8

Today I heard that a customer can't send email to us. He received the following error:

< #5.5.0 smtp;550 [ipaddress] is not allowed to send mail from [domain name]. Please see http://www.openspf.net/Why?scope=mfrom;identity=name@domainname.com;ip=xxx.xx.xxx.xxx> #SMTP#

How is that possible? I searched the Internet for a possible solution, but I'm not sure what it is. When I go to openspf.net it seems like the records from the sender are wrong, but why is it that email to our company is blocked and email to other companies don't get blocked?

Is it possible that our domain is blocking the email with our spam filter? Or has it nothing to do with our own domain and does the sender have wrong records?

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Jordy
  • 255
  • 1
  • 3
  • 8
  • 1
    The problem is on his end, more than yours. The spf record for his domain is wrong. You could set things to be more permissive about bad spf records, but it's really on the sender's smtp service to have this right. – Joel Coel Sep 03 '15 at 18:09
  • 1
    Thank you very much! In that case, could you please explain to me why it is that email from him to our company is blocked and emails from him to other companies don't get blocked? – Jordy Sep 03 '15 at 18:10
  • 4
    Other companies are more permissive about bad spf records. However, bad spf records are also a very strong indicator that messages are spam. Your customer is probably losing a LOT more e-mail than he realizes. Even if it's not outright rejected elsewhere, I'd be surprised if the majority of what he sends isn't quietly shuffled to spam folders. – Joel Coel Sep 03 '15 at 18:13

1 Answers1

13

If it's being blocked due to an SPF record, then ideally they need to correct their SPF records to include their sending MX hosts.

The reason it will be blocked by your mail servers and not others is purely down the configuration of mail servers or relays in your organisation to honor SPF records of the sender. Other organisations chose not to honor SPF.

If I'm ever in the same position as you, I would normally temporarily whitelist the sender (if that's possible on your mail server/mail relay/spam filters) so it avoids the SPF check if required, and encourage them to change their SPF records.

Alex
  • 146
  • 1
  • 2
  • I call/email the 3rd party, letting them know that a server is sending out fraudulent email from their domain, that's usually gets their attention enough to fix the problem. 99% of the time they're Office365 users that didn't read the entire Technet article. http://www.jacobdevans.com/why-your-email-system-is-broken-after-switching-to-office365/ – Jacob Evans Sep 09 '15 at 21:40