Why is the message blocked due to SPF?
If an email has been rejected due to SPF (sender policy framework) this is because the sender is sending from a location that is not in the SPF record of the sending domain. An SPF record outlines the host names and IP addresses that the sender can send from. Eg:
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14458
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;smxemail.com. IN TXT
;; ANSWER SECTION:
smxemail.com. 7200 IN TXT "v=spf1 include:spf.nz.smxemail.com -all"
If the SPF record is set to hard fail (-all at the end of the record) and the email is coming from a location which is not in the SPF record then the SMX platform will reject the message with a bounce-back to senders mail server.
Kitterman is a good website where you can check the current SPF record for a domain and also check a proposed SPF record you plan to add or update for a domain.
If an email is rejected due to SPF it is best for the senders IT support update the SPF record or send from a location already in the SPF record rather than adding a whitelist in the SMX email admin portal. Whitelisting can cause security risks and is only designed to be a temporary solution.