keybase.io sending emails via Amazon from IP explicitly disallowed by SPF

[FirefighterBlu3]

This is an email abuse report for an email message received from:
  Source IP: 54.240.8.60
  Timestamp: Tue, 22 Mar 2016 14:43:28 +0000

For more information about this format please see http://www.mipassoc.org/arf/.

Reasons why this email was rejected. Duplicate lines indicate multiple infractions such as multiple recipient attempts:

    1: SPF designates your IP as a not-permitted source

Subject: @xxxx on twitter (your friend) just signed their account
From: "Keybase.io" <notify@keybase.io>
Date: 2016-03-22 14:42
To: david@blue-labs.org

And keybase.io explicitly disallows anything not listed here:

[david@Scott ~]$ dig +noall +answer -t txt keybase.io|grep -i spf
keybase.io.     104 IN  TXT "v=spf1 mx include:_spf.google.com +a:mail1.keybase.io +a:mail2.keybase.io -all"

[david@Scott ~]$ dig +noall +answer -t a mail1.keybase.io
mail1.keybase.io.   300 IN  A   54.84.192.51

[david@Scott ~]$ dig +noall +answer -t a mail2.keybase.io
mail2.keybase.io.   60  IN  A   54.83.22.53

The source IP 54.240.8.60 is not in the approved sources list and -all is specified.

[maxtaco]

thanks so much for catching this. I just updated that SPF record to:

"v=spf1 mx include:_spf.google.com include:amazonses.com +a:mail1.keybase.io +a:mail2.keybase.io -all"

do you think that would fix this issue? Many thanks!!!

[FirefighterBlu3]

no prob :) i don't recommend a global include of amazonses.com because a whole lot of spam and phishing comes through there. i recommend you explicitly list the IPs/hostnames of your mail servers instead.

[jtokoph]

I don't think you can specify specific IPs if you're using Amazon SES. Doing that include of amazonses.com is the best you can do apart from discontinuing use of SES.