Amazonses.com SPF Record missing IP addresses?

0

Using Amazon SES service, we have noticed that email is coming from 69.169.238.144 and failing SPF check.

https://ipinfo.io/AS16509/69.169.238.0/23 indicates that this is an IP range belonging to Amazon.

Using reverse lookup tools or https://ipinfo.io/69.169.238.144 indicates that 69.169.238.144 belongs to b238-144.smtp-out.us-west-2.amazonses.com

So why is this IP range not included in the SPF include:amazonses.com if this is a valid smtp-out for us-west-2?

v=spf1 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:69.169.224.0/20 ip4:23.249.208.0/20 ip4:23.251.224.0/19 ip4:76.223.176.0/20 ip4:54.240.64.0/19 ip4:54.240.96.0/19 ip4:52.82.172.0/22 ip4:76.223.128.0/19 -all

asked 2 years ago835 views
1 Answer
0

Hi There

There are two ways to achieve DMARC validation: using Sender Policy Framework (SPF), and using DomainKeys Identified Mail (DKIM). The only way to comply with DMARC through SPF is to use a custom MAIL FROM domain, because SPF validation requires the domain in the From address to match the MAIL FROM domain. By using your own MAIL FROM domain, you have the flexibility to use SPF, DKIM, or both to achieve DMARC validation.

See https://docs.aws.amazon.com/ses/latest/dg/mail-from.html

profile pictureAWS
EXPERT
Matt-B
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions