Mailing List Archive

Your best bet is to use one of the wizards and compare from there:

Spf.pobox.com has one that's decent, and MS has one at
http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx which
I find a little clearer but they both work.

-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com] On Behalf Of Byron Kennedy
Sent: Monday, August 30, 2004 2:50 PM
To: spf-help@v2.listbox.com
Subject: [spf-help] Question on troubleshooting SPF record creation

Hello.

I'm trying to create an SPF record for our domain: markettools.com. In
this process I have created a .txt record called spf.markettools.com
(below) in the domain, but when I run one of the SPF tester sites it
still shows me as not having published SPF records.

Think I'm missing something basic and appreciate any pointers.

Cheers-byron

**********************
SPF
TXT v=spf2.0/pra
TXT ptr
TXT mx:mx1.markettools.com
TXT mx:mx2.markettools.com
TXT mx:mx3.markettools.com
TXT mx:mx4.markettools.com
TXT mx
TXT ~all

*********************

Byron Kennedy
Director of Network Operations and
Senior Infrastructure Architect

MarketTools, Inc.

MarketTools(r)
Real Market Research Insights. In Real Time. At Real Savings.
This e-mail and any attachments may contain privileged, confidential or
proprietary information. If you are not the intended recipient, be aware
that any review, copying, or distribution of this e-mail or any
attachment is strictly prohibited. If you have received this e-mail in
error, please return it to the sender immediately, and permanently
delete the original and any copies from your system. Thank you for your
cooperation.

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


--------------------------------------------------------------------------------
This email is intended only for the named recipents. All email is monitored and archived for compliance requirements.
The views or context in this message may not reflect the view or context of the company.
--------------------------------------------------------------------------------



-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hi,

A couple of remarks:

First, you will want to put the spf record in _one_ string. Here's the
result of requesting the spf record:

;; ANSWER SECTION:
spf.markettools.com. 10800 IN TXT "mx:mx4.markettools.com"
spf.markettools.com. 10800 IN TXT "mx"
spf.markettools.com. 10800 IN TXT "ptr"
spf.markettools.com. 10800 IN TXT "~all"
spf.markettools.com. 10800 IN TXT "v=spf2.0/pra"
spf.markettools.com. 10800 IN TXT "mx:mx1.markettools.com"
spf.markettools.com. 10800 IN TXT "mx:mx2.markettools.com"
spf.markettools.com. 10800 IN TXT "mx:mx3.markettools.com"


Secondly, 'v=spf2.0/pra' is not a valid spf string yet. As of yet only v=spf1
exists. See http://spf.pobox.com for all the info regarding the current
version of spf.

Thirdly, you will want to publish the txt record on markettools.com, not
on spf.markettools.com (unless spf.markettools.com is the domain you
want to protect).

For more info, please read:

http://spf.pobox.com/faq.html

http://spf.pobox.com/mechanisms.html

http://spf.pobox.com/spf-draft-200406.txt

Koen

On Mon, Aug 30, 2004 at 11:50:17AM -0700, Byron Kennedy wrote:
> Hello.
>
> I'm trying to create an SPF record for our domain: markettools.com. In this process I have created a .txt record called spf.markettools.com (below) in the domain, but when I run one of the SPF tester sites it still shows me as not having published SPF records.
>
> Think I'm missing something basic and appreciate any pointers.
>
> Cheers-byron
>
> **********************
> SPF
> TXT v=spf2.0/pra
> TXT ptr
> TXT mx:mx1.markettools.com
> TXT mx:mx2.markettools.com
> TXT mx:mx3.markettools.com
> TXT mx:mx4.markettools.com
> TXT mx
> TXT ~all
>
> *********************
>
> Byron Kennedy
> Director of Network Operations and
> Senior Infrastructure Architect
>
> MarketTools, Inc.
>
> MarketTools®
> Real Market Research Insights. In Real Time. At Real Savings.
> This e-mail and any attachments may contain privileged, confidential or proprietary information. If you are not the intended recipient, be aware that any review, copying, or distribution of this e-mail or any attachment is strictly prohibited. If you have received this e-mail in error, please return it to the sender immediately, and permanently delete the original and any copies from your system. Thank you for your cooperation.
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hi Koen (cool name btw).

I think I've correctly made the changes you've pointed out. Still no
luck.

Humm...

Anything else I'm missing? Maybe my syntax is incorrect. I got it
originally from the MS site wizard and updated my txt comment on zone
markettools.com as follows (system is 3dns platform, BIND):

markettools.com. 3600 IN SOA 3dns1.markettools.com.
hostmaster.markettools.com. (
2004083013 3600 1800 604800 10800 )
NS 3dns1
NS 3dns2
NS ns3
10800 A 64.14.219.228
MX 20 mx4
MX 40 mx3
MX 10 mx1
MX 60 mx2
TXT v=spf1
TXT ptr
TXT mx:mx1.markettools.com
TXT mx:mx2.markettools.com
TXT mx:mx3.markettools.com
TXT mx:mx4.markettools.com
TXT mx
TXT ~all

Thx again for your insight. Trying to do the right thing here. :)

Cheers.
byron

-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com] On Behalf Of Koen Martens
Sent: Monday, August 30, 2004 1:50 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Question on troubleshooting SPF record creation

Hi,

A couple of remarks:

First, you will want to put the spf record in _one_ string. Here's the
result of requesting the spf record:

;; ANSWER SECTION:
spf.markettools.com. 10800 IN TXT "mx:mx4.markettools.com"
spf.markettools.com. 10800 IN TXT "mx"
spf.markettools.com. 10800 IN TXT "ptr"
spf.markettools.com. 10800 IN TXT "~all"
spf.markettools.com. 10800 IN TXT "v=spf2.0/pra"
spf.markettools.com. 10800 IN TXT "mx:mx1.markettools.com"
spf.markettools.com. 10800 IN TXT "mx:mx2.markettools.com"
spf.markettools.com. 10800 IN TXT "mx:mx3.markettools.com"


Secondly, 'v=spf2.0/pra' is not a valid spf string yet. As of yet only
v=spf1 exists. See http://spf.pobox.com for all the info regarding the
current version of spf.

Thirdly, you will want to publish the txt record on markettools.com, not
on spf.markettools.com (unless spf.markettools.com is the domain you
want to protect).

For more info, please read:

http://spf.pobox.com/faq.html

http://spf.pobox.com/mechanisms.html

http://spf.pobox.com/spf-draft-200406.txt

Koen

On Mon, Aug 30, 2004 at 11:50:17AM -0700, Byron Kennedy wrote:
> Hello.
>
> I'm trying to create an SPF record for our domain: markettools.com.
In this process I have created a .txt record called spf.markettools.com
(below) in the domain, but when I run one of the SPF tester sites it
still shows me as not having published SPF records.
>
> Think I'm missing something basic and appreciate any pointers.
>
> Cheers-byron
>
> **********************
> SPF
> TXT v=spf2.0/pra
> TXT ptr
> TXT mx:mx1.markettools.com
> TXT mx:mx2.markettools.com
> TXT mx:mx3.markettools.com
> TXT mx:mx4.markettools.com
> TXT mx
> TXT ~all
>
> *********************
>
> Byron Kennedy
> Director of Network Operations and
> Senior Infrastructure Architect
>
> MarketTools, Inc.
>
> MarketTools(r)
> Real Market Research Insights. In Real Time. At Real Savings.
> This e-mail and any attachments may contain privileged, confidential
or proprietary information. If you are not the intended recipient, be
aware that any review, copying, or distribution of this e-mail or any
attachment is strictly prohibited. If you have received this e-mail in
error, please return it to the sender immediately, and permanently
delete the original and any copies from your system. Thank you for your
cooperation.
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
> subscription, please go to
> http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/ Networking, embedded
systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program can't read? Visit
http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hi Byron,

First, I think you missed an important part of Koen's message to have
the spf record in one string. Second I'm pretty sure that you don't need
to specify your mx records seperately. One "mx" in the TXT string will
sufice to cover all machines that have mx records for your domain. I
think it can all be safely abridged to what is below.

Angus

Byron Kennedy wrote:

>markettools.com. 3600 IN SOA 3dns1.markettools.com.
>hostmaster.markettools.com. (
> 2004083013 3600 1800 604800 10800 )
> NS 3dns1
> NS 3dns2
> NS ns3
> 10800 A 64.14.219.228
> MX 20 mx4
> MX 40 mx3
> MX 10 mx1
> MX 60 mx2
> TXT v=spf1 ptr mx ~all
>
>
>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Mon, Aug 30, 2004 at 04:36:04PM -0400, Benjamin Zachary wrote:
> [....] and MS has one at
> http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx which
> I find a little clearer but they both work.

This wizard is seriously broken and should not be used!

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hi Byron,

On Mon, Aug 30, 2004 at 03:59:44PM -0700, Byron Kennedy wrote:
> I think I've correctly made the changes you've pointed out. Still no
> luck.

Ok, so the record shows up correctly now when I do a dig:

markettools.com. 2h56m41s IN TXT "v=spf1 ptr
mx:mx1.markettools.com mx:mx2.markettools.com mx:mx3.markettools.com
mx:mx4.markettools.com ip4:63.150.48.0/24 ip4:64.14.219.0/24
ip4:64.74.208.0/24 -all"

Your mx records appear to be:

mx4.markettools.com. 2h53m47s IN A 64.74.208.195
mx3.markettools.com. 2h53m47s IN A 64.14.219.54
mx2.markettools.com. 2h53m47s IN A 64.14.219.160
mx1.markettools.com. 2h53m47s IN A 63.150.48.132
3dns2.markettools.com. 2h53m28s IN A 64.14.217.100
ns3.markettools.com. 2h53m28s IN A 64.14.219.54
3dns1.markettools.com. 2h53m28s IN A 63.150.48.130

Now a question, you've mentioned mx?.markettools.com as well as the ip
range they are in. Is this intentional? I mean, if it's only
mx1.markettools.com - mx4.markettools that send out mail, the ip4
entries are superfluous.

> Humm...
>
> Anything else I'm missing? Maybe my syntax is incorrect. I got it
> originally from the MS site wizard and updated my txt comment on zone
> markettools.com as follows (system is 3dns platform, BIND):

The syntax is ok now. I checked with spfquery (a tool that comes with
any arbitrary spf library), here is the result:

srs# spfquery -ip 64.74.208.1 -sender test@markettools.com -helo
markettools.com
pass

srs# spfquery -ip 64.74.208.195 -sender test@markettools.com -helo
markettools.com
pass

spfquery: domain of markettools.com designates 64.74.208.195 as
permitted sender
Received-SPF: pass (spfquery: domain of markettools.com designates
64.74.208.195 as permitted sender) client-ip=64.74.208.195;
envelope-from=test@markettools.com; helo=markettools.com;
srs#

Seems to me you are ok !

What testing site were you using?

> Thx again for your insight. Trying to do the right thing here. :)

No problem, here to try and make people do the right thing :)

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Really? I did it for about 15 of my domains and when I run some spf
checkers they all come up clean. Is there something about them maybe I
am missing?

-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com] On Behalf Of Koen Martens
Sent: Tuesday, August 31, 2004 2:49 AM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Question on troubleshooting SPF record creation

On Mon, Aug 30, 2004 at 04:36:04PM -0400, Benjamin Zachary wrote:
> [....] and MS has one at
> http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx
> which I find a little clearer but they both work.

This wizard is seriously broken and should not be used!

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/ Networking, embedded
systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program can't read? Visit
http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


--------------------------------------------------------------------------------
This email is intended only for the named recipents. All email is monitored and archived for compliance requirements.
The views or context in this message may not reflect the view or context of the company.
--------------------------------------------------------------------------------



-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

When I do this for the domain metro.cx for example, and only check the
box that says 'Any IP addresses listed in the domain's A records in DNS
are also outbound mail servers for the domain. (What's this?) At the
present time, the domain's A records contain the following addresses:
80.126.206.91' and the -all box i'd expect to get 'v=spf1 a -all',
instead I get:

v=spf2.0/pra -all

so first of all the version string is incorrect (spf2 does not exist,
and the version string to be used for senderid is still matter for
debate), secondly there is no 'a' in the record.

Publishing this record would gain me nothing, and if spf2.0/pra actually
meant something it would be worse: all my mail would be rejected.

This is just one example.

Koen

On Tue, Aug 31, 2004 at 01:13:29PM -0400, Benjamin Zachary wrote:
> Really? I did it for about 15 of my domains and when I run some spf
> checkers they all come up clean. Is there something about them maybe I
> am missing?
>
> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com] On Behalf Of Koen Martens
> Sent: Tuesday, August 31, 2004 2:49 AM
> To: spf-help@v2.listbox.com
> Subject: Re: [spf-help] Question on troubleshooting SPF record creation
>
> On Mon, Aug 30, 2004 at 04:36:04PM -0400, Benjamin Zachary wrote:
> > [....] and MS has one at
> > http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx
> > which I find a little clearer but they both work.
>
> This wizard is seriously broken and should not be used!
>
> Koen
>
> --
> K.F.J. Martens, Sonologic, http://www.sonologic.nl/ Networking, embedded
> systems, unix expertise, artificial intelligence.
> Public PGP key: http://www.metro.cx/pubkey-gmc.asc
> Wondering about the funny attachment your mail program can't read? Visit
> http://www.openpgp.org/
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
> subscription, please go to
> http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
>
> --------------------------------------------------------------------------------
> This email is intended only for the named recipents. All email is monitored and archived for compliance requirements.
> The views or context in this message may not reflect the view or context of the company.
> --------------------------------------------------------------------------------
>
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com