SPF Check Fail & White List Not Working.

T

TWonline

New Member
Sep 24, 2025
4
0
1
Hello,

I can't seem to get a whitelist for a domain or IP to work to bypass a failed SPF check;

"Recipient address rejected: Rejected by SPF: 216.71.131.45 is not a designated mailserver for prvs%3D35448e35b%3Dunn0sender%40app.rbc.com (context mfrom, on smtp01.mydomain.com); from=<prvs=35448e35b=unn0sender@app.rbc.com> to=<user@mydomain.com> proto=ESMTP helo=<esa.hc490-56.ca.iphmx.com>"

Yes, I agree the server should be in the SPF list but big bad RBC says otherwise. Yes, I've tripled checked the emails are the legitimate ones that they are sending and we are trying to receive. I've added the domain and IP for whitelisting but it still doesn't seem to work.

Please help,
Thanks.
 
Thank you,

Could that whitelist work by host name too? - esa.hc490-56.ca.iphmx.com? I'm not so big on bypassing SPF checks for a major Bank whom spammers are always trying to impersonate. Could there be other options?
 
I not 100% sure but You can easy to check MX record of iphmx.com and IP adress of smtp servers and added to Configuration -> Mail Proxy -> Whitelist -> Add -> IP Address (Sender).

But better way is to contact them and suggest to adjust DNS records.
 
Thanks ijurisic,

Yes, the bank says that my firewall is misconfigured and I should reboot my router.

Is it possible that I'm reading my SPF checks wrong and that this is an issue with PMG? We are talking about the 5th largest bank in North America.

"Recipient address rejected: Rejected by SPF: 216.71.131.45 is not a designated mailserver for prvs%3D35448e35b%3Dunn0sender%40app.rbc.com (context mfrom, on smtp01.mydomain.com); from=<prvs=35448e35b=unn0sender@app.rbc.com> to=<user@mydomain.com> proto=ESMTP helo=<esa.hc490-56.ca.iphmx.com>"
 
TWonline said:
Thanks ijurisic,

Yes, the bank says that my firewall is misconfigured and I should reboot my router.

Is it possible that I'm reading my SPF checks wrong and that this is an issue with PMG? We are talking about the 5th largest bank in North America.

"Recipient address rejected: Rejected by SPF: 216.71.131.45 is not a designated mailserver for prvs%3D35448e35b%3Dunn0sender%40app.rbc.com (context mfrom, on smtp01.mydomain.com); from=<prvs=35448e35b=unn0sender@app.rbc.com> to=<user@mydomain.com> proto=ESMTP helo=<esa.hc490-56.ca.iphmx.com>"
Click to expand...
You can check SPF record and You got right message, IP 216.71.131.45 is not included on SPF record.

Code: 
app.rbc.com.            300     IN      TXT     "v=spf1 mx exists:%{i}.spf.hc391-17.ca.iphmx.com exists:%{i}.spf.hc490-56.ca.iphmx.com ip4:142.245.29.128/27 ip4:142.245.61.128/27 -all"

A records:
142.245.29.129 - 142.245.29.158
142.245.61.129 - 142.245.61.158

MX records:
216.71.135.143
216.71.131.69
216.71.131.69
216.71.135.143

This is not problem of Your firewall, they send mail from IP (216.71.131.45) and that IP is not in allowed network or mx records by their DNS SPF record.
 
Thanks!

Yeah, what I was uncertain about is "exists:%{i}.spf.hc490-56.ca.iphmx.com". So where the sending server host name is esa.hc490-56.ca.iphmx.com, it would pass if it was named esa.spf.hc490-56.ca.iphmx.com
 
You must log in or register to reply here.
Top Bottom