Our domain keeps having sender auth errors on incoming emails from the customercenter.net domain. I checked their records both manually and with some tools on openspf.org. The tools show the SPF as a pass. A manual query on their domain returns:
customercenter.net. 120 IN TXT "spf2.0/pra ip4: 204.95.150.32 ip4:12.16.164.60 -all"
customercenter.net. 120 IN TXT "v=spf1 a:inbd-pstfx-oh.customercenter.net a:inbd-pstfx.customerenter.net a:ns2.nubridges.com a:ns3.nubridges.com a:outbd-pstfx." "customercenter.net a:outbd2-pstfx.customercenter.net a:outbd-pstfx-oh.customercenter.net a:outbd3-pstfx.customercenter.net a:ma" "il1.checkfree.com a:mail2.checkfree.com ip4:129.41.69.116 ip4:208.85.49.25 -all"
The ip we are getting the email from has a reverse lookup of the record that is seperated by the quotes (outbd-pstfx.customercenter.net). Is this an issue with Brightmail's parsing of the SPF or is this a misconfig of their records? Since openspf.org gave it a pass I thought I'd post here before even trying to get someone at the source.
FYI, this is the mycheckfree.com service's outboud email domain which is used by many banks and companies for e-pay.
Thanks for any input anyone has.