Re: [mailop] iphmx.com - who owns that server (SPF fault)

Wed, 18 Jun 2025 15:56:06 -0700 

Hello,
Question, what is the FROM: address?  @iphmx.com or a different sender which is using iphmx.com servers which shows on the EHLO/HELO or CONNECT commands? SPF records are TXT records  and should be only checked as TXT type only, as other type will give different results. What is the IP address shown on connect ? as SPF will check the connecting IP address against the SPF record of the domain listed on the FROM address of the message. 

### Manual SPF check

$ policyd-spf << EOF
helo_name=23.90.102.86.spf.hc2437-76.eu.iphmx.com
client_address=23.90.102.86
sender=spf.t...@iphmx.com

EOF


action=550 5.7.23 Message rejected due to: SPF fail - not authorized. 
Please see 
http://www.openspf.net/Why?s=mfrom;id=spf.t...@iphmx.com;ip=23.90.102.86;r=<UNKNOWN>


###

On 6/17/2025 4:10 AM, sebastian via mailop wrote:

Anyone that knows how to get in touch with the admins on iphmx.com?


Getting a lot of incoming SPF rejects on iphmx.com (mail destined for 
me, but rejected because sender SPF is faulty) - who owns that server?



The thing is that iphmx.com seems to be a MaaS infrastructure who 
tells clients to use exists: as SPF records.


Like: exists:%{i}.spf.hc2347-76.eu.ipmx.com

One example:

23.90.102.86.spf.hc2437-76.eu.iphmx.com


The problem is that these resolve to a private IP (172.0.0.2) which 
causes SPF failures due to DNS rebinding protection. Returning private 
IP adresses for external use is a big no-no.



Works well for DNSBLs because in those situations its easy to 
configure a exception for the DNSBL server. Not so easy to configure 
an exception for all SPFes.


Recommended DNS configuration change:
Have the A record return its own IP:

23.90.102.86.spf.hc2437-76.eu.iphmx.com IN A 23.90.102.86


Best regards, Sebastian Nielsen, owner of sebbe.eu

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


--
Sincerely,

Jose Morales-Velazquez
Postmaster @ Rackspace Email
https://www.rackspace.com

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop























					Reply via email to