SPF false positive…?

[snan]

Someone emailed me, saying

Also, your message failed SPF for domain "idiomdrottning.org" and was routed to my spam folder, not my inbox. (As well as being hit with a 326 second greylist delay.)

Actually that's odd. Manually checking SPF, it should pass.

Received: from halsen.idiomdrottning.org (halsen.idiomdrottning.org [74.207.231.133]) Yeah. IP of 74.207.231.133. SPF authorized IP address... 74.207.231.133 via MX dereference. I honestly don't know. I guess opendmarc just doesn't like your domain since everything else works just fine.

I don't understand this stuff very well. Is there something wrong?

[TeknikalDomain]

(That person was me)

I see a few other issues here that reference some diagreeements between OpenDMARC and other SPF check scripts (like policyd-spf), where this thinks an SPF should fail, and something else says it should pass.

The only thing I see that's different about this email exchange is the use of UTF-8 SMTP, but I highly doubt that should actually cause an issue.

Also, technically this is a false negative. If someone wants the details:

SPF record for idiomdrottning.org: "v=spf1 mx a ~all;" MXes for idiomdrottning.org: halsen.idiomdrottning.org Addresses in question:

• halsen.idiomdrottning.org: 74.207.231.133
• idiomdrottning.org: 74.207.231.133

[snan]

MTA: Postfix
MUA: Delta Chat

[snan]

It could be some IPv6 related issue, too…?

[TeknikalDomain]

Not even possible. My network literally doesn't have IPv6 support (blame my ISP)

[TeknikalDomain]

Note: is that trailing semicolon valid SPF?

[TeknikalDomain]

Confirmed, it was not.

Not an OpenDMARC bug, bad SPF record. Though a lack of warning about malformed SPF makes that hard to debug.

[snan]

The issue was indeed the trailing semicolon. Fixed on my end. If you guys wanna Postel that or not is up to you (I'd say yeah, but I don't really care that much).

(Edit: Also, apologies for wasting your time with this.)