SpamAssassin Rule: SPF_HELO_FAIL

Standard description: SPF: HELO does not match SPF record (fail)


SPF (Sender Policy Framework) is an open standard specifying a technical method to prevent sender address forgery. The domain in the HELO command is matched against a list of allowed mail relays for that domain. This states, for example, that mail from should have come via and not

In a normal mail client, the HELO command uses the internet name of the computer sending the mail, so that someone might use their computer to send mail through's mail relay, which has an SPF record indicating that that's allowed.


A "Fail" result is an explicit statement that the client is not authorized to use the domain in the given identity. The checking software can choose to mark the mail based on this or to reject the mail outright.

If the checking software chooses to reject the mail during the SMTP transaction, then it SHOULD use an SMTP reply code of 550 (see RFC 2821) and, if supported, the 5.7.1 Delivery Status Notification (DSN) code (see RFC 3464), in addition to an appropriate reply text. The check_host() function may return either a default explanation string or one from the domain that published the SPF records (see Section 6.2). If the information does not originate with the checking software, it should be made clear that the text is provided by the sender's domain. For example:

From RFC 4408

Further Info

The default scores for this rule can be found in the online list of tests.