Spfhelo, spfmailfrom, spfnone, spfrcptto Channel Options

SPF DNS lookups
New in MS 6.3-0.15. The,  , and   channel options, when placed on a source  TCP/IP channel,  cause the MTA to attempt an SPF lookup at the corresponding stage of the SMTP dialogue. , the default, disables such SPF lookups.

With  set (so that SPF verification of the claimed EHLO/HELO domain is attempted), possible SMTP error results (rejections) are: 451 4.4.3 Temporary error in SPF verification of HELO domain 500 5.5.2 Permanent error in SPF verification of HELO domain 451 4.4.3 Permanent error in SPF verification of HELO domain 500 5.5.2 Permanent error in SPF verification of HELO domain 451 4.3.0 SPF verification failed 451 4.3.0 SPF verification failed: explanation 550 5.7.1 SPF verification failed 550 5.7.1 SPF verification failed: explanation The specific cases are as follows. The interpretation of the result of an SPF lookup is controlled by MTA options such as   and. While temporary SPF lookup errors are normally configured to be considered as temporary errors and permanent SPF lookup errors are normally configured to be considered as permanent errors, accomplished by setting  to 4 and   to 5 respectively, each such option can take any of the values 2 (ignore the error condition), 4 (treat it as temporary), or 5 (treat it as permanent). Thus, with a temporary error from the SPF lookup, then the setting of the  MTA option to 2, 4, or 5 controls, respectively, whether that SPF lookup problem is considered okay, or results in a temporary error such as (in this example, when   is set): 451 4.4.3 Temporary error in SPF verification of HELO domain or a permanent error such as (in this example, when  is set): 500 5.5.2 Temporary error in SPF verification of HELO domain Similarly, with a permanent error returned from the SPF lookup, the setting of the  MTA option to 2, 4, or 5 controls, respectively, whether the permanent error returned by the SPF lookup is ignored (considered to be an okay condition) or results in a temporary error such as (in this example,  when   is set): 451 4.4.3 Permanent error in SPF verification of HELO domain or a permanent error such as (in this example, when  is set): 500 5.5.2 Permanent error in SPF verification of HELO domain New in 8.0, an SPF HELO/EHLO check failure will result in a "J" record in the MTA message transaction log file, if message transaction  logging has been enabled.

New in 8.0, the error text is configurable via various  MTA options. Also, the SMTP error codes and extended codes have been adjusted to accord with.

With  set (so that SPF verification of the claimed MAIL FROM address is attempted), possible SMTP error results (rejections) are, in the case of temporary errors, and depending upon the setting of the   MTA option, either: 451 4.4.3 Temporary error in SPF verification of MAIL FROM domain or 550 5.5.2 Temporary error in SPF verification of MAIL FROM domain In the case of permanent errors, depending upon the setting of the  MTA option, either: 451 4.4.3 Permanent error in SPF verification of MAIL FROM domain or 550 5.5.2 Permanent error in SPF verification of MAIL FROM domain In the case of an SPF fail result (the lookup shows that such a MAIL FROM address is not authorized), depending upon the setting of the  and   MTA options, either 451 4.4.3 SPF verification failed or 550 5.7.1 SPF verification failed or when additional explanation is available, either 451 4.4.3 SPF verification failed: explanation or 550 5.7.1 SPF verification failed: explanation In the case of an SPF soft failure, depending upon the setting of the  and   MTA options, either: 451 4.4.3 SPF verification failed (soft) or 550 5.7.1 SPF verification failed (soft) With  set, so that the attempt to perform an SPF verification of the MAIL FROM address is delayed until the RCPT TO stage of processing, possible errors are: 450 4.5.1 temporary error in SPF verification of MAIL FROM domain (domain) 550 5.5.0 temporary error in SPF verification of MAIL FROM domain (domain) 450 4.5.1 permanent error in SPF verification of MAIL FROM domain(domain) 550 5.5.0 permanent error in SPF verification of MAIL FROM domain(domain) 450 4.5.1 SPF verification of MAIL FROM domain (domain) failed 450 4.5.1 SPF verification of MAIL FROM domain (domain) failed: spf-explanation 550 5.5.0 SPF verification of MAIL FROM domain (domain) failed 550 5.5.0 SPF verification of MAIL FROM domain (domain) failed: spf-explanation 450 4.5.1 SPF verification of MAIL FROM domain (domain) failed (soft) 550 5.5.0 SPF verification of MAIL FROM domain (domain) failed (soft) New in 8.0, the error text used at MAIL FROM stage and RCPT TO stage  is configurable via various    MTA options; note that these options had existed since MS 6.3,  but were not effective until 8.0. Also new in 8.0, the SMTP error codes and extended codes have been adjusted to accord with.

Note that when SPF lookups are configured and a message is allowed in (due to either passing the SPF lookup check, or due to a configuration that allows in even messages with certain sorts of SPF lookup failures, or failure responses from SPF), then the MTA will add a "Received-SPF:" header line: Received-SPF: spf-result (spf-explanation) Note that SPF is prone to causing problems for autoforwarding; (such problems are not with the MTA&#x27;s implementation, but rather are due to fundamental oversights in the original design of SPF). Use of SRS address encoding is one approach to work around SPF&#x27;s fundamental difficulties with autoforwarding.

See also:
 * SPF_LOCAL mapping table
 * SPF MTA options
 * TCPIP channels
 * TCPIP connections and DNS lookups channel options
 * error_text MTA options
 * SRS MTA options
 * Channel options