I’ve added infusionmail.com to my spf txt record, but keep getting dmarc warnings for IPs that resolve to subdomains for infusionmail.com. So far they’ve been in the 208.76.24.* range, but in documentation https://classic-infusionsoft.knowledgeowl.com/help/configure-your-spf-records the actual IP range isn’t listed.
Is this documented somewhere?
Here is the article: Keap Email IP Range | Max Classic
Here is the direct link to the lookup: Network Tools: DNS,IP,Email
Thanks, exactly what we needed!
We keep getting DMARC notices with SPF failures from various postmasters for individual Infusionsoft IP addresses that fall within the ranges set in our spf record.
For instance the source_ip 18.104.22.168 will fail even though it falls within 22.214.171.124/24 noted in the spf record. I’ve verified our spf record multiple times. Any gotchas when providing ip ranges in an SPF record?
Here is our SPF record:
v=spf1 ip4:126.96.36.199/24 ip4:188.8.131.52 ip4:184.108.40.206/24 ip4:220.127.116.11/29 ip4:18.104.22.168/28 ip4:22.214.171.124 ip4:126.96.36.199 ip4:188.8.131.52 ip4:184.108.40.206/22 ip4:220.127.116.11 ip4:18.104.22.168 ip4:22.214.171.124/24 ~all
Any ideas on why specific IPs would fail SPF that are within your IP range?
Hey, @Ian_F_Hood. I talked to Support they said not to list the IPs in the spf record and to just use: v=spf1 mx include:infusionmail.com ~all
Here is the technical explanation from one of Sys Admins:
they don’t need to add our IPs to SPF anyway
we use our own domain as the envelope sender
so SPF gets checked against infusionmail.com
which, as it happens, lists all of the IP ranges we send from
also they already had our ranges added with these two
which I see are in the record you pasted
@martinc we originally were using ’ mx include:infusionmail.com ~all’ and were getting failures for individual ips in your range. This is why I tried listing all the IP ranges.
@martinc we originally were using ’ mx include:infusionmail.com ~all ’ and were getting failures for individual ips in your range. This is why I tried listing all the IP ranges. If I switch back to the record recommended by the sys admins, how can we go about reporting ips that fail SPF?
Hi, @Ian_F_Hood. You can post them here or private message me or @David_Carriger, the Sys Admin. We would need the spf record you were using at the time and a mail header that shows a failure for a particular IP.
Thanks, I will make the changes. Appreciate the help!