Its not uncommon. Many have that problem with firewalls automatically doing that. Here is another: https://support.forcepoint.com/s/article/000017196
" Title What is the "exists" method in an SPF record? Summary SPF "exists" method queries fail in Forcpeoint Email Security Cloud if the DNS query result contains a private IP address." So please, refrain from using unrouteable adresses when publishing DNS records meant for the "exists:" mechanism, even if they are technically valid for such a mechanism. -----Ursprungligt meddelande----- Från: Bill Cole via mailop <[email protected]> Skickat: den 17 juni 2025 20:28 Till: Sebastian Nielsen via mailop <[email protected]> Ämne: Re: [mailop] iphmx.com - who owns that server (SPF fault) On 2025-06-17 at 14:01:49 UTC-0400 (Tue, 17 Jun 2025 20:01:49 +0200) Sebastian Nielsen via mailop <[email protected]> is rumored to have said: > The problem is as follows: > > SPF client does a request for 23.90.102.86.spf.hc2437-76.eu.iphmx.com > Server at iphmx.com responds with 127.0.0.2 > Firewall between SPF client and server, drops the response packet with "UDP > WAN DROP: DNS Rebinding protection" Your firewall is misconfigured. Dropping any DNS response packets that refer to a loopback is a recipe for breakage, particularly if you run a mail server behind that. -- Bill Cole _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
