diff --git a/app/email_utils.py b/app/email_utils.py
index 23863ad1..ba2d889b 100644
--- a/app/email_utils.py
+++ b/app/email_utils.py
@@ -63,7 +63,6 @@ from app.utils import (
     convert_to_alphanumeric,
     sanitize_email,
 )
-from email_handler import _IP_HEADER
 
 
 def render(template_name, **kwargs) -> str:
@@ -997,8 +996,10 @@ def parse_id_from_bounce(email_address: str) -> int:
     return int(email_address[email_address.find("+") : email_address.rfind("+")])
 
 
+_IP_HEADER = "X-SimpleLogin-Client-IP"
+
+
 def spf_pass(
-    ip: str,
     envelope,
     mailbox: Mailbox,
     user: User,
@@ -1006,6 +1007,7 @@ def spf_pass(
     contact_email: str,
     msg: Message,
 ) -> bool:
+    ip = msg[_IP_HEADER]
     if ip:
         LOG.d("Enforce SPF on %s %s", ip, envelope.mail_from)
         try:
diff --git a/email_handler.py b/email_handler.py
index ac75b729..1892ee57 100644
--- a/email_handler.py
+++ b/email_handler.py
@@ -125,7 +125,7 @@ from server import create_app, create_light_app
 # forward or reply
 _DIRECTION = "X-SimpleLogin-Type"
 
-_IP_HEADER = "X-SimpleLogin-Client-IP"
+
 _EMAIL_LOG_ID_HEADER = "X-SimpleLogin-EmailLog-ID"
 _ENVELOPE_FROM = "X-SimpleLogin-Envelope-From"
 
@@ -804,8 +804,7 @@ def handle_reply(envelope, msg: Message, rcpt_to: str) -> (bool, str):
             return False, "550 SL E7"
 
     if ENFORCE_SPF and mailbox.force_spf and not alias.disable_email_spoofing_check:
-        ip = msg[_IP_HEADER]
-        if not spf_pass(ip, envelope, mailbox, user, alias, contact.website_email, msg):
+        if not spf_pass(envelope, mailbox, user, alias, contact.website_email, msg):
             # cannot use 4** here as sender will retry. 5** because that generates bounce report
             return True, "250 SL E11"