#1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2005
    Posts
    296
    Rep Power
    15

    SPF: Is adding ip4 127.0.0.1 a bad idea?


    Hi,

    I just wanted to clarify something in my mind (since I cannot find a decent example on the net) regarding SPF and the use of a localhost/127.0.0.1 address.

    Basically I have a problem where an SPF record has been created for a website pointing to the public IP address of the mail server and its associated A and MX records.

    However since this website runs from a PHP mailer function where the shared hosting is configured to point its SMTP to 127.0.0.1 the SPF record reports mail (which is valid) as spam since 127.0.0.1 appears on the mail headers but does not appear in the SPF record as a valid sender.

    Now my understanding is that it would be a very, very bad idea to add 127.0.0.1 as a valid sender in the SPF record because then anyone could send PHP mail to their own local 127.0.0.1 address and it would fool the SPF record into thinking it is valid.

    Could anyone clarify this for me?
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Location
    Florida
    Posts
    248
    Rep Power
    4
    Shouldn't really be an issue having it in there. When a receiving server checks for an SPF record, it looks only at the IP it received the message from. Not the IP's prior. This is why SmartHost or forwarding services can cause SPF woes. If you need to add it to get around a current config, theoretically it shouldn't cause an issue. However if other people have a similar set up where a message is accepted and then passed off to another server and shows it came from 127.0.0.1 by the time the SPF check happens, it would essentially be useless. But how likely/common would that be...? If you have no way to change your internal config and must add it, I don't think you'd have much fallout from it. Plus there aren't too many servers that even check SPF records unfortunately.

    Comments on this post

    • Cep agrees : Thanks for that answer CaptPikel

IMN logo majestic logo threadwatch logo seochat tools logo