diff --git a/cmd/telebit/telebit.go b/cmd/telebit/telebit.go
index 5a5c0ef..db28cb8 100644
--- a/cmd/telebit/telebit.go
+++ b/cmd/telebit/telebit.go
@@ -639,11 +639,23 @@ func tryToServeName(servername string, wconn *telebit.ConnWrap) bool {
 			return true
 		}
 
-		remoteAddr := addr.String()
-		if "127.0.0.1" != remoteAddr &&
-			"::1" != remoteAddr &&
-			"localhost" != remoteAddr {
-			ipAddr := net.ParseIP(remoteAddr)
+		// 192.168.1.100:2345
+		// [::fe12]:2345
+		remoteIP := addr.String()
+		index := strings.LastIndex(remoteIP, ":")
+		if index < 1 {
+			// TODO how to handle unexpected invalid address?
+			wconn.Close()
+			return true
+		}
+		remoteIP = remoteIP[:index]
+
+		fmt.Println("remote addr:", remoteIP)
+
+		if "127.0.0.1" != remoteIP &&
+			"::1" != remoteIP &&
+			"localhost" != remoteIP {
+			ipAddr := net.ParseIP(remoteIP)
 			if nil == ipAddr {
 				wconn.Close()
 				return true
diff --git a/examples/run-as-relay.sh b/examples/run-as-relay.sh
index fa79a05..62126ed 100644
--- a/examples/run-as-relay.sh
+++ b/examples/run-as-relay.sh
@@ -13,6 +13,9 @@ fi
 
 source .env
 
+SPF_HOSTNAME="${SPF_HOSTNAME:-""}"
+#SPF_HOSTNAME="_allowed.example.com"
+
 # For Tunnel Relay Server
 API_HOSTNAME=${API_HOSTNAME:-"devices.example.com"}
 LISTEN="${LISTEN:-":80 :443"}"
@@ -29,6 +32,7 @@ ACME_AGREE=${ACME_AGREE:-}
 ACME_EMAIL="${ACME_EMAIL:-}"
 
 ./telebit \
+    --spf-domain $SPF_HOSTNAME \
     --api-hostname $API_HOSTNAME \
     --auth-url $AUTH_URL \
     --acme-agree "$ACME_AGREE" \
diff --git a/iplist/iplist.go b/iplist/iplist.go
index 78cecaa..8d9427f 100644
--- a/iplist/iplist.go
+++ b/iplist/iplist.go
@@ -73,9 +73,10 @@ func updateTxt(txtDomain string) error {
 		if nil != err {
 			continue
 		}
-		if len(fields) > 0 {
+		if len(newFields) > 0 {
 			break
 		}
+		return fmt.Errorf("no spf records found")
 	}
 
 	// TODO put a lock here?