Mailing List Archive

It's the return path. For most this will be the same as from.

Scott Kitterman

> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Alan Fendrick
> Sent: Tuesday, October 05, 2004 11:14 AM
> To: spf-help@v2.listbox.com
> Subject: [spf-help] Setting up SPF
>
>
> What is the domain that is checked - is it the "from" or the
> "reply to" - or is it required that these be the same for SPF.
>
> Alan Fendrick
> www.launchfax.com
> 732-450-3688 x201
> 732-559-9001 (fax)
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate
> your subscription,
> please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

When you send mail the initial public IP is in the header. I understand
that is what is SPF'ed to match the Reply-To.



-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com] On Behalf Of Alan Fendrick
Sent: Tuesday, October 05, 2004 11:14 AM
To: spf-help@v2.listbox.com
Subject: [spf-help] Setting up SPF

What is the domain that is checked - is it the "from" or the "reply to"
- or is it required that these be the same for SPF.

Alan Fendrick
www.launchfax.com
732-450-3688 x201
732-559-9001 (fax)

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


--------------------------------------------------------------------------------
This email is intended only for the named recipents. All email is monitored and archived for compliance requirements.
The views or context in this message may not reflect the view or context of the company.
--------------------------------------------------------------------------------



-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

no, it is the "return-path" header
it may be different from the reply-to header
which is not necessary while sending an email

Yannick

----- Original Message -----
From: "Benjamin Zachary" <bzachary@networthco.com>
To: <spf-help@v2.listbox.com>
Sent: Tuesday, October 05, 2004 8:54 PM
Subject: RE: [spf-help] Setting up SPF


When you send mail the initial public IP is in the header. I understand
that is what is SPF'ed to match the Reply-To.



-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Tue, Oct 05, 2004 at 02:54:21PM -0400,
Benjamin Zachary <bzachary@networthco.com> wrote
a message of 39 lines which said:

> When you send mail the initial public IP is in the header.

Not at all.

> I understand that is what is SPF'ed to match the Reply-To.

Not at all.

Please, could you learn SPF before replying to newbies on spf-help?

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Please read the drafts / documentation no spf.pobox.com
(/mechanisms.html, /faq.html, etc..)

spf is meant for the mta, which knows from it's connection which ip it
is that is connected. The spf record of the MAIL FROM: (return path)
domain is looked up and compared against this IP. Checking of spf
against ip's you recover from headers is bad advice.

Reply-To is nowhere in the spf spec, has nothing to do with spf..

Koen

On Tue, Oct 05, 2004 at 02:54:21PM -0400, Benjamin Zachary wrote:
> When you send mail the initial public IP is in the header. I understand
> that is what is SPF'ed to match the Reply-To.
>
>
>
> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com] On Behalf Of Alan Fendrick
> Sent: Tuesday, October 05, 2004 11:14 AM
> To: spf-help@v2.listbox.com
> Subject: [spf-help] Setting up SPF
>
> What is the domain that is checked - is it the "from" or the "reply to"
> - or is it required that these be the same for SPF.
>
> Alan Fendrick
> www.launchfax.com
> 732-450-3688 x201
> 732-559-9001 (fax)
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
> subscription, please go to
> http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
>
> --------------------------------------------------------------------------------
> This email is intended only for the named recipents. All email is monitored and archived for compliance requirements.
> The views or context in this message may not reflect the view or context of the company.
> --------------------------------------------------------------------------------
>
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

I have edited our records to show the following
v=spf1 a mx include:digitalky.com ~all
when this is active mail from our local domain is rejected

any help would be great as I am new to spf

**********************************
Bill Curd - KC6KFQ
Network Operations Administrator
Nextel Authorized Representative
Motorola Canopy Wireless Provider
http://www.digitalky.com
Ph 270-230-1000
Voip 270-872-4263
*****************************************

------------------------------------------
Certified Virus Free - digitalky.com
Scanned by Vircom Modus Mail 4
------------------------------------------

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Sun, Oct 17, 2004 at 09:44:41AM -0500,
Bill Curd <bcurd@digitalky.com> wrote
a message of 20 lines which said:

> I have edited our records to show the following v=spf1 a mx
> include:digitalky.com ~all

Which means there is an infinite recursion (digitalky.com incldues the
record of digitalky.com and so on). This is probably your problem.

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hi,

You have a bit of a problem here. The only way to make this work is to
set up SPF records so that you are allowed to send mail from your two
isp's is to include a overly permissive set of servers in your SPF
record.

It depends a bit here: are you using the ISP's smtp servers as relay or
are you sending directly from your dial-in account? If the former is the
case, you need to get the ip's for those smtp servers, which you should
ask you ISP to provide (there are ways to find out for yourself, if the
ISP is unwilling to help, but in any case you need to keep the setup up
to date: if the ISP changes something you need to follow). Setting it up
like so has a disadvantage: anyone who also uses the ISP's smtp's as
relay can still forge your domains.

If you send directly from your dial up account, you need to include the
IP's you get when you dial up. Probably this is allocated from a dynamic
ip range, which means you will have to include a large number of IP
addresses (like ip4:10.0.0.0/8), meaning again that any dial up customer
of your ISP can still forge your domain.

The best solution is for your domain hoster to provide an SMTP-AUTH
login on their servers, with protection from cross-customer forgery. Ask
your domain hoster if they provide such a server. If not, such a service
is in the making both for free (for small and private domain users) as
well as commercially. I expect to be offering such a service commerially
before the end of this year for example.

As a last note: do not use the wizard from microsoft, it is seriously
broken and does not help you setting up spf records, only pra records.
PRA is a technically flawed protocol.

Kind regards,

Koen Martens

On Fri, Nov 19, 2004 at 07:37:54PM -0800, Kaye Caldwell wrote:
> I have 2 domain names which are hosted at a third party. I send mail
> "from" those domains via my dial up account which is either ix.netcom.com
> or mindspring.com (both of which are now owned by earthlink), using
> Eudora's personality feature. I would like to set up my DNS records for
> the 2 domains to use SPF in the hopes that it will stop people from
> spoofing my addresses at the 2 domains and and using my return address to
> send spam. I have tried to use the MS sender ID wizard, but it does not
> seem to be set up for the hosted domain situation. I'm not sure I know
> enough yet to ask the right questions, but I think they are:
> 1) what IP address do I use as my out-going mail address and how do I find
> out what that IP address is? (I'm guessing that I use the one listed in
> the DNS infor for netcom.com, right? The SMTP server specified in my Eudora
> personality record for those domains is smtp.ix.netcom.com.)
> 2) What do I put in my DNS record, and HOW do I get it there?
> Any help appreciated!
>
> Thanks,
> Kaye
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
> subscription, please go to
> http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Kaye Caldwell wrote:

> 1) what IP address do I use as my out-going mail address and
> how do I find out what that IP address is?

Your talking about two domains and two mail providers. For a
first experiment send mails from the 1st domain via your 1st
provider to the 2nd domain, and from the 2nd domain via your
2nd provider to the 1st domain.

Then analyze the mail headers (only the "Received:" lines are
relevant), compare it with ordinary mails from somebody else.

The top Received: headers will be similar => stuff happening
at the receiving side. But one line (top down) is different,
you see the same ... by receiver as always, with a different
part Received: from name.at.your.ISP.example ([1.2.3.4]) by ...

That's it, note the name and the IP. Same procedure with your
other provider. If it's very obvious (e.g. the name is what
you have configured in your mail program for outgoing mail),
then note "v=spf1 a:name.at.your.ISP.example ?all" for this
ISP. Add a:name.at.other.ISP.example (only if it's obvious).

If it's not obvious ask again. Ideally your ISPs already have
sender policies, and you can include it:

"v=spf1 include:1st.ISP.example include:2nd.ISP.example ?all".

But maybe that's not the case for EL. You can test it with one
of the tools on <http://spf-help.net>, or just go directly to
<http://vweb.nass.com.au/cgi-bin/dnslookup> and test your ISPs.

If they don't have a sender policy you're forced to guess one,
that's the example with a: (see above), but it's not always
obvious. They could have more than one box actually sending
mail, and it's not necessarily the box configured in your mail
program. And one experiment won't show you more than one box.

> 2) What do I put in my DNS record, and HOW do I get it there?

If you have no idea test "v=spf1 ?all" (that's a dummy, it has
the same effect as no policy at all, or at least that's the
theory). How you get it there depends on your domain hoster,
or rather on the nameserver for your domains. I'd know where
to find it for DynDNS, but that's probably irrelevant for you.

Bye, Frank


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Thanks. The "nameserver for my domains" -- is that the company that I
registered my domains through (Network Solutions)?

This is all seeming pretty complicated - and I used to write software so
it's not like I'm completely clueless. How is the average
semi-computer-literate small business person using hosted domains going to
wade through all this? Surely there are a large number of them -- and how
well will this technology work if it's not adopted pretty universally?

- Kaye

At 03:28 AM 11/20/04, Frank Ellermann wrote:
> > 2) What do I put in my DNS record, and HOW do I get it there?
>
>If you have no idea test "v=spf1 ?all" (that's a dummy, it has
>the same effect as no policy at all, or at least that's the
>theory). How you get it there depends on your domain hoster,
>or rather on the nameserver for your domains. I'd know where
>to find it for DynDNS, but that's probably irrelevant for you.

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Sat, Nov 20, 2004 at 07:14:45AM -0800,
Kaye Caldwell <kaye@ix.netcom.com> wrote
a message of 25 lines which said:

> This is all seeming pretty complicated

Managing a mail server in today's Internet is complicated. It used to
be simpler.

> How is the average semi-computer-literate small business person
> using hosted domains going to wade through all this?

Because otherwise, he will not be able to send email. Today, you have
to make your email server compliant with the wishes of AOL
(http://postmaster.aol.com/), of Hotmail, of Earthlink, etc. In the
future, I hope it will be enough to be compliant with one standard but
sending email will nevertheless be more complicated than it was ten
years ago.

Now, for your specific example, it seems reasonable to assume that an
ISP will do it for him.

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Kaye Caldwell wrote:

> This is all seeming pretty complicated

Only if you try to explain it, not if you just do it ;-)

Okay, I can "read" mail headers, if that's a problem
you can use spamcop.net to analyze your "test mails",
or post it here (only the Received: lines) and we'll
find the relevant IP resp. host name.

> How is the average semi-computer-literate small business
> person using hosted domains going to wade through all this?

The average semi-literate like me is forced to learn
this stuff when he wants to fight spam and other mail
abuses.

The first time somebody forged my address was 2001 IIRC,
and the support team of my former ISP somehow convinced
me that neither the UN nor the police can help me with
this "crime". I guess that I was a bit excited, maybe.

> how well will this technology work if it's not
> adopted pretty universally?

It's a self-fulfilling prophecy. Spammers don't care
how much of their forgeries reach their audience, but
they really hate it if _nothing_ gets through at some
big ISP with clueless masses like say AOL.

Therefore they'll stop to forge your addresses if they
find that that's rejected by all receivers implementing
SPF (*). It's not necessary to adopt SPF universally.

Bye, Frank

*: in practice that can take some time, some spammers
are not very bright. Some are really stupid, they
buy huge lists with "fresh opt-in addresses", and
then send spam to my Message-IDs 3?????.????@xyzzy -
the stuff with 3?????.???? was created more than two
years ago and harvested in an e-mail abuse newsgroup.


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

What do you do when they "forge" the address into Yahoo and
you can't get your own mail?
Regards.


----- Original Message -----
From: "Frank Ellermann" <nobody@xyzzy.claranet.de>
To: <spf-help@v2.listbox.com>
Sent: Tuesday, November 23, 2004 5:57 PM
Subject: [spf-help] Re: Setting up SPF


> Kaye Caldwell wrote:
>
> > This is all seeming pretty complicated
>
> Only if you try to explain it, not if you just do it ;-)
>
> Okay, I can "read" mail headers, if that's a problem
> you can use spamcop.net to analyze your "test mails",
> or post it here (only the Received: lines) and we'll
> find the relevant IP resp. host name.
>
> > How is the average semi-computer-literate small business
> > person using hosted domains going to wade through all
this?
>


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

jwwright wrote:

> What do you do when they "forge" the address into Yahoo
> and you can't get your own mail?

What are you talking about, a spam MAIL FROM:<user@yahoo> ?
Yahoo has no sender policy, SPF won't help you in this case.

It also won't hurt you, when is it that you don't get your
own mail ?
Bye, Frank


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

My ISP recognizes an email from me using my ID.

My ISP has a SPF record, which authorizes only one
machine.

66.94.237.45, a Yahoo machine, has no right to claim to be
my ISP
I would say that SPF worked perfectly well at my ISP.

But the Yahoo setup allows a bulk mailer to assume my
identity and mail to other users so I have to talk with
Yahoo PEOPLE. Fixing the problem is a job for their mail
administrator, not
for the mail user (my ISP).

BUT I CAN'T TALK TO YAHOO!!!!!! They are dumbaxxes. They
don't know they are being ATTACKED!

Problem:
Yahoo's groups send emails to their users. If the user is
blocked by SPF, then the bulk mailer is killing off his own
resource and blocking my receipt of emails from my group to
me. In addition, yahoo won't accept an email from my ISP to
the group now, so I have to logon and read the group going
thru yahoo which loads down their system.
I have to create a new email address at yahoo to send and
receive emails and that makes the whole process last hours.

Great system you have! The bulk mailers will soon learn
they're not reaching anyone and figure our how to fix it, if
anyone does.
The only thing I can do is get a new ISP.

Regards.


----- Original Message -----
From: "Frank Ellermann" <nobody@xyzzy.claranet.de>
To: <spf-help@v2.listbox.com>
Sent: Tuesday, November 23, 2004 10:34 PM
Subject: [spf-help] Re: Setting up SPF


> jwwright wrote:
>
> > What do you do when they "forge" the address into Yahoo
> > and you can't get your own mail?
>
> What are you talking about, a spam MAIL FROM:<user@yahoo>
?
> Yahoo has no sender policy, SPF won't help you in this
case.
>
> It also won't hurt you, when is it that you don't get your
> own mail ?
> Bye, Frank
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily
deactivate your subscription,
> please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.c
om


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Wed, Nov 24, 2004 at 03:38:57AM -0600, jwwright wrote:
> My ISP recognizes an email from me using my ID.
>
> My ISP has a SPF record, which authorizes only one
> machine.
>
> 66.94.237.45, a Yahoo machine, has no right to claim to be
> my ISP
> I would say that SPF worked perfectly well at my ISP.

66.94.237.45 is not claiming anything, apparently your ISP is claiming
something that is untrue. Seems you have an issue with your ISP.

> But the Yahoo setup allows a bulk mailer to assume my
> identity and mail to other users so I have to talk with
> Yahoo PEOPLE. Fixing the problem is a job for their mail
> administrator, not
> for the mail user (my ISP).

If you protect your domain with spf, yahoo can not assume your identity.
That's the whole point of spf: controlling who may assume your identity.

> Great system you have! The bulk mailers will soon learn
> they're not reaching anyone and figure our how to fix it, if
> anyone does.
> The only thing I can do is get a new ISP.

Try to understand the system before writing it off.

You could publish proper SPF records for your domain, or take them down
entirely. Both will ensure that spf wll not get in your way. If your ISP
is applying spf records without you having any influence in it, yes you
definately need a new ISP that is more into helping customers.

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

You and yahoo don't understand the problem. I and my ISP
can't fix the problem.
it has to be yahoo. My users are switching ISP's to get
around it, or just not doing the email option in the group.
I don't know how else to explain it since it's not my
computer and not my ISP. I CAN ACTUALLY TALK TO MY SYSTEM
ADMINISTRATOR ON THE TELEPHONE.

Are you real person? (seriously)

Regards.

----- Original Message -----
From: "Koen Martens" <spf@metro.cx>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, November 24, 2004 3:52 AM
Subject: Re: [spf-help] Re: Setting up SPF


>
>
> On Wed, Nov 24, 2004 at 03:38:57AM -0600, jwwright wrote:
> > My ISP recognizes an email from me using my ID.
> >
> > My ISP has a SPF record, which authorizes only one
> > machine.
> >
> > 66.94.237.45, a Yahoo machine, has no right to claim to
be
> > my ISP
> > I would say that SPF worked perfectly well at my ISP.
>
> 66.94.237.45 is not claiming anything, apparently your ISP
is claiming
> something that is untrue. Seems you have an issue with
your ISP.
>
> > But the Yahoo setup allows a bulk mailer to assume my
> > identity and mail to other users so I have to talk with
> > Yahoo PEOPLE. Fixing the problem is a job for their mail
> > administrator, not
> > for the mail user (my ISP).
>
> If you protect your domain with spf, yahoo can not assume
your identity.
> That's the whole point of spf: controlling who may assume
your identity.
>
> > Great system you have! The bulk mailers will soon learn
> > they're not reaching anyone and figure our how to fix
it, if
> > anyone does.
> > The only thing I can do is get a new ISP.
>
> Try to understand the system before writing it off.
>
> You could publish proper SPF records for your domain, or
take them down
> entirely. Both will ensure that spf wll not get in your
way. If your ISP
> is applying spf records without you having any influence
in it, yes you
> definately need a new ISP that is more into helping
customers.
>
> Koen
>


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Wed, Nov 24, 2004 at 04:03:53AM -0600,
jwwright <jwwright@eastex.net> wrote
a message of 74 lines which said:

> You and yahoo don't understand the problem. I and my ISP can't fix
> the problem. it has to be yahoo.

I agree. Why don't you talk to Yahoo?

> not my computer and not my ISP.

But it is your mailing list (the one hosted at Yahoo) that seems to be
broken (sending mail from yahoo but pretending to be from Eastex).

> Are you real person? (seriously)

Koen is real and, while I agree that he did not understand the
problem, he has a good reason: your messages are extremely confused,
with bad quoting and contradictions.


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Of course I am confused. I am an email user not an
administrator.
But tell me HOW do I TALK to Yahoo? I've had this problem
since yesterday noon. My ISP's been using SPF for 2 months.
HOW will yahoo know they're being attacked?

Regards.

----- Original Message -----
From: "Stephane Bortzmeyer" <bortzmeyer@nic.fr>
To: "jwwright" <jwwright@eastex.net>
Cc: <spf-help@v2.listbox.com>
Sent: Wednesday, November 24, 2004 4:12 AM
Subject: [spf-help] Re: Setting up SPF


> On Wed, Nov 24, 2004 at 04:03:53AM -0600,
> jwwright <jwwright@eastex.net> wrote
> a message of 74 lines which said:
>
> > You and yahoo don't understand the problem. I and my ISP
can't fix
> > the problem. it has to be yahoo.
>
> I agree. Why don't you talk to Yahoo?
>
> > not my computer and not my ISP.
>
> But it is your mailing list (the one hosted at Yahoo) that
seems to be
> broken (sending mail from yahoo but pretending to be from
Eastex).
>
> > Are you real person? (seriously)
>
> Koen is real and, while I agree that he did not understand
the
> problem, he has a good reason: your messages are extremely
confused,
> with bad quoting and contradictions.
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily
deactivate your subscription,
> please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.c
om


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Wed, Nov 24, 2004 at 04:26:37AM -0600,
jwwright <jwwright@eastex.net> wrote
a message of 57 lines which said:

> Of course I am confused. I am an email user not an administrator.

BTW, SPF people can have more details at the Help Center, ticket #129.

> But tell me HOW do I TALK to Yahoo?

It is your provider (they host your mailing list), not mine.

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

It isn't clear to me from the information you have posted so far that your
problem has anything to do with SPF. I do not believe that Yahoo checks
SPF, so if Yahoo isn't accepting your mail, it may be something else.

Would you please post the entire message you received from Yahoo with the
header? That would help us understand what's going on.

Scott Kitterman
>-----Original Message-----
>From: owner-spf-help@v2.listbox.com
>[mailto:owner-spf-help@v2.listbox.com]On Behalf Of jwwright
>Sent: Wednesday, November 24, 2004 5:27 AM
>To: spf-help@v2.listbox.com
>Subject: Re: [spf-help] Re: Setting up SPF
>
>
>Of course I am confused. I am an email user not an
>administrator.
>But tell me HOW do I TALK to Yahoo? I've had this problem
>since yesterday noon. My ISP's been using SPF for 2 months.
>HOW will yahoo know they're being attacked?
>
>Regards.
>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

>-----Original Message-----
>From: owner-spf-help@v2.listbox.com
>[mailto:owner-spf-help@v2.listbox.com]On Behalf Of Bryan Knight
>Sent: Wednesday, November 24, 2004 11:07 AM
>To: spf-help@v2.listbox.com
>Subject: RE: [SPAM] - Re: [spf-help] Re: Setting up SPF - Found word(s)
>receipt of emails in the Text body
>
>
>Yahoo groups is a list serve. I am on more than a few and own a bunch.
>The group sends via a from address that is yahoo. IE
>SPFisCoolGroup@yahoogroups.com ... Since SPF is checking the sending
>only, and argueably yahoo allows its list serve to send OR has no policy
>at all on the groups, than it cannot block your email at all...
>
Yes, they do a form of return path rewriting. Here is the return path for a
message I got from one of the groups I subscribe to:

Return-Path:
<sentto-479767-3266-1101311971-unison=kitterman.com@returns.groups.yahoo.com
>

Since yahoogroups.com does not publish an SPF policy, SPF checking should
not affect these messages. Since Yahoo Groups does not change the From:
(normal for a mail list), if some is incorrectly using SPF records to check
From:, then that would cause a failure. Some sort of misonfigured SPF check
seems to be the likely culprit.

If the original poster could publish the rejection message (with headers),
we could probably tell where the problem was.

Scott Kitterman

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

jwwright wrote:

> My ISP has a SPF record, which authorizes only one machine.

That's good, spammers trying to forge your address have now
a serious problem, and you get less bogus bounces and other
crap.

> 66.94.237.45, a Yahoo machine, has no right to claim to be
> my ISP

> I would say that SPF worked perfectly well at my ISP.

Yes. Yahoo also has no right to forge your address.

> But the Yahoo setup allows a bulk mailer to assume my
> identity and mail to other users so I have to talk with
> Yahoo PEOPLE.

That's a problem, because abuse@yahoogroups.com is a PITA.
If you're unhappy with their answers forward it with the
evidence to mail-abuse AT yahoo-inc.com

But I still don't get your problem. In my case a stupid
spammer forged my address (fake@xyzzy) and did "something"
with yahoogroups - I'm not sure what, but I got all the
bogus confirmation requests etc.

I've reported this to abuse@yahoogroups each and every
time for about two weeks (before I had simply deleted all
mails with "yahoogroups" anywhere in the headers).

If it was a bogus subscription they often said that they
handled it. Otherwise they often played dumb, and then
I forwarded it to mail-abuse AT yahoo-inc.com

In one case I got a questionnaire about how the problem
was handled, and let's say I answered it honestly. Some
days later "my" spammer stopped to abuse my addresses -
after six months (resp. 5 months with SPF on my side).

No more crap from Yahoo, no more bounces, out of office,
challenges, back to the happy days of 2003, when I could
forward all my spam without manual checking to SpamCop.

Good luck with Yahoo, Frank


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

>-----Original Message-----
>From: owner-spf-help@v2.listbox.com
>[mailto:owner-spf-help@v2.listbox.com]On Behalf Of ricknorris@alltel.net
>Sent: Tuesday, June 14, 2005 4:10 PM
>To: spf-help@v2.listbox.com
>Subject: [spf-help] Setting up SPF
>
>
>Hello,
>
>I am at a loss here. Where do I put the text file? Is it on a
>server I have internally, or on a server with our ISP.
>
>Also, we have a 1 mail server that sends out 5 different e-mail
>domains. ie. mail1.com, mail2.com, mail3.com .... they all send
>from one machine and we have one mx record. This is due to the
>company having 5 different business groups. So each employee has
>2 or 3 different e-mail addresses pertaining to their function and
>business unit.
>
>How would this look in the TXT file?
>
>I was thinking "v=spf1 a mx ptr ~all"
>
>Does that sound right?
>
>Thanks.

It goes in your DNS zone file. Please give us an example of one of the
domains that you plan on publishing for and we can help you figure out how
to do that.

Scott Kitterman

On Tue, 14 Jun 2005 ricknorris@alltel.net wrote:

> Hello,

Hello.

>
> I am at a loss here. Where do I put the text file? Is it on a server I have internally, or on a server with our ISP.

You will put your TXT record in your DNS server.

>
> Also, we have a 1 mail server that sends out 5 different e-mail domains. ie. mail1.com, mail2.com, mail3.com .... they all send from one machine and we have one mx record. This is due to the company having 5 different business groups. So each employee has 2 or 3 different e-mail addresses pertaining to their function and business unit.

You will need one SPF record to each domain.

> How would this look in the TXT file?
> I was thinking "v=spf1 a mx ptr ~all"
>
> Does that sound right?

If you have only one server and this server it's MX too, i think it's
better just put "v=spf1 ip4:xxx.xxx.xxx.xxx ~all". Will not need one dns
lookup. After some time, you can think about -all...

Regards,
Roberto

> Thanks Scott,

It looks like this

MX Record - 208.178.28.7 (if you ping mail.domain.com this is the address)

e-mail addresses are ... americansterling.com, asgofc.com, asbloan.com, americansterlingbank.com

We have one internal Exchange server.

Thanks.


> From: Scott Kitterman <spf2@kitterman.com>
> Date: 2005/06/14 Tue PM 03:12:35 CDT
> To: <spf-help@v2.listbox.com>
> Subject: RE: [spf-help] Setting up SPF
>
> >-----Original Message-----
> >From: owner-spf-help@v2.listbox.com
> >[mailto:owner-spf-help@v2.listbox.com]On Behalf Of ricknorris@alltel.net
> >Sent: Tuesday, June 14, 2005 4:10 PM
> >To: spf-help@v2.listbox.com
> >Subject: [spf-help] Setting up SPF
> >
> >
> >Hello,
> >
> >I am at a loss here. Where do I put the text file? Is it on a
> >server I have internally, or on a server with our ISP.
> >
> >Also, we have a 1 mail server that sends out 5 different e-mail
> >domains. ie. mail1.com, mail2.com, mail3.com .... they all send
> >from one machine and we have one mx record. This is due to the
> >company having 5 different business groups. So each employee has
> >2 or 3 different e-mail addresses pertaining to their function and
> >business unit.
> >
> >How would this look in the TXT file?
> >
> >I was thinking "v=spf1 a mx ptr ~all"
> >
> >Does that sound right?
> >
> >Thanks.
>
> It goes in your DNS zone file. Please give us an example of one of the
> domains that you plan on publishing for and we can help you figure out how
> to do that.
>
> Scott Kitterman
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/ or
> http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?member_id=2046348&user_secret=2b45cf17
>

>-----Original Message-----
>From: owner-spf-help@v2.listbox.com
>[mailto:owner-spf-help@v2.listbox.com]On Behalf Of ricknorris@alltel.net
>Sent: Tuesday, June 14, 2005 4:19 PM
>To: spf-help@v2.listbox.com
>Subject: Re: RE: [spf-help] Setting up SPF
>
>
>
>> Thanks Scott,
>
>It looks like this
>
>MX Record - 208.178.28.7 (if you ping mail.domain.com this is the address)
>
>e-mail addresses are ... americansterling.com, asgofc.com,
>asbloan.com, americansterlingbank.com
>
>We have one internal Exchange server.
>
>Thanks.

Since you run your own DNS server, you will have to put the records in your
zone file yourself. Roberto's advice about record content is good.

Scott Kitterman

The SPF record has to be added to your ISP DNS servers.



-----Original Message-----
From: "Ryan Jacksland" <RyanJ@sixnetio.com>
To: spf-help@v2.listbox.com
Date: Mon, 13 Aug 2007 15:02:59 -0400
Subject: [spf-help] Setting up SPF


I would like to use a SPF record, but I am not sure where it goes. Our
website is hosted offsite in another state, we have DNS servers in house
with our Exchange server, our ISP has their own DNS servers as well.
Where would this get published?

Thanks
RJ

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?&
Powered by Listbox: http://www.listbox.com

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31418596-169d02
Powered by Listbox: http://www.listbox.com

I guess that confuses me a little. Other than giving us internet access
they do not do anything for us. Why would they get the record and not
our internal DNS server?

Thanks,
RJ



-----Original Message-----
From: Edison Luna [mailto:eluna@emailhostsite.com]
Sent: Monday, August 13, 2007 3:25 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Setting up SPF


The SPF record has to be added to your ISP DNS servers.



-----Original Message-----
From: "Ryan Jacksland" <RyanJ@sixnetio.com>
To: spf-help@v2.listbox.com
Date: Mon, 13 Aug 2007 15:02:59 -0400
Subject: [spf-help] Setting up SPF


I would like to use a SPF record, but I am not sure where it goes. Our
website is hosted offsite in another state, we have DNS servers in house
with our Exchange server, our ISP has their own DNS servers as well.
Where would this get published?

Thanks
RJ

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search) To
unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?&
Powered by Listbox: http://www.listbox.com

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search) To
unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?&
1
Powered by Listbox: http://www.listbox.com

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31420481-170f4a
Powered by Listbox: http://www.listbox.com

On Monday 13 August 2007 15:31, Ryan Jacksland wrote:
> I guess that confuses me a little. Other than giving us internet access
> they do not do anything for us. Why would they get the record and not
> our internal DNS server?

It has to be visible in the DNS that the rest of the internet sees. That may
or may not be your ISP. In the case of sixnetio.com, your DNS is served by
valueweb.net:

;; ANSWER SECTION:
sixnetio.com. 172800 IN NS ns.valueweb.net.
sixnetio.com. 172800 IN NS ns2.valueweb.net.

So that's where it needs to be published. It's between you and valueweb.net
how that gets done.

Scott K

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31421878-c58829
Powered by Listbox: http://www.listbox.com

Your ISP DNS server is hosting your domain. That DNS has the MX record for
your email server so the SPF record has to be added in the same location.




-----Original Message-----
From: "Ryan Jacksland" <RyanJ@sixnetio.com>
To: spf-help@v2.listbox.com
Date: Mon, 13 Aug 2007 15:31:08 -0400
Subject: RE: [spf-help] Setting up SPF


I guess that confuses me a little. Other than giving us internet access
they do not do anything for us. Why would they get the record and not
our internal DNS server?

Thanks,
RJ



-----Original Message-----
From: Edison Luna [mailto:eluna@emailhostsite.com]
Sent: Monday, August 13, 2007 3:25 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Setting up SPF


The SPF record has to be added to your ISP DNS servers.



-----Original Message-----
From: "Ryan Jacksland" <RyanJ@sixnetio.com>
To: spf-help@v2.listbox.com
Date: Mon, 13 Aug 2007 15:02:59 -0400
Subject: [spf-help] Setting up SPF


I would like to use a SPF record, but I am not sure where it goes. Our
website is hosted offsite in another state, we have DNS servers in house
with our Exchange server, our ISP has their own DNS servers as well.
Where would this get published?

Thanks
RJ

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search) To
unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?&
Powered by Listbox: http://www.listbox.com

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search) To
unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?&
1
Powered by Listbox: http://www.listbox.com

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?&
Powered by Listbox: http://www.listbox.com

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31423558-86606e
Powered by Listbox: http://www.listbox.com

Ok so valueweb is who hosts our website. They are the ones that need to
add it? According to dnsstuff.com our MX record is at
mail1.sixnetio.com, which is in house. But valueweb has our NS records.



-----Original Message-----
From: Scott Kitterman [mailto:scott@kitterman.com]
Sent: Monday, August 13, 2007 3:36 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Setting up SPF


On Monday 13 August 2007 15:31, Ryan Jacksland wrote:
> I guess that confuses me a little. Other than giving us internet
> access they do not do anything for us. Why would they get the record
> and not our internal DNS server?

It has to be visible in the DNS that the rest of the internet sees.
That may
or may not be your ISP. In the case of sixnetio.com, your DNS is served
by
valueweb.net:

;; ANSWER SECTION:
sixnetio.com. 172800 IN NS ns.valueweb.net.
sixnetio.com. 172800 IN NS ns2.valueweb.net.

So that's where it needs to be published. It's between you and
valueweb.net
how that gets done.

Scott K

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search) To
unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?&
2
Powered by Listbox: http://www.listbox.com

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31429676-88e705
Powered by Listbox: http://www.listbox.com

On Monday 13 August 2007 15:47, Ryan Jacksland wrote:
> Ok so valueweb is who hosts our website. They are the ones that need to
> add it? According to dnsstuff.com our MX record is at
> mail1.sixnetio.com, which is in house. But valueweb has our NS records.

Yes, but the SPF record goes in your authoritative DNS, which is at valueweb.

Scott K

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31430563-a938ac
Powered by Listbox: http://www.listbox.com

>----- Original Message -----
>From: "Ryan Jacksland" <RyanJ@sixnetio.com>
>To: <spf-help@v2.listbox.com>
>Sent: Monday, August 13, 2007 3:02 PM
>Subject: [spf-help] Setting up SPF
>
>I would like to use a SPF record, but I am not sure where it goes. Our
>website is hosted offsite in another state, we have DNS servers in house
>with our Exchange server, our ISP has their own DNS servers as well.
>Where would this get published?

The other poster is correct in that your SPF record would need to go on the
DNS servers at your ISP. This is because your SPF record needs to be seen
by anybody that receives email from your domain.

It would only make sense to put your SPF record on your internal DNS servers
if you have your domain hosted both at your ISP and also internally, and you
wanted your internal email servers to see the SPF record too, and those
email servers use your internal DNS servers.

In addition,

Based on the "Received:" header from your email...

Received: from svr3.sixnetio.com (mail1.sixnetio.com [24.97.130.2]) by
chiclet.listbox.com (Postfix) with ESMTP id 3ED1018F024 for
<spf-help@v2.listbox.com>; Mon, 13 Aug 2007 15:03:22 -0400 (EDT)

...it appears that 24.97.130.2 is at least one server that sends email from
your domain. If there are others, they would also need to be incorporated
into your SPF record.

Publishing an SPF record is your way of telling the world where legitimate
email from your domain should come from.

If your receiving email server starts checking SPF for email it receives,
that is an entirely different thing from your SPF record, unless, of course,
someone forges your domain in the From field and tries sending email to your
mailboxes.

Hope this helps,

Michael Breton

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31432308-56c6ed
Powered by Listbox: http://www.listbox.com

Ok, Thanks for the info, now the question is, what do I give to
valueweb?

Thanks



-----Original Message-----
From: Scott Kitterman [mailto:scott@kitterman.com]
Sent: Monday, August 13, 2007 3:49 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Setting up SPF


On Monday 13 August 2007 15:47, Ryan Jacksland wrote:
> Ok so valueweb is who hosts our website. They are the ones that need
> to add it? According to dnsstuff.com our MX record is at
> mail1.sixnetio.com, which is in house. But valueweb has our NS
> records.

Yes, but the SPF record goes in your authoritative DNS, which is at
valueweb.

Scott K

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search) To
unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?&
3
Powered by Listbox: http://www.listbox.com

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31433802-c83b9f
Powered by Listbox: http://www.listbox.com

24.97.130.2 is the only place email is coming from for our domain. But
even though that is in house, like the other poster said valueweb is
actually athurotative for our domain, so I have to put it there.

Thanks





-----Original Message-----
From: Michael Breton [mailto:michael@breton.us]
Sent: Monday, August 13, 2007 3:52 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Setting up SPF


>----- Original Message -----
>From: "Ryan Jacksland" <RyanJ@sixnetio.com>
>To: <spf-help@v2.listbox.com>
>Sent: Monday, August 13, 2007 3:02 PM
>Subject: [spf-help] Setting up SPF
>
>I would like to use a SPF record, but I am not sure where it goes. Our
>website is hosted offsite in another state, we have DNS servers in
>house with our Exchange server, our ISP has their own DNS servers as
>well. Where would this get published?

The other poster is correct in that your SPF record would need to go on
the
DNS servers at your ISP. This is because your SPF record needs to be
seen
by anybody that receives email from your domain.

It would only make sense to put your SPF record on your internal DNS
servers
if you have your domain hosted both at your ISP and also internally, and
you
wanted your internal email servers to see the SPF record too, and those
email servers use your internal DNS servers.

In addition,

Based on the "Received:" header from your email...

Received: from svr3.sixnetio.com (mail1.sixnetio.com [24.97.130.2]) by
chiclet.listbox.com (Postfix) with ESMTP id 3ED1018F024 for
<spf-help@v2.listbox.com>; Mon, 13 Aug 2007 15:03:22 -0400 (EDT)

...it appears that 24.97.130.2 is at least one server that sends email
from
your domain. If there are others, they would also need to be
incorporated
into your SPF record.

Publishing an SPF record is your way of telling the world where
legitimate
email from your domain should come from.

If your receiving email server starts checking SPF for email it
receives,
that is an entirely different thing from your SPF record, unless, of
course,
someone forges your domain in the From field and tries sending email to
your
mailboxes.

Hope this helps,

Michael Breton

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search) To
unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?&
4
Powered by Listbox: http://www.listbox.com

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31435519-85f5ec
Powered by Listbox: http://www.listbox.com

On Monday 13 August 2007 15:52, Ryan Jacksland wrote:
> Ok, Thanks for the info, now the question is, what do I give to
> valueweb?
>
That's, of course, a different question.

What you need to do is make a list of the authorized sources of mail from your
domain (the mail servers). Do that in English and we can help you translate
it into SPF, i.e. how does your domain send mail?

Scott K

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31435798-60c8ff
Powered by Listbox: http://www.listbox.com

Im not sure what you mean by "how does your domain send mail". We only
have one internal Exchange server that we use for mail.





-----Original Message-----
From: Scott Kitterman [mailto:scott@kitterman.com]
Sent: Monday, August 13, 2007 3:57 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Setting up SPF


On Monday 13 August 2007 15:52, Ryan Jacksland wrote:
> Ok, Thanks for the info, now the question is, what do I give to
> valueweb?
>
That's, of course, a different question.

What you need to do is make a list of the authorized sources of mail
from your
domain (the mail servers). Do that in English and we can help you
translate
it into SPF, i.e. how does your domain send mail?

Scott K

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search) To
unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?&
c
Powered by Listbox: http://www.listbox.com

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31438044-499223
Powered by Listbox: http://www.listbox.com

On Monday 13 August 2007 16:01, Ryan Jacksland wrote:
> Im not sure what you mean by "how does your domain send mail". We only
> have one internal Exchange server that we use for mail.
>
>
Right. From the messages that crossed mine, that would be 24.97.130.2.

Additionally, some domains, for example, have scripts on their web server that
send mail, so that would have to be included too.

Given what you said, your SPF record would be:

"v=spf1 ip4:24.97.130.2 -all"

Scott K

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31440688-936ce4
Powered by Listbox: http://www.listbox.com

-----Original Message-----
From: "Scott Kitterman" <scott@kitterman.com>
To: spf-help@v2.listbox.com
Sent: 8/13/07 4:13 PM
Subject: Re: [spf-help] Setting up SPF

On Monday 13 August 2007 16:01, Ryan Jacksland wrote:
> Im not sure what you mean by "how does your domain send mail". We only
> have one internal Exchange server that we use for mail.
>
>
Right. From the messages that crossed mine, that would be 24.97.130.2.

Additionally, some domains, for example, have scripts on their web server that
send mail, so that would have to be included too.

Given what you said, your SPF record would be:

"v=spf1 ip4:24.97.130.2 -all"

Scott K

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?&
Powered by Listbox: http://www.listbox.com

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31462529-d140fa
Powered by Listbox: http://www.listbox.com

On Mon, Aug 13, 2007 at 03:56:12PM -0400, Ryan Jacksland wrote:
> 24.97.130.2 is the only place email is coming from for our domain. But
> even though that is in house, like the other poster said valueweb is
> actually athurotative for our domain, so I have to put it there.

Look at DNS as a sort of phonebook.

When we (=the rest of the world) want to know your number, we will
look at the phonebook, not at the telephone itself. The phonebook
is at your ISP, eventhough the phone is connected in your building.

If your number is "123" and your name is "xyz", then:

Anybody could say "I am xyz, I want to order ten pizzas". Now we
are verifying your number: we lookup "xyz" in the phonebook and
notice that "123" really belongs to "xyz" so all is well.

Another time somebody else pretends to be you. He says the same
but we notice that number "666" is not listed for you. This time
we will not believe that person.

step 1: you, or somebody else, calls us up
step 2: we get to know the number which is used to connect to us
step 3: you, or that other person, says "I am xyz"
step 4: we lookup valid numbers for "xyz"
step 5: see if the number from step 2 is listed at step 4
step 6: depending on the outcome of step 5, disconnect or accept

HTH
Alex

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31646649-5e4a81
Powered by Listbox: http://www.listbox.com

Ok, yes, we do not have anything special like that set up, just a basic
Exchange server. So now I contact valueweb and ask them to add that spf
record to their dns servers?




-----Original Message-----
From: Scott Kitterman [mailto:scott@kitterman.com]
Sent: Monday, August 13, 2007 4:13 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Setting up SPF


On Monday 13 August 2007 16:01, Ryan Jacksland wrote:
> Im not sure what you mean by "how does your domain send mail". We only

> have one internal Exchange server that we use for mail.
>
>
Right. From the messages that crossed mine, that would be 24.97.130.2.

Additionally, some domains, for example, have scripts on their web
server that
send mail, so that would have to be included too.

Given what you said, your SPF record would be:

"v=spf1 ip4:24.97.130.2 -all"

Scott K

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search) To
unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?&
d
Powered by Listbox: http://www.listbox.com

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31674966-764dff
Powered by Listbox: http://www.listbox.com

Now the problems begin. We are registered at godaddy for sixnetio.com
and sixnetio.org, but the .org just forwards over to the .com. But we
have email addresses at godaddy that end in .org and are forwarded off
to different emails. Would putting the spf record in for sixnetio.com
affect those emails?

Thanks





-----Original Message-----
From: Scott Kitterman [mailto:scott@kitterman.com]
Sent: Monday, August 13, 2007 4:13 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Setting up SPF


On Monday 13 August 2007 16:01, Ryan Jacksland wrote:
> Im not sure what you mean by "how does your domain send mail". We only

> have one internal Exchange server that we use for mail.
>
>
Right. From the messages that crossed mine, that would be 24.97.130.2.

Additionally, some domains, for example, have scripts on their web
server that
send mail, so that would have to be included too.

Given what you said, your SPF record would be:

"v=spf1 ip4:24.97.130.2 -all"

Scott K

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search) To
unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?&
d
Powered by Listbox: http://www.listbox.com

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31719763-8be63f
Powered by Listbox: http://www.listbox.com

Ryan Jacksland wrote on 8/14/2007 9:53:17 AM:

> Now the problems begin. We are registered at godaddy for sixnetio.com
> and sixnetio.org, but the .org just forwards over to the .com. But we
> have email addresses at godaddy that end in .org and are forwarded off
> to different emails. Would putting the spf record in for sixnetio.com
> affect those emails?

Incoming e-mail is generally not relevant to setting up an SPF
record for your domain(s). An SPF record for sixnetio.com would only
say what mail servers send mail *from* that domain.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- A fool and his money are some party.

~ Taglines by Taglinator - www.srtware.com ~

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&id_secret=31823375-189d38
Powered by Listbox: http://www.listbox.com

> Our on-site exchange server has a public address of 94.30.116.48
>
> Our MX are mail.virtual-college.co.uk, mail2.virtual-college.co.uk and
> telewest.virtual-college.co.uk
>
> Any mail sent from the exchange server results in a softfail.

That's because the rest of the world doesn't see that address - you're
relaying all your outgoing mail via murphx.net.

Sadly, it looks like Murphx don't have an SPF record - I'll take a look at
that (one of their sysads is a personal friend of mine).

But the problem you've got is that anyone receiving mail from you is
actually getting it from Murphx, who aren't mentioned in your SPF record.
That's why you get the fail...

The solution is either to send mail directly, or to get murphx added to
the record.

Vic.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

At 13:24 12/10/2009 Monday, Jonathan Lumb wrote:
>Hi,
>
>
>
>We have had an SPF record in place for many years. However, it has
>always returned softfail. I cannot change to -all as this would result
>in too many mail rejections. I need to correct the record.
>
>The domain is virtual-college.co.uk, IP Address 213.146.152.32, PTR
>mail4.bjtech.co.uk
>
>Our DNS is held by freeparking.co.uk
>
>Our on-site exchange server has a public address of 94.30.116.48
>
>Our MX are mail.virtual-college.co.uk, mail2.virtual-college.co.uk and
>telewest.virtual-college.co.uk
>
>Any mail sent from the exchange server results in a softfail. The old
>SPF was v=spf1 ip4:213.146.152.32 a mx include:aspmx.googlemail.com ?all
>
>I have tried many changes but fail to see why v=spf1 a mx -all would not
>work in this scenario as the 'a' would reference the ip address of the
>domain and the mx would allow the sending to and from the 3 MXes.
>
>Any suggestions would be greatly appreciated or pointers to aid me in
>resolving this myself.

as with all these queries best/fastest solution is send me an e-mail
from/via each source with a subject reflecting where you expected them to come from
ie "SPF test1 sent via x.y.z"

then i will look/see where they actually came from and give you an spf record and explanation why the former mis-fired
{obviously your spf as-is is failing somehow so we need to find out what your mailserver(s) are doing that you didn't know about}

all replies will be via this list for others to see (as otherwise no-one learns from your issue}



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Thanks for the quick response.

I did know we were using Murphx.net as a mail relay so I should have mentioned that in my post. Apologies for that. During my testing I did an include for murphx but they use so many servers I couldn't pin it down and as Vic points out, they may not carry an SPF. Would I be best not using Murphx as a relay?

Thanks

Jonathan

Jonathan Lumb
IT Technician
 
The Virtual College
Tel:01943 605976
Fax:01943 605522
 
www.virtual-college.co.uk
 
With over 10 years' experience and over 150,000 on-line and face to face learners, Virtual College is enhancing the learning experience by accelerating the adoption of e-learning.
 
We are proud of our Investors in People, CPD UK, Matrix, Customer First recognition and Winner of the Medilink Partnership with the NHS Award 2008
 
Virtual College is a limited company registered in England and Wales, a division of Virtual College Group plc.
Registered Office: Marsel House, Stephensons Way, Ilkley, LS29 8DD
Reg No: 3052439  VAT No: GB75529689
 
The information contained in this email is intended only for the named recipient(s). It may contain confidential information and if you are not an intended recipient you must not copy, distribute or take action or reliance on it.  If you received this email in error, please contact us immediately, Any unauthorised disclosure of the information contained in this communication is strictly prohibited.
 

-----Original Message-----
From: Vic [mailto:spf1@beer.org.uk]
Sent: 12 October 2009 13:48
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Setting up SPF


> Our on-site exchange server has a public address of 94.30.116.48
>
> Our MX are mail.virtual-college.co.uk, mail2.virtual-college.co.uk and
> telewest.virtual-college.co.uk
>
> Any mail sent from the exchange server results in a softfail.

That's because the rest of the world doesn't see that address - you're
relaying all your outgoing mail via murphx.net.

Sadly, it looks like Murphx don't have an SPF record - I'll take a look at
that (one of their sysads is a personal friend of mine).

But the problem you've got is that anyone receiving mail from you is
actually getting it from Murphx, who aren't mentioned in your SPF record.
That's why you get the fail...

The solution is either to send mail directly, or to get murphx added to
the record.

Vic.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Jonathan Lumb wrote on Mon, Oct 12 2009 at 7:24 am:

> The domain is virtual-college.co.uk, IP Address 213.146.152.32, PTR
> mail4.bjtech.co.uk
>
> Our DNS is held by freeparking.co.uk
>
> Our on-site exchange server has a public address of 94.30.116.48
>
> Our MX are mail.virtual-college.co.uk, mail2.virtual-college.co.uk and
> telewest.virtual-college.co.uk

You have listed many things, but the important one is which mail
servers deliver mail for your domain. The message you sent to the list
has the headers:

Received: from mx-relay-02.edge-c.murphx.net
(mx-relay-02.edge-c.murphx.net [62.69.62.102]) by a-lb-mx-sd.listbox.com
(Postfix) with SMTP id DCCAB7A925 for <spf-help@v2.listbox.com>; Mon, 12
Oct 2009 08:26:17 -0400 (EDT)

Received: from unknown (HELO EXCHSVR.vc.virtual-college.co.uk)
(94.30.116.48) by mx-relay-vip.edge-c.murphx.net with SMTP; 12 Oct 2009
12:26:16 -0000

So your Exchange server is relaying ("smart host") through murphx.net.
If they deliver outbound mail to its destination, you should include
(only) their mail servers in your SPF record. If they cannot give you a
list, or an SPF record to include, SPF isn't going to work for
you...unless you deliver mail directly out or use a different provider.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Chain tagline - Stolen 396 times - add 1 when stolen.

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Hi,

Most impressed with the community response. Here is where I am currently. Using include gives a permerror, trying to mx murphx without any real success. The wrong way of doing things I guess. I have sent a request for SPF info to the ISP but failing this, will have to change provider or bypass. We used to be on Demon, changed before my arrival.

HELO hostname: mx-relay-02.edge-c.murphx.net
Source IP: 62.69.62.102
mail-from: jonathan.lumb@virtual-college.co.uk

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: softfail (SPF-Result: SoftFail)
ID(s) verified: smtp.mail=jonathan.lumb@virtual-college.co.uk
DNS record(s):
virtual-college.co.uk. 86400 IN TXT "v=spf1 a mx mx:edge-c.murphx.net ~all"
virtual-college.co.uk. 86400 IN A 213.146.152.32
virtual-college.co.uk. 86400 IN MX 20 82.47.215.100.
virtual-college.co.uk. 86400 IN MX 0 mail.virtual-college.co.uk.
virtual-college.co.uk. 86400 IN MX 10 mail2.virtual-college.co.uk.
82.47.215.100. A (NXDOMAIN)
mail.virtual-college.co.uk. 86378 IN A 94.30.116.48
mail2.virtual-college.co.uk. 86370 IN A 82.47.215.100
edge-c.murphx.net. 60 IN MX 10 smtp.vnoc.murphx.net.
smtp.vnoc.murphx.net. 22 IN A 62.69.62.120

Jonathan Lumb
IT Technician
 
The Virtual College
Tel:01943 605976
Fax:01943 605522
 
www.virtual-college.co.uk
 
With over 10 years' experience and over 150,000 on-line and face to face learners, Virtual College is enhancing the learning experience by accelerating the adoption of e-learning.
 
We are proud of our Investors in People, CPD UK, Matrix, Customer First recognition and Winner of the Medilink Partnership with the NHS Award 2008
 
Virtual College is a limited company registered in England and Wales, a division of Virtual College Group plc.
Registered Office: Marsel House, Stephensons Way, Ilkley, LS29 8DD
Reg No: 3052439  VAT No: GB75529689
 
The information contained in this email is intended only for the named recipient(s). It may contain confidential information and if you are not an intended recipient you must not copy, distribute or take action or reliance on it.  If you received this email in error, please contact us immediately, Any unauthorised disclosure of the information contained in this communication is strictly prohibited.
 


-----Original Message-----
From: Steve Yates [mailto:steve@teamITS.com]
Sent: 12 October 2009 15:11
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] Setting up SPF

Jonathan Lumb wrote on Mon, Oct 12 2009 at 7:24 am:

> The domain is virtual-college.co.uk, IP Address 213.146.152.32, PTR
> mail4.bjtech.co.uk
>
> Our DNS is held by freeparking.co.uk
>
> Our on-site exchange server has a public address of 94.30.116.48
>
> Our MX are mail.virtual-college.co.uk, mail2.virtual-college.co.uk and
> telewest.virtual-college.co.uk

You have listed many things, but the important one is which mail
servers deliver mail for your domain. The message you sent to the list
has the headers:

Received: from mx-relay-02.edge-c.murphx.net
(mx-relay-02.edge-c.murphx.net [62.69.62.102]) by a-lb-mx-sd.listbox.com
(Postfix) with SMTP id DCCAB7A925 for <spf-help@v2.listbox.com>; Mon, 12
Oct 2009 08:26:17 -0400 (EDT)

Received: from unknown (HELO EXCHSVR.vc.virtual-college.co.uk)
(94.30.116.48) by mx-relay-vip.edge-c.murphx.net with SMTP; 12 Oct 2009
12:26:16 -0000

So your Exchange server is relaying ("smart host") through murphx.net.
If they deliver outbound mail to its destination, you should include
(only) their mail servers in your SPF record. If they cannot give you a
list, or an SPF record to include, SPF isn't going to work for
you...unless you deliver mail directly out or use a different provider.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Chain tagline - Stolen 396 times - add 1 when stolen.

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

At 13:59 12/10/2009 Monday, Jonathan Lumb wrote:
>Thanks for the quick response.
>
>I did know we were using Murphx.net as a mail relay so I should have mentioned that in my post. Apologies for that. During my testing I did an include for murphx but they use so many servers I couldn't pin it down and as Vic points out, they may not carry an SPF. Would I be best not using Murphx as a relay?

you could do that
or build a list of their delevering ips /ranges yourself {trial and error as they shouldn't take long or include the /24/23... they use for mailservers}
or add ptr:Murphx.net and allow all their valid servers and a few invalid ones to pass
or add prt:edge-c.Murphx.net if tests show all their mail servers to be within this ptr sub=domain

i would be tempted to take up the offer of bounce a bunch of testmails to me {or yourself via gmail/wherever
and that way get a profile of likely source matches for murphx.net

adding their ips as ranges shouldn't be an issue if they are trusted by you not to be trying to forge anything from you, if they arn't trusted using them as a relay would be bad ;)

or if vics mate can get a list of ip's / ranges it would be fine to directly add those to your spf


>Thanks
>
>Jonathan
>
>Jonathan Lumb
>IT Technician
>
>The Virtual College
>Tel:01943 605976
>Fax:01943 605522
>
>www.virtual-college.co.uk
>
>With over 10 years' experience and over 150,000 on-line and face to face learners, Virtual College is enhancing the learning experience by accelerating the adoption of e-learning.
>
>We are proud of our Investors in People, CPD UK, Matrix, Customer First recognition and Winner of the Medilink Partnership with the NHS Award 2008
>
>Virtual College is a limited company registered in England and Wales, a division of Virtual College Group plc.
>Registered Office: Marsel House, Stephensons Way, Ilkley, LS29 8DD
>Reg No: 3052439 VAT No: GB75529689
>
>The information contained in this email is intended only for the named recipient(s). It may contain confidential information and if you are not an intended recipient you must not copy, distribute or take action or reliance on it. If you received this email in error, please contact us immediately, Any unauthorised disclosure of the information contained in this communication is strictly prohibited.
>
>
>-----Original Message-----
>From: Vic [mailto:spf1@beer.org.uk]
>Sent: 12 October 2009 13:48
>To: spf-help@v2.listbox.com
>Subject: Re: [spf-help] Setting up SPF
>
>
>> Our on-site exchange server has a public address of 94.30.116.48
>>
>> Our MX are mail.virtual-college.co.uk, mail2.virtual-college.co.uk and
>> telewest.virtual-college.co.uk
>>
>> Any mail sent from the exchange server results in a softfail.
>
>That's because the rest of the world doesn't see that address - you're
>relaying all your outgoing mail via murphx.net.
>
>Sadly, it looks like Murphx don't have an SPF record - I'll take a look at
>that (one of their sysads is a personal friend of mine).
>
>But the problem you've got is that anyone receiving mail from you is
>actually getting it from Murphx, who aren't mentioned in your SPF record.
>That's why you get the fail...
>
>The solution is either to send mail directly, or to get murphx added to
>the record.
>
>Vic.
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org
>Modify Your Subscription: http://www.listbox.com/member/
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org
>Modify Your Subscription: http://www.listbox.com/member/
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

> Using include gives a permerror

You'll get that if there isn't anything to include.

> trying to mx murphx without any real
> success. The wrong way of doing things I guess.

Yep. MX is for inbound mail, you need the outbound servers. For larger
installations, these are frequently not the same machines.

> I have sent a request for
> SPF info to the ISP but failing this, will have to change provider or
> bypass.

Is there a reason you're not sending directly? It might make life a lot
easier...

> We used to be on Demon, changed before my arrival.

Don't change back. Demon have been pulling all sorts of stunts lately.

> HELO hostname: mx-relay-02.edge-c.murphx.net
> Source IP: 62.69.62.102

Note that this is not one of the MXes you list later...

> virtual-college.co.uk. 86400 IN MX 20 82.47.215.100.
> virtual-college.co.uk. 86400 IN MX 0 mail.virtual-college.co.uk.
> virtual-college.co.uk. 86400 IN MX 10 mail2.virtual-college.co.uk.

Do you really need 3 inbound servers? That's nothing to do with SPF, but
will probably cause you far more difficulty than it solves problems...

Vic.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Hi all,

I added the prt:edge-c.Murphx.net as all test emails showed up as being within this subdomain. Finally a pass. Many thanks for you all for your assistance and clear explanations.
Point taken with regards to moving back to Demon.
We use 3 incoming as mail-primary, mail2-secondary and telewest-last chance. I thought this was recommended. If not, I can change.
I will continue testing to ensure all mails are behaving and then implement on our other domains.

Thanks again

Jonathan

Jonathan Lumb
IT Technician
 
The Virtual College
Tel:01943 605976
Fax:01943 605522
 
www.virtual-college.co.uk
 
With over 10 years' experience and over 150,000 on-line and face to face learners, Virtual College is enhancing the learning experience by accelerating the adoption of e-learning.
 
We are proud of our Investors in People, CPD UK, Matrix, Customer First recognition and Winner of the Medilink Partnership with the NHS Award 2008
 
Virtual College is a limited company registered in England and Wales, a division of Virtual College Group plc.
Registered Office: Marsel House, Stephensons Way, Ilkley, LS29 8DD
Reg No: 3052439  VAT No: GB75529689
 
The information contained in this email is intended only for the named recipient(s). It may contain confidential information and if you are not an intended recipient you must not copy, distribute or take action or reliance on it.  If you received this email in error, please contact us immediately, Any unauthorised disclosure of the information contained in this communication is strictly prohibited.
 


-----Original Message-----
From: alan [mailto:spfdiscuss@alandoherty.net]
Sent: 12 October 2009 15:42
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] Setting up SPF

At 13:59 12/10/2009 Monday, Jonathan Lumb wrote:
>Thanks for the quick response.
>
>I did know we were using Murphx.net as a mail relay so I should have mentioned that in my post. Apologies for that. During my testing I did an include for murphx but they use so many servers I couldn't pin it down and as Vic points out, they may not carry an SPF. Would I be best not using Murphx as a relay?

you could do that
or build a list of their delevering ips /ranges yourself {trial and error as they shouldn't take long or include the /24/23... they use for mailservers}
or add ptr:Murphx.net and allow all their valid servers and a few invalid ones to pass
or add prt:edge-c.Murphx.net if tests show all their mail servers to be within this ptr sub=domain

i would be tempted to take up the offer of bounce a bunch of testmails to me {or yourself via gmail/wherever
and that way get a profile of likely source matches for murphx.net

adding their ips as ranges shouldn't be an issue if they are trusted by you not to be trying to forge anything from you, if they arn't trusted using them as a relay would be bad ;)

or if vics mate can get a list of ip's / ranges it would be fine to directly add those to your spf


>Thanks
>
>Jonathan
>
>Jonathan Lumb
>IT Technician
>
>The Virtual College
>Tel:01943 605976
>Fax:01943 605522
>
>www.virtual-college.co.uk
>
>With over 10 years' experience and over 150,000 on-line and face to face learners, Virtual College is enhancing the learning experience by accelerating the adoption of e-learning.
>
>We are proud of our Investors in People, CPD UK, Matrix, Customer First recognition and Winner of the Medilink Partnership with the NHS Award 2008
>
>Virtual College is a limited company registered in England and Wales, a division of Virtual College Group plc.
>Registered Office: Marsel House, Stephensons Way, Ilkley, LS29 8DD
>Reg No: 3052439 VAT No: GB75529689
>
>The information contained in this email is intended only for the named recipient(s). It may contain confidential information and if you are not an intended recipient you must not copy, distribute or take action or reliance on it. If you received this email in error, please contact us immediately, Any unauthorised disclosure of the information contained in this communication is strictly prohibited.
>
>
>-----Original Message-----
>From: Vic [mailto:spf1@beer.org.uk]
>Sent: 12 October 2009 13:48
>To: spf-help@v2.listbox.com
>Subject: Re: [spf-help] Setting up SPF
>
>
>> Our on-site exchange server has a public address of 94.30.116.48
>>
>> Our MX are mail.virtual-college.co.uk, mail2.virtual-college.co.uk and
>> telewest.virtual-college.co.uk
>>
>> Any mail sent from the exchange server results in a softfail.
>
>That's because the rest of the world doesn't see that address - you're
>relaying all your outgoing mail via murphx.net.
>
>Sadly, it looks like Murphx don't have an SPF record - I'll take a look at
>that (one of their sysads is a personal friend of mine).
>
>But the problem you've got is that anyone receiving mail from you is
>actually getting it from Murphx, who aren't mentioned in your SPF record.
>That's why you get the fail...
>
>The solution is either to send mail directly, or to get murphx added to
>the record.
>
>Vic.
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org
>Modify Your Subscription: http://www.listbox.com/member/
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org
>Modify Your Subscription: http://www.listbox.com/member/
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Oh and if Vic does get a list of IPs I will alter to suite. Would be better specifying individual IPs than a whole sub domain.

Now onto Smoothwall, all good fun.



Jonathan Lumb
IT Technician
 
The Virtual College
Tel:01943 605976
Fax:01943 605522
 
www.virtual-college.co.uk
 
With over 10 years' experience and over 150,000 on-line and face to face learners, Virtual College is enhancing the learning experience by accelerating the adoption of e-learning.
 
We are proud of our Investors in People, CPD UK, Matrix, Customer First recognition and Winner of the Medilink Partnership with the NHS Award 2008
 
Virtual College is a limited company registered in England and Wales, a division of Virtual College Group plc.
Registered Office: Marsel House, Stephensons Way, Ilkley, LS29 8DD
Reg No: 3052439  VAT No: GB75529689
 
The information contained in this email is intended only for the named recipient(s). It may contain confidential information and if you are not an intended recipient you must not copy, distribute or take action or reliance on it.  If you received this email in error, please contact us immediately, Any unauthorised disclosure of the information contained in this communication is strictly prohibited.
 


-----Original Message-----
From: Vic [mailto:spf1@beer.org.uk]
Sent: 12 October 2009 15:53
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] Setting up SPF


> Using include gives a permerror

You'll get that if there isn't anything to include.

> trying to mx murphx without any real
> success. The wrong way of doing things I guess.

Yep. MX is for inbound mail, you need the outbound servers. For larger
installations, these are frequently not the same machines.

> I have sent a request for
> SPF info to the ISP but failing this, will have to change provider or
> bypass.

Is there a reason you're not sending directly? It might make life a lot
easier...

> We used to be on Demon, changed before my arrival.

Don't change back. Demon have been pulling all sorts of stunts lately.

> HELO hostname: mx-relay-02.edge-c.murphx.net
> Source IP: 62.69.62.102

Note that this is not one of the MXes you list later...

> virtual-college.co.uk. 86400 IN MX 20 82.47.215.100.
> virtual-college.co.uk. 86400 IN MX 0 mail.virtual-college.co.uk.
> virtual-college.co.uk. 86400 IN MX 10 mail2.virtual-college.co.uk.

Do you really need 3 inbound servers? That's nothing to do with SPF, but
will probably cause you far more difficulty than it solves problems...

Vic.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Jonathan Lumb wrote on Mon, Oct 12 2009 at 10:32 am:

> Oh and if Vic does get a list of IPs I will alter to suite. Would be
better specifying
> individual IPs than a whole sub domain.

And in general PTR will cause the other end some extra DNS
lookups:

http://www.openspf.org/SPF_Record_Syntax#ptr

The best solution is for murphx.net to set up an SPF record for their
customers to use (ideally listing only IP addresses), and you can then
include it in your record. They can then add/remove mail servers at
will.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- ERROR: ERROR: ERROR: ERROR: ERROR: <*SMACK*> C:\>_

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

At 16:31 12/10/2009 Monday, Jonathan Lumb wrote:
>Hi all,
>
>I added the prt:edge-c.Murphx.net as all test emails showed up as being within this subdomain. Finally a pass. Many thanks for you all for your assistance and clear explanations.
>Point taken with regards to moving back to Demon.
>We use 3 incoming as mail-primary, mail2-secondary and telewest-last chance. I thought this was recommended. If not, I can change.
>I will continue testing to ensure all mails are behaving and then implement on our other domains.

the only recommended with respect to incoming is

A they all know which addresses are valid and which are not
{ie if i send mail to totaly-made@your-domain and it is rejected by your primary MX it damn well better be rejected by your secondaries too}

this is because otherwise it will be accepted by your secondaries, then rejected when they try to connect to your primary, resulting in them sending a bounce NDR to the 'victim' the guy who's address was forged in the envelope-from

2 possible outcomes,
your secondaries used to victimize people {bounce-spam, ndr-bombing, ddos whatever}
your secondaries end up widely blacklisted to avoid the above

B they all run the same checks/policy
for pretty much the same reasons as above {ie all rejections must be between the sender and your MX not between one of your high-mx's>lower-mx

C if you run SPF checks ensure your own backup MX's are whitelisted and see point B

so because of these rules most people have multiple MX's only when they directly control ALL of them
as its hard to achieve rule B otherwise
anyone failing rule A is just outright callous/lazy {but not uncommon}

[.but all this is moot if the only MX capable of delivering to a users mailbox is the primary, as then the others are doing nothing usefull]
most successful multiple MX setups have an alternate route from backup>mailbox if primary is down and can't get up
{private/internal mx's to pop3 hosts or even manual scripts to fetchmail/sort}

here we use 4 MX's
primary is a false primary {permanently down} to absorb/log a lot of bot syn traffic {all valid mts's fail up some {few} bots never do}
secondary real primary physically closest to our mailbox server thus fastest delivery route
teritary real secondary remote site with wan link to mailbox server so if Internet provider goes dark at primary or bgp issues mail still gets through
fourth and final leg a false last MX with similar job to primary {absorbs lots of bot syn traffic as most bots try last MX first {as most people have the laxest policy on the last {as they fail point B above} so most bots try last first and fail down, we dnsbl any ip trying our last first, with some whitelisting for known broken sites}

[.for anyone checking our 4th MX dnsbl system is currently down so pointed at the same ip as primary {dead but logging} till fixed]



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

> Sadly, it looks like Murphx don't have an SPF record - I'll take a look at
> that (one of their sysads is a personal friend of mine).

OK, I've asked the question. It would appear that Murphx aren't likely to
set up an SPF record anytime soon, but they have two outgoing relays - on
62.69.62.101 and 62.69.62.102.

Vic.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Vic wrote on Mon, Oct 12 2009 at 9:15 pm:

> OK, I've asked the question. It would appear that Murphx aren't likely
to
> set up an SPF record anytime soon, but they have two outgoing relays -
on
> 62.69.62.101 and 62.69.62.102.

If those are the only two outgoing/delivery mail servers in use
for your domain, then you can simply use:

v=spf1 ip4:62.69.62.101 ip4:62.69.62.102 -all

(or ~all during testing).

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Wisdom of Bart: Coffee is not for kids

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com