Mailing List Archive

> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Adrian Cotter
> Sent: Tuesday, August 17, 2004 11:50 AM
> To: spf-help@v2.listbox.com
> Subject: [spf-help] help setting up a record
>
>
> I have a site, that i host on earthlink, the domain is registered
> through networksolutions, but my email is sent through my ISP, SBC
> yahoo. I am not entirely sure how to proceed.
>
> all my email from nonsensical is sent through:
> smtp.sbcglobal.yahoo.com
>
> in an email header this ends up looking like:
> from unknown (HELO ?10.10.0.3?)
> (lizanda@sbcglobal.net@64.172.98.122
> with plain) by smtp814.mail.sc5.yahoo.com with SMTP;
>
> From doing the wizard, it ends up like this:
> "v=spf1 include:yahoo.com -all"

Include: only works if the domain your are including publishes an SPF
record. Currently, yahoo does not, so you can't use include.

There are essentially three options:

1. Ask Yahoo to publish and SPF record and then wait (you ought to ask even
if you don't wait and try one of the other options).

2. Switch to sending e-mail via a provider that publishes an SPF record.
Verizon.net and AOL are two.

3. Send an number of e-mails to yourself and try to guess what IP addresses
Yahoo uses. Then use IP4: to define that. I've had to do that with
Comcast. That part of my SPF record looks like:

?ip4:204.127.202.0/24 ?ip4:204.127.198.0/24 ?ip4:216.148.227.0/24

The ? in front means to return a neutral response (I don't know what all the
IP addresses in those ranges do and don't want to open myself up to the
possiblity that someone might be able to successfully forge my domain from
one of them). Neutral is supposed to be treated as if you don't publish SPF
at all.

What you really want to do to reduce the bogus bounces is put -all at the
end of your SPF record. But before you do that, you need to make sure that
your record will work for all the legitimate methods of sending you use.
You might want to end your record in ~all (softfail) while you are testing.

>
> So two questions:
> 1) is this too broad? do i need to figure out the range of IP addresses?
>
> 2) then what? I have no idea what to do with this "v=spf1
> include:yahoo.com -all" once i have it. Does my ISP have to do it? My
> domain provider?

You provider of Domain Name Services (DNS) needs to add the spf record to
the DNS record for your domain. In order to do this, they need to support
the TXT record type. Not all do. Yahoo is your DNS provider. It doesn't
appear that they support TXT:

http://smallbusiness.yahoo.com/bzinfo/prod/dom/glossary.php#DNS

So, before you can publish an SPF record, you are going to have to either
get them to agree to add a TXT record for you or switch to another provider.
I would recommend putting in a support request to see if they will do it.

>
> Thanks,
> Adrian
>
> p.s. i'm getting thousands of bounces from some spammer who is using
> nonsensical.com addresses. any advice on how to stop this?
>
Publishing an SPF record with -all will help some (not much now, but more
later when more mail recievers are checking SPF records).

[Of topic for this list] What I've done is trained my spam filter
(SpamAssassin with Bayesian filtering) to belive that bounces are spam and
then I whitelisted the domains I tend to get legitimate e-mails from so I
don't miss valid bounces.

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com