Mailing List Archive

Since both Bluehost and Gmail publish SPF records, you should use the include
mechanism to say that they are permitted senders for each domain your are
hosting. If there are risks of cross user forgery (I don't use either GMail
or Bluehost, so I can't tell you, but usually on shared servers there are),
see:

http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-02.html#cross-user-forgery

then you should use a "?" in front of it to give a NEUTRAL rather than PASS
result. See:

http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-02.html

and then terminate the record initially with ~all and then once you've
completed testing and determined it's appropriate, switch to -all.

First, make sure you really know all the ways that your users send mail. You
need to ask. You may be surprised. Do not publish an SPF record on behalf
of a domain you host without informed consent on the part of the domain
owner. This is the single biggest source we get of problem submissions to
the SPF web site.

Second, your prototype record for each domain might be:

"v=spf1 ?include:gmail.com ?include:bluehost.com ~all"

or

"v=spf1 include:gmail.com include:bluehost.com ~all"

and then add mechanisms as necessary if your domain owners have other ways of
sending mail, see here:

http://www.openspf.org/mechanisms.html

Third, test. See here:

http://www.kitterman.com/spf/validate.html

Fourth publish your SPF records as DNS TXT records for each domain you want to
protect and then test some more.

Scott K

On 02/13/2006 00:14, Chris Rowe wrote:
> I am hosting several domains with bluehost, but only using thier mail
> servers for mass mailing lists, all my users use gmail. How do I set up a
> spf account for this?
>
> thanks, Chris
>
> --
> Chris Rowe
> chr@rowe.com
> 512-587-0952
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/ or
> http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
> To unsubscribe, change your address, or temporarily deactivate your
> subscription, please go to
> http://v2.listbox.com/member/?&

-------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&user_secret=cbdbbc81

Rob MacGregor wrote:

> The short answer is, there's nothing to force recipients to
> reject email that fails SPF (or accept email that passes it).

Hi, I'm mainly checking that SPF Help is really working again
via GMaNe after some months...

Gmail now rejects broken or missing DKIM signatures for PayPal
phishes, hopefully they'll also reject SPF FAIL at some point
in time. Obviously they evaluate SPF, and use it as input in
their spam or no spam decisions. Gmail users with convoluted
"forward to Gmail" setups should watch their Gmail spam folder:

An "accept SPF FAIL, but treat it as suspicious" strategy is
quite dangerous in comparison with a simple "reject SPF FAIL".

Frank



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com