Email header analysis reports SPF failed for localhost IP on mail sent from Plesk hosted mailbox: SPF Authentication : SPF Failed for IP - 127.0.0.1

Symptoms

• Analyzing an email header sent from plesk with MXToolbox or similar shown the following error on the report:

  PLESK_ERROR: SPF Authentication : SPF Failed for IP - 127.0.0.1

• The email was sent from Plesk using webmail.

• Full header does show the Plesk Server IP on the first Received: from line:

  CONFIG_TEXT: Received: from plesk-hostname.example.com(unknown [203.0.113.2])

• Same header reports a correct SPF result ofpass:

  CONFIG_TEXT: Authentication-Results server.hostname.plesk; spf=pass (sender IP is 127.0.0.1) smtp.mailfrom=jdoe@example.com smtp.helo=plesk-hostname.example.com
  Received-SPF pass (plesk-hostname.example.com: localhost is always allowed.) client-ip=127.0.0.1; envelope-from=jdoe@example.com; helo=plesk-hostname.example.com;

Cause

This is expected for emails sent from the webmail, 127.0.0.1 is added to the email headers. While sending email from email client will show the client IP instead. Additionally, if Plesk Email Security is installed, Amavis service may add the localhost when it scans the email passed from Postfix.

Resolution

The SPF result is pass so no actions are required. localhost IP failed message can be safely ignored.