Mailing List Archive

SPF Record Question
I generated an SPF Record for windfalls.com and this is what it returned:

***************
If you run BIND
Paste this into your zone file:

windfalls.com. IN TXT "v=spf1 a mx ~all"

When a mail server sends a bounce message, it uses a null MAIL FROM: <>, and a HELO address that's supposed to be its own name. SPF will still operate, but in "degraded mode" by using the HELO domain name instead. Because this wizard can't tell which name your mail server uses in its HELO command, it lists all possible names, so there may be multiple lines shown below. If you know which hostname your mail server uses in its HELO command, you should pick out the appropriate entries and ignore the rest.

So this should also appear in DNS. You may or may not be in charge of the DNS for these entries; if you are, add them:

server65.dedicatedusa.com. IN TXT "v=spf1 a -all"

*************************************************

So then I passed this to my hosting service, asking for BOTH recommended record entries above to be inserted, and this is how it now reads:

**********************
You have an SPF record. This is very good, as it will help prevent spammers from abusing your domain. Your SPF record is:

"v=spf1 a mx ~all" "server65.dedicatedusa.com." "IN" "TXT" "v=spf1 a -all" [TTL=14400]

****************

but I'm unsure that they have correctly entered the record as per your instructions; it certainly doesn't look the same at all.

Will someone please compare the SPF Record setup response with what my SPF Record now says above and tell me if my DNS Zones were correctly edited.

R.S.V.P: Max Parker
RE: SPF Record Question [ In reply to ]
No, they didn't enter it correctly. You currently have:

"v=spf1 a mx ~allserver65.dedicatedusa.com.INTXTv=spf1 a -all"

What you want is "v=spf1 a mx ~all"

I'd make it two separate support requests for two separate TXT records. I'd
expect that you are unlikely to get them to put the TXT record in
allserver65.dedicatedusa.com, since they haven't published an SPF record for
their own domain.

You might be better off to ask them to look into publishing SPF for their
domain, rather than just for your server.

Scott Kitterman
>-----Original Message-----
>From: owner-spf-help@v2.listbox.com
>[mailto:owner-spf-help@v2.listbox.com]On Behalf Of Max Parker
>Sent: Tuesday, March 29, 2005 5:46 AM
>To: spf-help@v2.listbox.com
>Subject: [spf-help] SPF Record Question
>
>
>I generated an SPF Record for windfalls.com and this is what it returned:
>
>***************
>If you run BIND
>Paste this into your zone file:
>
>windfalls.com. IN TXT "v=spf1 a mx ~all"
>
>When a mail server sends a bounce message, it uses a null MAIL
>FROM: <>, and a HELO address that's supposed to be its own name.
>SPF will still operate, but in "degraded mode" by using the HELO
>domain name instead. Because this wizard can't tell which name
>your mail server uses in its HELO command, it lists all possible
>names, so there may be multiple lines shown below. If you know
>which hostname your mail server uses in its HELO command, you
>should pick out the appropriate entries and ignore the rest.
>
>So this should also appear in DNS. You may or may not be in charge
>of the DNS for these entries; if you are, add them:
>
>server65.dedicatedusa.com. IN TXT "v=spf1 a -all"
>
>*************************************************
>
>So then I passed this to my hosting service, asking for BOTH
>recommended record entries above to be inserted, and this is how
>it now reads:
>
>**********************
>You have an SPF record. This is very good, as it will help prevent
>spammers from abusing your domain. Your SPF record is:
>
>"v=spf1 a mx ~all" "server65.dedicatedusa.com." "IN" "TXT" "v=spf1
>a -all" [TTL=14400]
>
>****************
>
>but I'm unsure that they have correctly entered the record as per
>your instructions; it certainly doesn't look the same at all.
>
>Will someone please compare the SPF Record setup response with
>what my SPF Record now says above and tell me if my DNS Zones were
>correctly edited.
>
>R.S.V.P: Max Parker
>
>-------
>Archives at http://archives.listbox.com/spf-help/current/
>Donate! http://spf.pobox.com/donations.html
>To unsubscribe, change your address, or temporarily deactivate
>your subscription,
>please go to
http://v2.listbox.com/member/?member_id=1109811&user_secret=d36b3c68
Re: spf record question [ In reply to ]
At 19:08 14/10/2010 Thursday, jjennings wrote:
>I have multiple mail servers for my domain and I have all of ther ip addresses covered in the spf record with:
>
>ip4:xx.xx.xx.xx/24

good


>I have reverse pointer names for each email server created in my dns server and a records in my dns server for each mail server and each email server has it's own name such as:
>
>mail1.mydomain.com
>mail2.mydomain.com

all irrelevant to spf as it only needs to see does the ip == one in spf record


>etc - I have 24 in all.
>
>My question is this:
>
>do I need an 'a' entry for each of my 24 mail servers in the spf record such as:
>
>a:mail1.mydomain.com a:mail2.mydomain.com a:mail2.mydomain.com
>
>or can I wildcard all of the names since they're all in mydomain.com with something like a:mail*.mydomain.com
>
>or do I even need 'a' entries at all since their ip addresses are covered by my /24 entry?

first which spf record??

if you mean the spf for the envelope_senders email address

ie sender@blah.com

then the spf for blah.com would be
v=spf1 ip4:xx.xx.xx.xx/24 -all

as you mention above

if you mean the spf for the helo/ehlo address (the one people use to see if the name used by your server is legit or a bot/forgery)
then the spf for say mail1.mydomain.com would be either
v=spf1 ip4:xx.xx.xx.xx -all

where xx.xx.xx.xx == the ip of mail1

as in all cases where you want to completely setup spf you need a record for

each domain you use to send mail
+
1 per servername you send mail from

and to be utterly complete you set up one blocking its use for every other domain and servername you don't use to send mail and you want to ensure others don't ab-use it either
so www.mydomain.com
v=spf1 -all



>???
>
>thanks in advance.
>
>Jeff
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>Modify Your Subscription: https://www.listbox.com/member/?&
>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101014141030:535E2156-D7BE-11DF-A8DC-D07C40B854A3
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101014160634:8A1343A6-D7CE-11DF-9614-9613C3CAD56A
Powered by Listbox: http://www.listbox.com
Re: spf record question [ In reply to ]
At 19:08 14/10/2010 Thursday, jjennings wrote:
>I have multiple mail servers for my domain and I have all of ther ip addresses covered in the spf record with:
>
>ip4:xx.xx.xx.xx/24

good


>I have reverse pointer names for each email server created in my dns server and a records in my dns server for each mail server and each email server has it's own name such as:
>
>mail1.mydomain.com
>mail2.mydomain.com

all irrelevant to spf as it only needs to see does the ip == one in spf record


>etc - I have 24 in all.
>
>My question is this:
>
>do I need an 'a' entry for each of my 24 mail servers in the spf record such as:
>
>a:mail1.mydomain.com a:mail2.mydomain.com a:mail2.mydomain.com
>
>or can I wildcard all of the names since they're all in mydomain.com with something like a:mail*.mydomain.com
>
>or do I even need 'a' entries at all since their ip addresses are covered by my /24 entry?

first which spf record??

if you mean the spf for the envelope_senders email address

ie sender@blah.com

then the spf for blah.com would be
v=spf1 ip4:xx.xx.xx.xx/24 -all

as you mention above

if you mean the spf for the helo/ehlo address (the one people use to see if the name used by your server is legit or a bot/forgery)
then the spf for say mail1.mydomain.com would be either
v=spf1 ip4:xx.xx.xx.xx -all

where xx.xx.xx.xx == the ip of mail1

as in all cases where you want to completely setup spf you need a record for

each domain you use to send mail
+
1 per servername you send mail from

and to be utterly complete you set up one blocking its use for every other domain and servername you don't use to send mail and you want to ensure others don't ab-use it either
so www.mydomain.com
v=spf1 -all



>???
>
>thanks in advance.
>
>Jeff
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>Modify Your Subscription: https://www.listbox.com/member/?&
>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101014141030:535E2156-D7BE-11DF-A8DC-D07C40B854A3
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101014160634:8A151578-D7CE-11DF-8673-AAD02EA0886E
Powered by Listbox: http://www.listbox.com