Menu

Topic-icon Issue: notification email rejection due to envelope sender addresses and spf

  • azurelinksc
  • azurelinksc's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
5 months 1 week ago - 5 months 1 week ago #6544 by azurelinksc
Hello Jose!

I'm not sure if this is bug but Securitycheck Pro's various firewall warning messages are being rejected by a newly implemented spam filter on my domain's email host (Siteground). This is happening on the majority of clients sites which I manage, in which I have SCP installed. The Web Firewall Email Notifications "From (email)" parameter is set to my company email address — which is not the same as the domain of the various sites. Apparently, when the message is sent out, SCP is using the "From" address as the Envelope Sender Address in the email header, and since it doesn't match the domain of the sending site's SPF record, it is being rejected.

Here is the reason as noted on a page linked to at openspf.org provided in the bounce message notice sent to me from my spam filter -- addresses modified for anonymity:

"An SPF-enabled mail server rejected a message that claimed an envelope sender address of This email address is being protected from spambots. You need JavaScript enabled to view it..

An SPF-enabled mail server received a message from clientserver.net (000.000.000.000) that claimed an envelope sender address of This email address is being protected from spambots. You need JavaScript enabled to view it..

However, the domain mycompany.com has declared using SPF that it does not send mail through clientserver.net (000.000.000.000) . That is why the message was rejected."

Have you heard of this happening from other SCP users?

Openspf.org goes on to offer the following solution:

"Here's what you can do: Contact the mycompany.com postmaster and tell them that they need to change mycompany.com's SPF record so that it authorizes clientserver.net. For example, they could change the record to something like:

v=spf1 a mx ip4:00.00.000.000 include:_spf.sitegroundspamfilter.com a:clientserver.net -all "

It used to send out fine using This email address is being protected from spambots. You need JavaScript enabled to view it. as the From address.
Last edit: 5 months 1 week ago by azurelinksc. Reason: typos

Please Log in or Create an account to join the conversation.

More
5 months 1 week ago #6545 by Jose
Hi azurelinksc!

I will explain my own case: I have a DKIM and SPF policies set. As my hosting provider also uses a spam protection, I had to add it to the DKIM policy because all the emails were rejected.

So ask your hosting provider (or do it yourself) to include the domain(s) as openspf.org says:

Openspf.org goes on to offer the following solution:

"Here's what you can do: Contact the mycompany.com postmaster and tell them that they need to change mycompany.com's SPF record so that it authorizes clientserver.net. For example, they could change the record to something like:

v=spf1 a mx ip4:00.00.000.000 include:_spf.sitegroundspamfilter.com a:clientserver.net -all "


Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.054 seconds
Powered by Kunena Forum

Login or Sign In