The best way to block this sort of thing is using Sender Policy Framework (SPF). SPF is implemented as a DNS entry for your domain. It specifies what hosts are valid for sending mail for your domain. Any other host should be considered a hoax.
Many e-mail hosts and even anti-spam filters are not checking SPF records, so there will always be a number of false messages being delivered; but this is the best method available to us at this time.
Some domains are having problems with their SPF records. We've seen instances where domains are not fully specifying all the machines that send e-mail for that domain.
If you are receiving these errors chances are the computer you sent the message from is not registered in the SPF record for your domain.
This sometimes happens when people send e-mail from their "Home Computer" using their "Work E-mail Address". The e-mail address you used is fine; but the "Work" domain doesn't accept your ISP's IP number (Bell, Sympatico, Rogers, Telus, etc.) as a valid relay host for their domain. If this is the case, make sure you configure your "Home Computer" to use an appropriate e-mail address. If you want people to reply to your "Work E-mail Address", then use this as the "Reply-To" in your e-mail setup.
E-mail may also get blocked when using e-mail relay sites, such as Yahoo Groups. This occurs when the relay site forwards your e-mail using your original e-mail address as the sender address. If your SPF record does not record the relay site as a valid source of e-mail for your domain, your messages will likely be blocked. This situation is best fixed at the recipient site. Add whitelist entries for relay-sites you want to accept mail from.
In general: These issues lie with the sender and their domain administrators; but life is not always that simple. If this is presenting problems you can do the following:
You can get more information on crafting an SPF Record by going to http://www.openspf.org. This site contains information on what SPF is and tools to validate or help deploy your SPF record.
Tags: sender policy framework, spf, reject, block
Link to this article: kb/spf_block_errors
Updated: Friday, April 13, 2012, 11:59
-- David Rutherford