Email Routing Beta - and SPF failures being relayed

Why does relay email which SPF fails rather than reject?

I have a very strict DMARC and SPF policy on, but does not appear to implement DMARC/SPF enforcement on inbound emails.

My SPF and DMARC records are:

It would be better if checked for SPF/DMARC policy compliance when accepting email rather than blindly relaying, which appears to be the case here (with a clear SPF failure of an obviously spoofed inbound email).

An example email SPF failing which I’d expect to be rejected by below.

Received: from [] (
by (unknown) id ilzm7QUIAGNK
for [email protected]; Mon, 13 Dec 2021 23:55:15 +0000
Received-SPF: fail ( domain of [email protected] does not designate as permitted sender)
helo="[]"; envelope-from="[email protected]";
Authentication-Results:; spf=fail;
Message-ID: [email protected]
Date: Mon, 13 Dec 2021 06:55:10 -0900
From: [email protected]
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20110617 Thunderbird/3.1.11
MIME-Version: 1.0
To: [email protected]
Subject: Do You Do Any of These Embarrassing Things?

Thanks for the report @timodonoghue. We are are planning to reject failing SPF and DKIM. I’m currently working on it and it should ship over the next week.


best ever update… thx @sven2 :bowing_man:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.