Why did SPF cause my mail to be blocked?

What is SPF?

SPF is an extension to Internet e-mail. It prevents phishing (Email that pretend to be from you).

This rejection:

An E-mail server blocked a message sent from email address exim-users@exim.org, from a server with IP-address 172.217.168.206 and with a Reverse-DNS/PTR/ServerName of ams16s32-in-f14.1e100.net.
NOTE! The SPF policy, DOES apply to also postmaster@ and abuse@ adresses. This means that any directly forged email (directly forged = meaning its ok to paste or
attach a forged email as part of a report, its just the MAIL FROM that will be checked) will be rejected. If you want to stay anonymous while reporting or talking to
abuse/postmaster, use an anonymous mail service, don't impersonate anyone! Its frowned upon to impersonate anyone, even if you do it on the grounds to stay anonymous.

Explanation:

The email service exim.org has declared using SPF that email sent from 172.217.168.206 should be considered phishing and be blocked.
If you are exim-users@exim.org:
exim.org should have given you a way to send mail through an authorized server.

If exim.org is a public email service:

If you are using a mail program as opposed to web-mail, you may need to update the "SMTP server" configuration setting according to exim.org's instructions.
You may also need to turn on authentication, and enter your username and password in your mail program's options. Please contact exim.org for assistance.
Note that you need to use port 587 or 465, and that your ISP MAY have blocked all outside email services as part of a network security policy.
If your ISP have blocked outgoing port 465 or 587, you need to switch to use the email adress that the ISP provided you, or buy one from your ISP which then may be provided for a low monthly fee.

If exim.org is a corporate email service only available to employees, or if exim.org belongs to an ISP:

It may also be that exim.org have restricted their authenticated or outgoing email server to only be reachable from a certain set of IP's, for example your local office IPs.
This means you may not be able to send email from exim-users@exim.org unless you are physically present in the office, use their webmail, or using a VPN/remote desktop solution, to reach inside.
If you are a employee of corporation exim.org, contact them to get assistance on how to set up VPN,
remote desktop access, access their webmail, or how to access/send email while roaming outside of office.
Same also applies if your ISP blocks all email services except their own - you may need to set up a VPN or remote desktop connection to your workplace. Or use their webmail.
This can also apply if exim.org is an ISP mail service, where the ISP have configured their firewall so mail servers only is reachable from inside the customer network.

Do you send from a own server, for example a self-hosted forum, chat service, or are sending from a NAS or similiar server device:

If you run your own server, you may have to set a "smarthost" or "relayhost" to mail through exim.org's outgoing SMTP server.

Did you send to a forwarded adress, or a "group" email adress like a mailing list:

If your mail was correctly sent, but was blocked because it passed through a forwarding service or mailing list --
This means the mailing list or forwarding service is MISCONFIGURED because its currently forging fraudulent outgoing emails while impersonating other person's names:
A forwarding service or mailing list, needs to rewrite the "MAIL FROM" adress to refer to the forwarding adress or mailing list address.
In some cases, when the identity aligment is set to strict, the forwarding service or mailing list also needs to rewrite the "From:"-header to refer to the forwarding adress or mailing list
address. Another way can be encapsulate the whole email in a new message/rfc822 container, where the outer headers refer to the forwarding service or mailing list, while the
inner headers belong to the original email sent.
In all cases, the "Reply-To:" header in the outer container, if not set, should be set to the original "From:" header value, to avoid breaking the "Reply" button in the final recipient's email client.

Mail was sent correctly:

If you are confident that your message did go through an authorized server:
The administrator of your email service exim.org may have incorrectly configured its SPF record. This is a common cause of mistakes.

Here's what you can do:
Contact the IT administrator of exim.org and tell them to include the server 172.217.168.206 (Name: ams16s32-in-f14.1e100.net) in the SPF record.
If the email was sent through a specific mailing service, that mailing service may have special SPF records that should be include:'d in the final SPF record.
Also pay attention to the maximum of 10 DNS lookups limitation.
If you refer your IT administrator to this web page, they should be able to solve the problem.

You didn't send this email:

SPF successfully blocked a forgery attempt:
Someone tried to send phishing pretending to be from exim-users@exim.org, from an server with IP-address 172.217.168.206 and name ams16s32-in-f14.1e100.net but the message was rejected as a phishing attempt.
This means SPF is working as designed.
If your email address exim-users@exim.org is a sensitive one - like from a bank, government or similiar sensitive or larger organisation, you should file a police report to your local police department,
and also report the forgery attempt to your internal security department, ideally by forwarding the adress to this web page, to that department, so the fraudster can be prosecuted.
All information required to track down the fraudster is included in this webpage.

Webpage created by: sebbe.eu email server. For more info, or if you have questions about this rejection, contact postmaster@sebbe.eu.
Please note that emails to the postmaster address is also scanned for forged emails, so you may need to send the email from
another email adress than exim-users@exim.org if you are unable to resolve the problem yourself.