Mailing List Archive

On 16-Jan-09, at 9:13 AM, J House wrote:

> Hello,
> Yesterday I attempted to create a SPF record and created a txt
> record on our public dns. With the information below, I used the
> online spf tool webpage to create the text string. I added the
> string below starting with the "v" in our public dns as a txt
> record, but yet when I go to Get the spf record, using the online
> tool (SKitterman), it still says there is no spf record. If I use
> the tool to "check" my record it comes up with a success when adding
> in the string below.
>
> domain - phcc.edu
> mx = mail.phcc.edu
> ip - 71.40.182.93
>
> spf record - v=spf1 ip4:71.40.182.93 mx mx:phcc.edu ~all
>
>
> We only have one mail server (Groupwise) and once we get this
> working our spam appliance will help detect the spoofing mails that
> keep coming in.
>
> Thanks for any help,



If you only have one outgoing mail server then you can and should
simplify your SPF policy as such,

v=spf1 ip4:71.40.182.93 ~all

All the other information was redundant and unnecessary.

Also remember to change '~all' to '-all' when you've finished testing.


--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Ok, I am going to modify my public dns record with the string you gave me below.

Should that just be it then for my spf record? I entered this record in yesterday and it still doesn't show up for some reason when I use SKitterman's tool.


Thanks> From: gcerullo@pixelpointstudios.com> To: spf-help@v2.listbox.com> Subject: Re: [spf-help] New in the world of SPF> Date: Fri, 16 Jan 2009 09:26:23 -0500> > On 16-Jan-09, at 9:13 AM, J House wrote:> > > Hello,> > Yesterday I attempted to create a SPF record and created a txt > > record on our public dns. With the information below, I used the > > online spf tool webpage to create the text string. I added the > > string below starting with the "v" in our public dns as a txt > > record, but yet when I go to Get the spf record, using the online > > tool (SKitterman), it still says there is no spf record. If I use > > the tool to "check" my record it comes up with a success when adding > > in the string below.> >> > domain - phcc.edu> > mx = mail.phcc.edu> > ip - 71.40.182.93> >> > spf record - v=spf1 ip4:71.40.182.93 mx mx:phcc.edu ~all> >> >> > We only have one mail server (Groupwise) and once we get this > > working our spam appliance will help detect the spoofing mails that > > keep coming in.> >> > Thanks for any help,> > > > If you only have one outgoing mail server then you can and should > simplify your SPF policy as such,> > v=spf1 ip4:71.40.182.93 ~all> > All the other information was redundant and unnecessary.> > Also remember to change '~all' to '-all' when you've finished testing.> > > --> Gino Cerullo> > Pixel Point Studios> 21 Chesham Drive> Toronto, ON M3M 1W6> > 416-247-7740> > > > -------------------------------------------> Sender Policy Framework: http://www.openspf.org> Modify Your Subscription: http://www.listbox.com/member/> Archives: https://www.listbox.com/member/archive/1020/=now> RSS Feed: https://www.listbox.com/member/archive/rss/1020/> Powered by Listbox: http://www.listbox.com

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On 16-Jan-09, at 9:37 AM, J House wrote:

> Ok, I am going to modify my public dns record with the string you
> gave me below.
>
> Should that just be it then for my spf record? I entered this record
> in yesterday and it still doesn't show up for some reason when I use
> SKitterman's tool.


If you entered something yesterday then you are correct, it is not
showing up.

When I do an SOA lookup for 'phcc.edu' I get the following,

phcc.edu. 86288 IN SOA ns1.biz.rr.com. dnsadmin.rr.com.

Are you sure you added the TXT record on the correct DNS server? It
should be at 'ns1.biz.rr.com'. This appears to be a Road Runner
server. I'm guessing Road Runner is your ISP and they provide DNS
services for the phcc.edu domain. That is where the TXT record needs
to be added.



--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

J House wrote on 1/16/2009 8:13:05 AM:

> domain - phcc.edu
> spf record - v=spf1 ip4:71.40.182.93 mx mx:phcc.edu ~all

In this record, "mx" and "mx:phcc.edu" are by definition the
same server.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Warning: Do not look directly into laser with remaining eye.

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On Fri, Jan 16, 2009 at 14:13, J House <housej55@hotmail.com> wrote:
>
> Hello,
> Yesterday I attempted to create a SPF record and created a txt record on our public dns. With the information below, I used the online spf tool webpage to create the text string. I added the string below starting with the "v" in our public dns as a txt record, but yet when I go to Get the spf record, using the online tool (SKitterman), it still says there is no spf record. If I use the tool to "check" my record it comes up with a success when adding in the string below.
>
> domain - phcc.edu
> mx = mail.phcc.edu
> ip - 71.40.182.93
>
> spf record - v=spf1 ip4:71.40.182.93 mx mx:phcc.edu ~all

Expanding on Gino's email, "mx" is the same as "mx:phcc.edu" when the
SPF record is for the domain "phcc.edu". If you list the IP address
(which is the best method) then you don't have to list the host any
other way.

As Gino said, no SPF record is visible in your public DNS.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

You are correct Gino, When I look at our DNS tool provided by brighthouse, it now shows as a SPF record versus yesterday showing as a txt record. I will have to give them a call to modify to the smaller version you mentioned and make sure it is on their ns1 server.

Thanks> From: gcerullo@pixelpointstudios.com> To: spf-help@v2.listbox.com> Subject: Re: [spf-help] New in the world of SPF> Date: Fri, 16 Jan 2009 09:53:14 -0500> > On 16-Jan-09, at 9:37 AM, J House wrote:> > > Ok, I am going to modify my public dns record with the string you > > gave me below.> >> > Should that just be it then for my spf record? I entered this record > > in yesterday and it still doesn't show up for some reason when I use > > SKitterman's tool.> > > If you entered something yesterday then you are correct, it is not > showing up.> > When I do an SOA lookup for 'phcc.edu' I get the following,> > phcc.edu. 86288 IN SOA ns1.biz.rr.com. dnsadmin.rr.com.> > Are you sure you added the TXT record on the correct DNS server? It > should be at 'ns1.biz.rr.com'. This appears to be a Road Runner > server. I'm guessing Road Runner is your ISP and they provide DNS > services for the phcc.edu domain. That is where the TXT record needs > to be added.> > > > --> Gino Cerullo> > Pixel Point Studios> 21 Chesham Drive> Toronto, ON M3M 1W6> > 416-247-7740> > > > -------------------------------------------> Sender Policy Framework: http://www.openspf.org> Modify Your Subscription: http://www.listbox.com/member/> Archives: https://www.listbox.com/member/archive/1020/=now> RSS Feed: https://www.listbox.com/member/archive/rss/1020/> Powered by Listbox: http://www.listbox.com

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Thanks Steve, I am going to make the adjustments to minimize it.> Subject: RE: [spf-help] New in the world of SPF> Date: Fri, 16 Jan 2009 09:13:31 -0600> From: steve@teamITS.com> To: spf-help@v2.listbox.com> > J House wrote on 1/16/2009 8:13:05 AM:> > > domain - phcc.edu> > spf record - v=spf1 ip4:71.40.182.93 mx mx:phcc.edu ~all> > In this record, "mx" and "mx:phcc.edu" are by definition the> same server.> > -----> SPF FAQ: http://www.openspf.org/FAQ> Common mistakes: http://www.openspf.org/FAQ/Common_mistakes> > - Steve Yates> - ITS, Inc.> - Warning: Do not look directly into laser with remaining eye.> > ~ Taglines by Taglinator: www.srtware.com ~> > > -------------------------------------------> Sender Policy Framework: http://www.openspf.org> Modify Your Subscription: http://www.listbox.com/member/> Archives: https://www.listbox.com/member/archive/1020/=now> RSS Feed: https://www.listbox.com/member/archive/rss/1020/> Powered by Listbox: http://www.listbox.com

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On 16-Jan-09, at 10:23 AM, J House wrote:

> You are correct Gino, When I look at our DNS tool provided by
> brighthouse, it now shows as a SPF record versus yesterday showing
> as a txt record. I will have to give them a call to modify to the
> smaller version you mentioned and make sure it is on their ns1 server.


SPF records are new so if Brighthouse provides them then it should
still stay there but there should be a TXT record with the same info
as well. Not all implementations of SPF policy servers know to check
SPF for records. They all check for TXT records though.

I don't have a way to check for SPF records or I would have seen that
as well. I can only see TXT.


--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Hello Gino,
What does the ~all versus -all signify? I haven't been able to do any testing as of yet, but should I follow up with support and have them change this to -all or just start off with that?

Thanks> From: gcerullo@pixelpointstudios.com> To: spf-help@v2.listbox.com> Subject: Re: [spf-help] New in the world of SPF> Date: Fri, 16 Jan 2009 09:26:23 -0500> > On 16-Jan-09, at 9:13 AM, J House wrote:> > > Hello,> > Yesterday I attempted to create a SPF record and created a txt > > record on our public dns. With the information below, I used the > > online spf tool webpage to create the text string. I added the > > string below starting with the "v" in our public dns as a txt > > record, but yet when I go to Get the spf record, using the online > > tool (SKitterman), it still says there is no spf record. If I use > > the tool to "check" my record it comes up with a success when adding > > in the string below.> >> > domain - phcc.edu> > mx = mail.phcc.edu> > ip - 71.40.182.93> >> > spf record - v=spf1 ip4:71.40.182.93 mx mx:phcc.edu ~all> >> >> > We only have one mail server (Groupwise) and once we get this > > working our spam appliance will help detect the spoofing mails that > > keep coming in.> >> > Thanks for any help,> > > > If you only have one outgoing mail server then you can and should > simplify your SPF policy as such,> > v=spf1 ip4:71.40.182.93 ~all> > All the other information was redundant and unnecessary.> > Also remember to change '~all' to '-all' when you've finished testing.> > > --> Gino Cerullo> > Pixel Point Studios> 21 Chesham Drive> Toronto, ON M3M 1W6> > 416-247-7740> > > > -------------------------------------------> Sender Policy Framework: http://www.openspf.org> Modify Your Subscription: http://www.listbox.com/member/> Archives: https://www.listbox.com/member/archive/1020/=now> RSS Feed: https://www.listbox.com/member/archive/rss/1020/> Powered by Listbox: http://www.listbox.com

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

J House wrote on 1/16/2009 11:06:49 AM:

> What does the ~all versus -all signify?

http://www.openspf.org/SPF_Record_Syntax

~all says that mail that fails an SPF test should be accepted
(i.e., you're testing your SPF record), -a says that the message can be
refused.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- "Well, at least here you'll be treated with dignity. Now strip naked
and get on the probulator." - Leela

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On 16-Jan-09, at 12:06 PM, J House wrote:

> Hello Gino,
> What does the ~all versus -all signify? I haven't been able to do
> any testing as of yet, but should I follow up with support and have
> them change this to -all or just start off with that?


In a nutshell '~all' signifies a SOFTFAIL, '-all' signifies a FAIL.

When a mail server that has implemented SPF policy checking sees an
email coming from a domain that declares a 'FAIL' it will immediately
drop the email message without further processingl. This is the
desired result so that mail servers do not have to be burdened with
processing email that obviously originates from an unauthorized server.

When a mail server that has implemented SPF policy checking see an
email coming from a domain that declares a 'SOFTFAIL' it will allow
the email to complete it's delivery. If there is further filtering
along the mail path, for example a content filter like SpamAssassin,
then the content filter my consider that SOFTFAIL when it applies a
score to the email to determine whether the email is spam or not. This
consumes processing resources on the mail server and is undesirable.


--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com