SPF check fails - domain of user@domain used an invalid SPF mechanism


  • Hello,

    I have the following problem - when trying to check SPF it looks that Exchange attempts to resolve an IP of user that sent an email, not an IP of mailserver that has been used.

    X-Host-Lookup-Failed: Reverse DNS lookup failed for LocalIPOfUser (failed)

    Received-SPF: PermError (ouredgeserver.domain.local: domain of remoteuser@remotedomain.cz an invalid SPF mechanism)

    Received-SPF: pass

    X-SPF-Guess: softfail

    Received-SPF: softfail

    Return-Path: remoteuser@remotedomain.cz

    X-MS-Exchange-Organization-PRD: remotedomain.cz

    Clance-SPF-filter: 1

    X-MS-Exchange-Organization-PCL: 2

    X-MS-Exchange-Organization-Antispam-Report: DV:3.3.8917.498;SV:3.3.8918.464;SID:SenderIDStatus


    X-MS-Exchange-Organization-SCL: 0

    X-MS-Exchange-Organization-SenderIdResult: PERMERROR

    When I have asked customer to send an email to my own domain, it passed SPF correctly. Also SPF record of customer's domain is configured correctly.
    Does anyone has any idea how to troubleshoot this issue?

    We're using Exchange 2007 SP1
    Thanks in advance


    Thursday, May 20, 2010 1:56 PM

All replies

  • Hello,


    Please contact ISP and create SPF record for your domain --


    =>Link to create the SPF record –


    Sender ID Framework SPF Record Wizard



    Sender Policy Framework


    After creating the SPF record for your domain issue will be fixed.

    MicroSoft Exchange Admin. & Connector EXCHANGE2010, MCSE, MCTS, MCSA MESSAGING, CCNA & GNIIT
    • Proposed as answer by PKT_ Thursday, May 20, 2010 4:30 PM
    • Unproposed as answer by MStoppl Thursday, May 20, 2010 7:18 PM
    Thursday, May 20, 2010 4:30 PM
  • Hello, I am sorry, but SPF for both my and remote domain has been created and is working correctly. This does not solves my problem. As mentioned (and as you can see), Exchange tries to resolve customer's end user IP (which is local intranet adress) to verify it with SPF record of customer's domain. Instead of it it should try to resolve used mailserver IP to verify it with SPF record of customer's domain. Am I right?

    Thursday, May 20, 2010 6:56 PM