Whitelisting WordPress System emails

  • Hello,

    I have a spam filter in place and I use SPF hard fails on my email validation and I recently had WordPress password emails that were caught in quarantine for potentional spoofing. They were sent from wordpress@My_actual_domain_here.com and they failed the SPF check because they are not coming from my email server IP Address. When I looked at the IP from where the WordPress password reset came from I got several different IPs that WordPress uses to send the password Resets. My question is there a block of IPs that I can add to my SPF record that will prevent these emails from failing the SPF check?

    So far I found that the password resets come from at least 3 different IP:
    23.253.183.221
    23.253.183.219
    23.253.183.214

    Running an IP address lookup I can confirm these are WP IPs running a RackSpace Hosted email server. Any Help is greatly appreciated. Thanks

Viewing 8 replies - 1 through 8 (of 8 total)
  • Moderator Yui

    (@fierevere)

    永子

    SPF records are DNS records, WordPress has nothing to do about them.
    You can use this helper tool to construct SPF record for your domain:
    https://www.spfwizard.net/

    then edit your DNS zone (somewhere in your hosting control panel or even at domain registrar) and use whatever you have generated.

    Be aware that changes are not immediately taking effect, you will need to wait some time (usually 1 day is typical, but really its as long as your DNS zone TTL)

    Thread Starter edtrude

    (@edtrude)

    I know that SPF records are DNS records. what I am asking about is WHO sends the password reset emails. Its not me, our my email server. WordPress uses an email farm that sends out password reset emails and I need to figure out what range of IP WP is using. My domain registrar/My Public IP is NOT where these emails are coming from.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    The IP address would be the address of your web server.

    Thread Starter edtrude

    (@edtrude)

    @sterndata So you are saying when you install WordPress it also installs an email server on the WordPress Platform? From processing the email header information that I received from the password reset email It looks to me like WordPress uses an email Relay to send these emails. That is why when I received 3 different password reset emails they all came from 3 different IP Address which are used by WordPress.

    https://whatismyipaddress.com/ip/23.253.183.221
    https://whatismyipaddress.com/ip/23.253.183.214
    https://whatismyipaddress.com/ip/23.253.183.219

    Look at the hostname listed for these IP Addresses: Hostname: mail-183-221.wpengine.com
    That is a WordPress Email server.
    Looks like all IPs from 23.253.183.209-225 are all mail-183-X.wpengine.com (Hostname) IPs.

    Test this yourself. Request a WordPress password reset email and observe the email header and IP address from where the email came from. I quarantee it will be from the same IP address or another block of IPs that WordPress uses

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    No, I’m not saying that at all. I’m saying that when WP sends a reset mail, it comes from the IP of your web server *unless* you’re using an SMTP plugin. Which makes me think an SMTP plugin might be the best bet for you as that will run all outgoing email from the server through a well-known email system.

    It looks like YOUR site is set up already to use a mail server via the mailgun service.

    Moderator Yui

    (@fierevere)

    永子

    WordPress uses an email farm that sends out

    If you have SMTP plugin, WordPress delivers mail to SMTP server specified in its settings.
    If you dont have SMTP plugins, WordPress just sends message to PHP mail() function, which uses php.ini settings and usually sends message to system MTA,

    In both cases message route can be different, as MTA can use various settings,source IPs, backup relays.
    Source IP shouldnt necessarily match your server IP, it can differ if your host will decide to make a “distributed” system.

    For more info contact your webhost.

    Thread Starter edtrude

    (@edtrude)

    Interesting. I will have to reach out to the web developer and see what SMTP settings are defined right now. Thank you for the direction

    Moderator Yui

    (@fierevere)

    永子

    You can just check your installed plugins.
    Its possible to redefine WordPress’s PHPMailer rules via filters (i.e. in wp-config.php or functions.php), but i havent seen anyone been doing it in real.
    But many people use plugins to reroute mail, WordPress’s own settings are very crude.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Whitelisting WordPress System emails’ is closed to new replies.