We are currently using SPF authentication to filter SPAM for some select domains. Today we noticed that on one of our own domains mail was passing through the SPF validation Softfail content filter, and shows a verdict of None in the console.
v=spf1 a:mailout01.domain.com a:mailout02.domain.com a:mail03.domain.com a:mail04.domain.com include:coremotivesmarketing.com include:sendgrid.net include:cphcloud.biz ~all
From the header of one of the mails send using deadfake.com: Authentication-Results: auth.domain.com; spf=neutral when it comes from [23.249.225.236], which is NOT part of our SPF inclusions, so should trigger a softfail (because of the ~a)
I tried the same with GMail, and they get it right:
Received-SPF: permerror (google.com: permanent error in processing during lookup of user@domain.com) client-ip=23.249.225.236;
Authentication-Results: mx.google.com;
spf=permerror (google.com: permanent error in processing during lookup of user@domain.com) smtp.mail=user@domain.com
Has anybody seen this in their environment?
Thanks,
Karl