Mailing List Archive

RE: SPF tutorial-2
I will send it again then:

Sent: Tuesday, 20 October 2009 7:45 PM
To: 'spf-help@v2.listbox.com'
Subject: SPF tutorial

Hi all

Is there any sort of tutorial or step by step guide on setting up spf records?

I am looking at setting up spf records for my domain & all the domains hosted on our mail servers of which there are about 30. The mail enters our servers via our mx record , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.

When I examine a message header it shows this to be correct.

The questions being asked in the spf wizard doesn’t seem to match our requirements. I don’t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?


Danny



-----Original Message-----
From: alan [mailto:spfdiscuss@alandoherty.net]
Sent: Thursday, 22 October 2009 5:44 AM
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] EXIM+SPF+whitelist

At 20:22 21/10/2009 Wednesday, Danny Vincent wrote:
>Well , if it?s a group for helping people seeking help to set up spf records, why cant I get help setting up spf records? Is there some butt licking procedure that must be adhered to first before help is provided?

no just mail your question

just grepped my mails and your address has never been seen as long as I have been a subscriber



>Danny
>
>
>
>-----Original Message-----
>From: alan [mailto:spfdiscuss@alandoherty.net]
>Sent: Thursday, 22 October 2009 3:50 AM
>To: spf-help@v2.listbox.com
>Subject: Re: [spf-help] EXIM+SPF+whitelist
>
>At 18:11 21/10/2009 Wednesday, Scott Kitterman wrote:
>>On Wed, 21 Oct 2009 17:12:24 +0100 alan <spfdiscuss@alandoherty.net> wrote:
>>>none of these are related to this group
>>>{this group is for people seeking help with their "SPF record" setup, not
>>for receivers trying to configure their mailservers}
>>>
>>
>>I very much disagree. It is on topic. That said, unless someone here is
>>using Exim, an Exim specific venue might be better (I'm glad to help with
>>Postfix questions).
>
>if it is I take it all back
>send me a copy of the rcpt code of your exim.conf and I'll point out the line
>
>my bad sorry
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: SPF tutorial-2 [ In reply to ]
On Wed, Oct 21, 2009 at 21:38, Danny Vincent <danny@easynetworks.com.au> wrote:
> I will send it again then:
>
> Sent: Tuesday, 20 October 2009 7:45 PM

Note that your original email never reached the list.

> To: 'spf-help@v2.listbox.com'
> Subject: SPF tutorial
>
> Hi all
>
> Is there any sort of tutorial or step by step guide on setting up spf records?

There are various source of information on the SPF site.

> I am looking at setting up spf records for my domain & all the domains hosted on our mail servers of which there are about 30. The mail enters our servers via our mx record , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.
>
> When I examine a message header it shows this to be correct.
>
> The questions being asked in the spf wizard doesn’t seem to match our requirements. I don’t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?

If the documentation doesn't help then there's here, and the dedicated
help facility run by volunteers on the SPF site. You will need
however to post the real domain and the headers of a real email.

From what you've said you'll need to ensure that you list both your
sending IP address (to stop your ISP rejecting it if they check SPF
and don't whitelist you) and your ISP's sending servers. That is
easier if your ISP publishes their own SPF record, but without knowing
who they are it's all guesswork ;)

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
Hi all

>Is there any sort of tutorial or step by step guide on setting up spf records?

I found the easiest was read the RFC and syntax documents
as no one guide will fit all senders most guides are directed at simple senders, as complex setups usually have the technical know how behind them already

>I am looking at setting up spf records for my domain & all the domains hosted on our mail servers

ok sounds ok so far

> of which there are about 30. The mail enters our servers via our mx record

OK from now on no further mention of how other people mail you or MX records as these are unrelated to and irrelevant to how your users send their mail
{which is all that SPF deals with}

> , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.

ok so you users all send from your ISP's mail servers {how your users mail gets there is also beyond the scope of SPF}

so can you get a list of the ip's of these servers from your isp? or do they possibly {as many do} already provide an SPF record to include in your own?

or worst case you trial + error test/find all these ip's by repeatedly mailing an external address via your setup/ISP

once you have the IP's you can construct a master spf record for all the domains you host
like _SPF.your-main-domain.com "v=spf1 <details> -all"

{we can help with the <details> when you can give them to us}

and then for each hosted domain, including your-main-domain.com
setup an spf record of "v=spf1 redirect=_SPF.your-main-domain.com"

thus even the ones you don't handle dns for will be able to reference your spf record by adding this line to their dns

and receivers will benefit from DNS caching of the one primary spf record

>When I examine a message header it shows this to be correct.
>
>The questions being asked in the spf wizard doesn?t seem to match our requirements. I don?t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?

I think I pretty much covered it above?

btw the details if sending to the list from the aformentioned setup are
ISPs mailserver mail.webconnect.com.au

so an spf {assuming they have but this one ip} would be
"v=spf1 a:mail.webconnect.com.au -all"

but again rather than adding this to every customer directly
its better to have your costumers reference an SPF within your domain, as you are their ISP
you in turn reference an SPF or A record within your ISP's domain, {A currently

i use the a: rather than ip4:203.22.70.85 because they may move the server ip at any time this stops that breaking your setup {assuming they correctly move the name}

also i see that although webconnect.com.au dosnt use spf themselves
mail.webconnect.com.au does have a HELO/EHLO spf record so thats good to know and shows its likely well maintained



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
-----Original Message-----
From: alan [mailto:spfdiscuss@alandoherty.net]
Sent: Thursday, 22 October 2009 7:47 AM
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] SPF tutorial-2


Hi all

>Is there any sort of tutorial or step by step guide on setting up spf records?

I found the easiest was read the RFC and syntax documents
as no one guide will fit all senders most guides are directed at simple senders, as complex setups usually have the technical know how behind them already

>I am looking at setting up spf records for my domain & all the domains hosted on our mail servers

ok sounds ok so far

> of which there are about 30. The mail enters our servers via our mx record

OK from now on no further mention of how other people mail you or MX records as these are unrelated to and irrelevant to how your users send their mail
{which is all that SPF deals with}

> , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.

ok so you users all send from your ISP's mail servers {how your users mail gets there is also beyond the scope of SPF}

so can you get a list of the ip's of these servers from your isp? or do they possibly {as many do} already provide an SPF record to include in your own?

>> yes, but Im a little confused. When I do an spf lookup on their domain, there is one attached to their incoming mx record

" Yes, support@ecn.net.au has an SPF version 1 record.

Hostname: ecn.net.au
IP: 203.22.70.2
Mailserver(s): warp.ecn.net.au
SPF Record:
v=spf1 mx ?all

But their outgoing mail which goes through webconnect does not have an spf record & THAT is the one that matters isn’t it? As you say at the end of the email, there isn’t an spf record for mail.webconnect.com.au

mail.webconnect.com.au 203.22.70.85







or worst case you trial + error test/find all these ip's by repeatedly mailing an external address via your setup/ISP

once you have the IP's you can construct a master spf record for all the domains you host
like _SPF.your-main-domain.com "v=spf1 <details> -all"

>> Ok, well there only seems to be one for the isp & we only have one that we send from. Problem is, I don’t know where to start on that wizard.

1) easynetworks.com.au's IP address is 203.143.228.14 (s1c0e.static.pacific.net.au).
Does that server send mail from easynetworks.com.au?

No, that is the incoming address, the outgoing mail leaves us via 203.201.149.50 & mail.webconnect.com.au then picks it up & relays it.

2) This wizard found 2 names for the MX servers for easynetworks.com.au: s1c18.static.pacific.net.au and mail. (A single machine may go by more than one hostname. All of them are shown.)
MX servers receive mail for easynetworks.com.au.
Do they also send mail from easynetworks.com.au?

s1c0e.static.pacific.net.au is our reverse dns ptr record.


Do they also send mail from easynetworks.com.au? yes, but they are relayed via a different ip than the incoming ip & are relayed to our isp.

3) Do you want to just approve any host
whose name ends in easynetworks.com.au? (Expensive, unreliable and not recommended)

I gather, I say no.

4) Do any other servers send mail from easynetworks.com.au?

I have no idea what this is asking. We have 3 mail servers, all of which send mail via only one of those servers, via only one of our ip's & then go via our isps smtp server.

5) You can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. To keep the wizard short we left out ptr:, but it works analogously

Again, I'm not sure what to put here. Do I put my mx records in there & all of the mx records of all of the domains we host in there?

6) IP networks can be entered using CIDR notation, eg. 192.0.2.0/24

Which cidr range?

7) Could mail from easynetworks.com.au originate through
servers belonging to some other domain?
If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here.

Yes, our isp's, but their outgoing mail server don’t seem to have an spf record, whereas their incoming does.

8) Do the above lines describe all the hosts
that send mail from easynetworks.com.au?

Hosts, as in hostnames of the mail servers or names of the domains the mail servers send on behalf of?

9) easynetworks.com.au. IN TXT

No idea what that is asking.


{we can help with the <details> when you can give them to us}

>> What details do you need?



and then for each hosted domain, including your-main-domain.com
setup an spf record of "v=spf1 redirect=_SPF.your-main-domain.com"

>> So I need to run that wizard for every domain we host?



thus even the ones you don't handle dns for will be able to reference your spf record by adding this line to their dns

and receivers will benefit from DNS caching of the one primary spf record

>When I examine a message header it shows this to be correct.
>
>The questions being asked in the spf wizard doesn?t seem to match our requirements. I don?t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?

I think I pretty much covered it above?

btw the details if sending to the list from the aformentioned setup are
ISPs mailserver mail.webconnect.com.au

so an spf {assuming they have but this one ip} would be
"v=spf1 a:mail.webconnect.com.au -all"

but again rather than adding this to every customer directly
its better to have your costumers reference an SPF within your domain, as you are their ISP
you in turn reference an SPF or A record within your ISP's domain, {A currently

i use the a: rather than ip4:203.22.70.85 because they may move the server ip at any time this stops that breaking your setup {assuming they correctly move the name}

also i see that although webconnect.com.au dosnt use spf themselves
mail.webconnect.com.au does have a HELO/EHLO spf record so thats good to know and shows its likely well maintained



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
before reading my responses to your ignoring my previous mail again your answer is

A setup the spf record for

_spf.your-primary-domain.com "v=spf1 a:mail.webconnect.com.au -all"
or if theis is your primary domain
_spf.easynetworks.com.au IN TXT "v=spf1 a:mail.webconnect.com.au -all"

then after you have done this and after it has been checked by me for typos
{please do not ignore this caveat as a typo can be fatal}

you add the following spf record to
easynetworks.com.au IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"

once this has been checked /tested

you add the same to each domain

domain1.tld IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
domain2.com IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"

etc.etc.

now work with us, or the wizard, were volunteers and spf users
and don't appreciate when our previous help is ignored
and we start getting asked how to fill out a form, thats not what were here for

At 23:45 21/10/2009 Wednesday, you wrote:


>
>
>-----Original Message-----
>From: alan [mailto:spfdiscuss@alandoherty.net]
>Sent: Thursday, 22 October 2009 7:47 AM
>To: spf-help@v2.listbox.com
>Subject: RE: [spf-help] SPF tutorial-2
>
>
>Hi all
>
>>Is there any sort of tutorial or step by step guide on setting up spf records?
>
>I found the easiest was read the RFC and syntax documents
>as no one guide will fit all senders most guides are directed at simple senders, as complex setups usually have the technical know how behind them already
>
>>I am looking at setting up spf records for my domain & all the domains hosted on our mail servers
>
>ok sounds ok so far
>
>> of which there are about 30. The mail enters our servers via our mx record
>
>OK from now on no further mention of how other people mail you or MX records as these are unrelated to and irrelevant to how your users send their mail
>{which is all that SPF deals with}
>
>> , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.
>
>ok so you users all send from your ISP's mail servers {how your users mail gets there is also beyond the scope of SPF}
>
>so can you get a list of the ip's of these servers from your isp? or do they possibly {as many do} already provide an SPF record to include in your own?
>
>>> yes, but Im a little confused. When I do an spf lookup on their domain, there is one attached to their incoming mx record

ok again stop with the mentioning of anything to do with MX records
spf records are attached to domain names only

>" Yes, support@ecn.net.au has an SPF version 1 record.
>
>Hostname: ecn.net.au
>IP: 203.22.70.2
>Mailserver(s): warp.ecn.net.au
>SPF Record:
>v=spf1 mx ?all

ok so you are saying ecn.net.au is another domain owned by webconnect.com.au
and has an spf record of "v=spf1 mx ?all"
which means
trust mail from 203.22.70.2
and additionally the rest of the globe as we don't trust spf

>But their outgoing mail which goes through webconnect does not have an spf record & THAT is the one that matters isn?t it?

if their outoing mail for ecn.net.au does go through mail.webconnect.com.au yes their spf is flawed

> As you say at the end of the email, there isn?t an spf record for mail.webconnect.com.au

err no i clearly say there is one for mail.webconnect.com.au
just none for webconnect.com.au

>or worst case you trial + error test/find all these ip's by repeatedly mailing an external address via your setup/ISP
>
>once you have the IP's you can construct a master spf record for all the domains you host
>like _SPF.your-main-domain.com "v=spf1 <details> -all"
>
>>> Ok, well there only seems to be one for the isp & we only have one that we send from. Problem is, I don?t know where to start on that wizard.

then don't use the wizard

>1) easynetworks.com.au's IP address is 203.143.228.14 (s1c0e.static.pacific.net.au).
>Does that server send mail from easynetworks.com.au?

no idea what has this got to do with you?

>No, that is the incoming address, the outgoing mail leaves us via 203.201.149.50 & mail.webconnect.com.au then picks it up & relays it.

ok so you are saying you only send mail from mail.webconnect.com.au
as i posited earlier
{as i said stop confusing yourself and the issues by talking about how mail gets to you /from you to them}
the only thing relevant in SPF is who connects to us to send us your email
so if it is ONLY mail.webconnect.com.au

then the guesswork answer from my first email will work perfectly

>2) This wizard found 2 names for the MX servers for easynetworks.com.au: s1c18.static.pacific.net.au and mail. (A single machine may go by more than one hostname. All of them are shown.)
>MX servers receive mail for easynetworks.com.au.
>Do they also send mail from easynetworks.com.au?

obviously the answer is no if this is you
but please use us or the wizard, you failed with the wizard so how about just answering the questions we ask
taking the answers we give

>s1c0e.static.pacific.net.au is our reverse dns ptr record.

again irrelevant

>Do they also send mail from easynetworks.com.au? yes, but they are relayed via a different ip than the incoming ip & are relayed to our isp.

no you mean then

>3) Do you want to just approve any host
>whose name ends in easynetworks.com.au? (Expensive, unreliable and not recommended)
>
>I gather, I say no.

correct


>4) Do any other servers send mail from easynetworks.com.au?

this is where you say yes for the first time and put in the name of the server that sends your email
mail.webconnect.com.au

>I have no idea what this is asking. We have 3 mail servers, all of which send mail via only one of those servers, via only one of our ip's & then go via our isps smtp server.

again i state
only the servers the world sees are relevant ie 1 mail.webconnect.com.au

>5) You can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. To keep the wizard short we left out ptr:, but it works analogously
>
>Again, I'm not sure what to put here. Do I put my mx records in there & all of the mx records of all of the domains we host in there?

please either use this forum or the wizard not both
few here would have ever used it, as most could write the most complex spf records from memory

>6) IP networks can be entered using CIDR notation, eg. 192.0.2.0/24
>
>Which cidr range?

none in your case as you have one 1 mailserver with 1 ip so its totally done

>7) Could mail from easynetworks.com.au originate through
>servers belonging to some other domain?
>If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here.
>
>Yes, our isp's, but their outgoing mail server don?t seem to have an spf record, whereas their incoming does.

no spf is not per incoming or outgoing, please just read the answer given in the first mail and go

>8) Do the above lines describe all the hosts
>that send mail from easynetworks.com.au?
>
>Hosts, as in hostnames of the mail servers or names of the domains the mail servers send on behalf of?

hosts as in ips as in the 1 you send mail from

>9) easynetworks.com.au. IN TXT
>
>No idea what that is asking.
>
>
>{we can help with the <details> when you can give them to us}
>
>>> What details do you need?

we already guessed them
the server(s) that send your email

1 mail.webconnect.com.au

>and then for each hosted domain, including your-main-domain.com
>setup an spf record of "v=spf1 redirect=_SPF.your-main-domain.com"
>
>>> So I need to run that wizard for every domain we host?

you never run the wizard you just put in the spf record as i gave you it

>thus even the ones you don't handle dns for will be able to reference your spf record by adding this line to their dns
>
>and receivers will benefit from DNS caching of the one primary spf record
>
>>When I examine a message header it shows this to be correct.
>>
>>The questions being asked in the spf wizard doesn?t seem to match our requirements. I don?t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?
>
>I think I pretty much covered it above?
>
>btw the details if sending to the list from the aformentioned setup are
>ISPs mailserver mail.webconnect.com.au
>
>so an spf {assuming they have but this one ip} would be
>"v=spf1 a:mail.webconnect.com.au -all"
>
>but again rather than adding this to every customer directly
>its better to have your costumers reference an SPF within your domain, as you are their ISP
>you in turn reference an SPF or A record within your ISP's domain, {A currently
>
>i use the a: rather than ip4:203.22.70.85 because they may move the server ip at any time this stops that breaking your setup {assuming they correctly move the name}
>
>also i see that although webconnect.com.au dosnt use spf themselves
>mail.webconnect.com.au does have a HELO/EHLO spf record so thats good to know and shows its likely well maintained
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
Alan, thanks for your help so far, but all of what you say assumes that I am familiar with the spf wizard or where to put the entries you describe below.

Neither of which I know.

"now work with us, or the wizard"

I don’t know how to fill out the wizard, so as it states on your site, I am to request help through this list. This has drawn some ire for some reason. I didn’t know there was a protocol for asking questions.

If I am to ignore the wizard & enter the details you supplied below, where exactly do I enter the details?

Why can the site have forums or procedures with screen shots, instead of me treading this minefield of asking the wrong question each time?



Danny



-----Original Message-----
From: alan [mailto:spfdiscuss@alandoherty.net]
Sent: Thursday, 22 October 2009 10:28 AM
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] SPF tutorial-2

before reading my responses to your ignoring my previous mail again your answer is

A setup the spf record for

_spf.your-primary-domain.com "v=spf1 a:mail.webconnect.com.au -all"
or if theis is your primary domain
_spf.easynetworks.com.au IN TXT "v=spf1 a:mail.webconnect.com.au -all"

then after you have done this and after it has been checked by me for typos
{please do not ignore this caveat as a typo can be fatal}

you add the following spf record to
easynetworks.com.au IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"

once this has been checked /tested

you add the same to each domain

domain1.tld IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
domain2.com IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"

etc.etc.

now work with us, or the wizard, were volunteers and spf users
and don't appreciate when our previous help is ignored
and we start getting asked how to fill out a form, thats not what were here for

At 23:45 21/10/2009 Wednesday, you wrote:


>
>
>-----Original Message-----
>From: alan [mailto:spfdiscuss@alandoherty.net]
>Sent: Thursday, 22 October 2009 7:47 AM
>To: spf-help@v2.listbox.com
>Subject: RE: [spf-help] SPF tutorial-2
>
>
>Hi all
>
>>Is there any sort of tutorial or step by step guide on setting up spf records?
>
>I found the easiest was read the RFC and syntax documents
>as no one guide will fit all senders most guides are directed at simple senders, as complex setups usually have the technical know how behind them already
>
>>I am looking at setting up spf records for my domain & all the domains hosted on our mail servers
>
>ok sounds ok so far
>
>> of which there are about 30. The mail enters our servers via our mx record
>
>OK from now on no further mention of how other people mail you or MX records as these are unrelated to and irrelevant to how your users send their mail
>{which is all that SPF deals with}
>
>> , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.
>
>ok so you users all send from your ISP's mail servers {how your users mail gets there is also beyond the scope of SPF}
>
>so can you get a list of the ip's of these servers from your isp? or do they possibly {as many do} already provide an SPF record to include in your own?
>
>>> yes, but Im a little confused. When I do an spf lookup on their domain, there is one attached to their incoming mx record

ok again stop with the mentioning of anything to do with MX records
spf records are attached to domain names only

>" Yes, support@ecn.net.au has an SPF version 1 record.
>
>Hostname: ecn.net.au
>IP: 203.22.70.2
>Mailserver(s): warp.ecn.net.au
>SPF Record:
>v=spf1 mx ?all

ok so you are saying ecn.net.au is another domain owned by webconnect.com.au
and has an spf record of "v=spf1 mx ?all"
which means
trust mail from 203.22.70.2
and additionally the rest of the globe as we don't trust spf

>But their outgoing mail which goes through webconnect does not have an spf record & THAT is the one that matters isn?t it?

if their outoing mail for ecn.net.au does go through mail.webconnect.com.au yes their spf is flawed

> As you say at the end of the email, there isn?t an spf record for mail.webconnect.com.au

err no i clearly say there is one for mail.webconnect.com.au
just none for webconnect.com.au

>or worst case you trial + error test/find all these ip's by repeatedly mailing an external address via your setup/ISP
>
>once you have the IP's you can construct a master spf record for all the domains you host
>like _SPF.your-main-domain.com "v=spf1 <details> -all"
>
>>> Ok, well there only seems to be one for the isp & we only have one that we send from. Problem is, I don?t know where to start on that wizard.

then don't use the wizard

>1) easynetworks.com.au's IP address is 203.143.228.14 (s1c0e.static.pacific.net.au).
>Does that server send mail from easynetworks.com.au?

no idea what has this got to do with you?

>No, that is the incoming address, the outgoing mail leaves us via 203.201.149.50 & mail.webconnect.com.au then picks it up & relays it.

ok so you are saying you only send mail from mail.webconnect.com.au
as i posited earlier
{as i said stop confusing yourself and the issues by talking about how mail gets to you /from you to them}
the only thing relevant in SPF is who connects to us to send us your email
so if it is ONLY mail.webconnect.com.au

then the guesswork answer from my first email will work perfectly

>2) This wizard found 2 names for the MX servers for easynetworks.com.au: s1c18.static.pacific.net.au and mail. (A single machine may go by more than one hostname. All of them are shown.)
>MX servers receive mail for easynetworks.com.au.
>Do they also send mail from easynetworks.com.au?

obviously the answer is no if this is you
but please use us or the wizard, you failed with the wizard so how about just answering the questions we ask
taking the answers we give

>s1c0e.static.pacific.net.au is our reverse dns ptr record.

again irrelevant

>Do they also send mail from easynetworks.com.au? yes, but they are relayed via a different ip than the incoming ip & are relayed to our isp.

no you mean then

>3) Do you want to just approve any host
>whose name ends in easynetworks.com.au? (Expensive, unreliable and not recommended)
>
>I gather, I say no.

correct


>4) Do any other servers send mail from easynetworks.com.au?

this is where you say yes for the first time and put in the name of the server that sends your email
mail.webconnect.com.au

>I have no idea what this is asking. We have 3 mail servers, all of which send mail via only one of those servers, via only one of our ip's & then go via our isps smtp server.

again i state
only the servers the world sees are relevant ie 1 mail.webconnect.com.au

>5) You can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. To keep the wizard short we left out ptr:, but it works analogously
>
>Again, I'm not sure what to put here. Do I put my mx records in there & all of the mx records of all of the domains we host in there?

please either use this forum or the wizard not both
few here would have ever used it, as most could write the most complex spf records from memory

>6) IP networks can be entered using CIDR notation, eg. 192.0.2.0/24
>
>Which cidr range?

none in your case as you have one 1 mailserver with 1 ip so its totally done

>7) Could mail from easynetworks.com.au originate through
>servers belonging to some other domain?
>If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here.
>
>Yes, our isp's, but their outgoing mail server don?t seem to have an spf record, whereas their incoming does.

no spf is not per incoming or outgoing, please just read the answer given in the first mail and go

>8) Do the above lines describe all the hosts
>that send mail from easynetworks.com.au?
>
>Hosts, as in hostnames of the mail servers or names of the domains the mail servers send on behalf of?

hosts as in ips as in the 1 you send mail from

>9) easynetworks.com.au. IN TXT
>
>No idea what that is asking.
>
>
>{we can help with the <details> when you can give them to us}
>
>>> What details do you need?

we already guessed them
the server(s) that send your email

1 mail.webconnect.com.au

>and then for each hosted domain, including your-main-domain.com
>setup an spf record of "v=spf1 redirect=_SPF.your-main-domain.com"
>
>>> So I need to run that wizard for every domain we host?

you never run the wizard you just put in the spf record as i gave you it

>thus even the ones you don't handle dns for will be able to reference your spf record by adding this line to their dns
>
>and receivers will benefit from DNS caching of the one primary spf record
>
>>When I examine a message header it shows this to be correct.
>>
>>The questions being asked in the spf wizard doesn?t seem to match our requirements. I don?t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?
>
>I think I pretty much covered it above?
>
>btw the details if sending to the list from the aformentioned setup are
>ISPs mailserver mail.webconnect.com.au
>
>so an spf {assuming they have but this one ip} would be
>"v=spf1 a:mail.webconnect.com.au -all"
>
>but again rather than adding this to every customer directly
>its better to have your costumers reference an SPF within your domain, as you are their ISP
>you in turn reference an SPF or A record within your ISP's domain, {A currently
>
>i use the a: rather than ip4:203.22.70.85 because they may move the server ip at any time this stops that breaking your setup {assuming they correctly move the name}
>
>also i see that although webconnect.com.au dosnt use spf themselves
>mail.webconnect.com.au does have a HELO/EHLO spf record so thats good to know and shows its likely well maintained
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
At 01:39 22/10/2009 Thursday, Danny Vincent wrote:
>Alan, thanks for your help so far, but all of what you say assumes that I am familiar with the spf wizard or where to put the entries you describe below.

no all i am giving you is the answers
I AM SAYING DO NOT USE THE WIZARD TO GET THE ANSWERS
USE THE ANSWERS I GAVE YOU DIRECTLY


>Neither of which I know.
>
>"now work with us, or the wizard"
>
>I don?t know how to fill out the wizard, so as it states on your site, I am to request help through this list. This has drawn some ire for some reason. I didn?t know there was a protocol for asking questions.
>
>If I am to ignore the wizard & enter the details you supplied below, where exactly do I enter the details?

you put the spf records i gave you in your DNS zone files thats how SPF works
if you are not the DNS admin for your domains, go get him ask him to contact us we will give him the details


>Why can the site have forums or procedures with screen shots, instead of me treading this minefield of asking the wrong question each time?

there are hundreds of dns servers out there all with different administration systems, we assume the people setting up their spf records have the neccisarry knowledge of their own systems to know how to administer them




>Danny
>
>
>
>-----Original Message-----
>From: alan [mailto:spfdiscuss@alandoherty.net]
>Sent: Thursday, 22 October 2009 10:28 AM
>To: spf-help@v2.listbox.com
>Subject: RE: [spf-help] SPF tutorial-2
>
>before reading my responses to your ignoring my previous mail again your answer is
>
>A setup the spf record for
>
>_spf.your-primary-domain.com "v=spf1 a:mail.webconnect.com.au -all"
>or if theis is your primary domain
>_spf.easynetworks.com.au IN TXT "v=spf1 a:mail.webconnect.com.au -all"
>
>then after you have done this and after it has been checked by me for typos
>{please do not ignore this caveat as a typo can be fatal}
>
>you add the following spf record to
>easynetworks.com.au IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>
>once this has been checked /tested
>
>you add the same to each domain
>
>domain1.tld IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>domain2.com IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>
>etc.etc.
>
>now work with us, or the wizard, were volunteers and spf users
>and don't appreciate when our previous help is ignored
>and we start getting asked how to fill out a form, thats not what were here for
>
>At 23:45 21/10/2009 Wednesday, you wrote:
>
>
>>
>>
>>-----Original Message-----
>>From: alan [mailto:spfdiscuss@alandoherty.net]
>>Sent: Thursday, 22 October 2009 7:47 AM
>>To: spf-help@v2.listbox.com
>>Subject: RE: [spf-help] SPF tutorial-2
>>
>>
>>Hi all
>>
>>>Is there any sort of tutorial or step by step guide on setting up spf records?
>>
>>I found the easiest was read the RFC and syntax documents
>>as no one guide will fit all senders most guides are directed at simple senders, as complex setups usually have the technical know how behind them already
>>
>>>I am looking at setting up spf records for my domain & all the domains hosted on our mail servers
>>
>>ok sounds ok so far
>>
>>> of which there are about 30. The mail enters our servers via our mx record
>>
>>OK from now on no further mention of how other people mail you or MX records as these are unrelated to and irrelevant to how your users send their mail
>>{which is all that SPF deals with}
>>
>>> , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.
>>
>>ok so you users all send from your ISP's mail servers {how your users mail gets there is also beyond the scope of SPF}
>>
>>so can you get a list of the ip's of these servers from your isp? or do they possibly {as many do} already provide an SPF record to include in your own?
>>
>>>> yes, but Im a little confused. When I do an spf lookup on their domain, there is one attached to their incoming mx record
>
>ok again stop with the mentioning of anything to do with MX records
>spf records are attached to domain names only
>
>>" Yes, support@ecn.net.au has an SPF version 1 record.
>>
>>Hostname: ecn.net.au
>>IP: 203.22.70.2
>>Mailserver(s): warp.ecn.net.au
>>SPF Record:
>>v=spf1 mx ?all
>
>ok so you are saying ecn.net.au is another domain owned by webconnect.com.au
>and has an spf record of "v=spf1 mx ?all"
>which means
>trust mail from 203.22.70.2
>and additionally the rest of the globe as we don't trust spf
>
>>But their outgoing mail which goes through webconnect does not have an spf record & THAT is the one that matters isn?t it?
>
>if their outoing mail for ecn.net.au does go through mail.webconnect.com.au yes their spf is flawed
>
>> As you say at the end of the email, there isn?t an spf record for mail.webconnect.com.au
>
>err no i clearly say there is one for mail.webconnect.com.au
>just none for webconnect.com.au
>
>>or worst case you trial + error test/find all these ip's by repeatedly mailing an external address via your setup/ISP
>>
>>once you have the IP's you can construct a master spf record for all the domains you host
>>like _SPF.your-main-domain.com "v=spf1 <details> -all"
>>
>>>> Ok, well there only seems to be one for the isp & we only have one that we send from. Problem is, I don?t know where to start on that wizard.
>
>then don't use the wizard
>
>>1) easynetworks.com.au's IP address is 203.143.228.14 (s1c0e.static.pacific.net.au).
>>Does that server send mail from easynetworks.com.au?
>
>no idea what has this got to do with you?
>
>>No, that is the incoming address, the outgoing mail leaves us via 203.201.149.50 & mail.webconnect.com.au then picks it up & relays it.
>
>ok so you are saying you only send mail from mail.webconnect.com.au
>as i posited earlier
>{as i said stop confusing yourself and the issues by talking about how mail gets to you /from you to them}
>the only thing relevant in SPF is who connects to us to send us your email
>so if it is ONLY mail.webconnect.com.au
>
>then the guesswork answer from my first email will work perfectly
>
>>2) This wizard found 2 names for the MX servers for easynetworks.com.au: s1c18.static.pacific.net.au and mail. (A single machine may go by more than one hostname. All of them are shown.)
>>MX servers receive mail for easynetworks.com.au.
>>Do they also send mail from easynetworks.com.au?
>
>obviously the answer is no if this is you
>but please use us or the wizard, you failed with the wizard so how about just answering the questions we ask
>taking the answers we give
>
>>s1c0e.static.pacific.net.au is our reverse dns ptr record.
>
>again irrelevant
>
>>Do they also send mail from easynetworks.com.au? yes, but they are relayed via a different ip than the incoming ip & are relayed to our isp.
>
>no you mean then
>
>>3) Do you want to just approve any host
>>whose name ends in easynetworks.com.au? (Expensive, unreliable and not recommended)
>>
>>I gather, I say no.
>
>correct
>
>
>>4) Do any other servers send mail from easynetworks.com.au?
>
>this is where you say yes for the first time and put in the name of the server that sends your email
>mail.webconnect.com.au
>
>>I have no idea what this is asking. We have 3 mail servers, all of which send mail via only one of those servers, via only one of our ip's & then go via our isps smtp server.
>
>again i state
>only the servers the world sees are relevant ie 1 mail.webconnect.com.au
>
>>5) You can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. To keep the wizard short we left out ptr:, but it works analogously
>>
>>Again, I'm not sure what to put here. Do I put my mx records in there & all of the mx records of all of the domains we host in there?
>
>please either use this forum or the wizard not both
>few here would have ever used it, as most could write the most complex spf records from memory
>
>>6) IP networks can be entered using CIDR notation, eg. 192.0.2.0/24
>>
>>Which cidr range?
>
>none in your case as you have one 1 mailserver with 1 ip so its totally done
>
>>7) Could mail from easynetworks.com.au originate through
>>servers belonging to some other domain?
>>If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here.
>>
>>Yes, our isp's, but their outgoing mail server don?t seem to have an spf record, whereas their incoming does.
>
>no spf is not per incoming or outgoing, please just read the answer given in the first mail and go
>
>>8) Do the above lines describe all the hosts
>>that send mail from easynetworks.com.au?
>>
>>Hosts, as in hostnames of the mail servers or names of the domains the mail servers send on behalf of?
>
>hosts as in ips as in the 1 you send mail from
>
>>9) easynetworks.com.au. IN TXT
>>
>>No idea what that is asking.
>>
>>
>>{we can help with the <details> when you can give them to us}
>>
>>>> What details do you need?
>
>we already guessed them
>the server(s) that send your email
>
>1 mail.webconnect.com.au
>
>>and then for each hosted domain, including your-main-domain.com
>>setup an spf record of "v=spf1 redirect=_SPF.your-main-domain.com"
>>
>>>> So I need to run that wizard for every domain we host?
>
>you never run the wizard you just put in the spf record as i gave you it
>
>>thus even the ones you don't handle dns for will be able to reference your spf record by adding this line to their dns
>>
>>and receivers will benefit from DNS caching of the one primary spf record
>>
>>>When I examine a message header it shows this to be correct.
>>>
>>>The questions being asked in the spf wizard doesn?t seem to match our requirements. I don?t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?
>>
>>I think I pretty much covered it above?
>>
>>btw the details if sending to the list from the aformentioned setup are
>>ISPs mailserver mail.webconnect.com.au
>>
>>so an spf {assuming they have but this one ip} would be
>>"v=spf1 a:mail.webconnect.com.au -all"
>>
>>but again rather than adding this to every customer directly
>>its better to have your costumers reference an SPF within your domain, as you are their ISP
>>you in turn reference an SPF or A record within your ISP's domain, {A currently
>>
>>i use the a: rather than ip4:203.22.70.85 because they may move the server ip at any time this stops that breaking your setup {assuming they correctly move the name}
>>
>>also i see that although webconnect.com.au dosnt use spf themselves
>>mail.webconnect.com.au does have a HELO/EHLO spf record so thats good to know and shows its likely well maintained
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
OK lets get down to basics

SPF relies on DNS records being added to your domains

first are you the hostmaster of the domains in question

IE do you have the ability to create DNS records within those domains
if no/dont know, then no wizard or person here can help, find out who is the DNS administrator and ask them to contact us.

{all the wizard does is what we did, took your details and gives back a working SPF record(s) for you to use within your DNS zone file}

if yes then what DNS administration tools do you have/use

if we are familiar we will assist

At 01:39 22/10/2009 Thursday, Danny Vincent wrote:
>Alan, thanks for your help so far, but all of what you say assumes that I am familiar with the spf wizard or where to put the entries you describe below.
>
>Neither of which I know.
>
>"now work with us, or the wizard"
>
>I don?t know how to fill out the wizard, so as it states on your site, I am to request help through this list. This has drawn some ire for some reason. I didn?t know there was a protocol for asking questions.
>
>If I am to ignore the wizard & enter the details you supplied below, where exactly do I enter the details?
>
>Why can the site have forums or procedures with screen shots, instead of me treading this minefield of asking the wrong question each time?
>
>
>
>Danny
>
>
>
>-----Original Message-----
>From: alan [mailto:spfdiscuss@alandoherty.net]
>Sent: Thursday, 22 October 2009 10:28 AM
>To: spf-help@v2.listbox.com
>Subject: RE: [spf-help] SPF tutorial-2
>
>before reading my responses to your ignoring my previous mail again your answer is
>
>A setup the spf record for
>
>_spf.your-primary-domain.com "v=spf1 a:mail.webconnect.com.au -all"
>or if theis is your primary domain
>_spf.easynetworks.com.au IN TXT "v=spf1 a:mail.webconnect.com.au -all"
>
>then after you have done this and after it has been checked by me for typos
>{please do not ignore this caveat as a typo can be fatal}
>
>you add the following spf record to
>easynetworks.com.au IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>
>once this has been checked /tested
>
>you add the same to each domain
>
>domain1.tld IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>domain2.com IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>
>etc.etc.
>
>now work with us, or the wizard, were volunteers and spf users
>and don't appreciate when our previous help is ignored
>and we start getting asked how to fill out a form, thats not what were here for
>
>At 23:45 21/10/2009 Wednesday, you wrote:
>
>
>>
>>
>>-----Original Message-----
>>From: alan [mailto:spfdiscuss@alandoherty.net]
>>Sent: Thursday, 22 October 2009 7:47 AM
>>To: spf-help@v2.listbox.com
>>Subject: RE: [spf-help] SPF tutorial-2
>>
>>
>>Hi all
>>
>>>Is there any sort of tutorial or step by step guide on setting up spf records?
>>
>>I found the easiest was read the RFC and syntax documents
>>as no one guide will fit all senders most guides are directed at simple senders, as complex setups usually have the technical know how behind them already
>>
>>>I am looking at setting up spf records for my domain & all the domains hosted on our mail servers
>>
>>ok sounds ok so far
>>
>>> of which there are about 30. The mail enters our servers via our mx record
>>
>>OK from now on no further mention of how other people mail you or MX records as these are unrelated to and irrelevant to how your users send their mail
>>{which is all that SPF deals with}
>>
>>> , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.
>>
>>ok so you users all send from your ISP's mail servers {how your users mail gets there is also beyond the scope of SPF}
>>
>>so can you get a list of the ip's of these servers from your isp? or do they possibly {as many do} already provide an SPF record to include in your own?
>>
>>>> yes, but Im a little confused. When I do an spf lookup on their domain, there is one attached to their incoming mx record
>
>ok again stop with the mentioning of anything to do with MX records
>spf records are attached to domain names only
>
>>" Yes, support@ecn.net.au has an SPF version 1 record.
>>
>>Hostname: ecn.net.au
>>IP: 203.22.70.2
>>Mailserver(s): warp.ecn.net.au
>>SPF Record:
>>v=spf1 mx ?all
>
>ok so you are saying ecn.net.au is another domain owned by webconnect.com.au
>and has an spf record of "v=spf1 mx ?all"
>which means
>trust mail from 203.22.70.2
>and additionally the rest of the globe as we don't trust spf
>
>>But their outgoing mail which goes through webconnect does not have an spf record & THAT is the one that matters isn?t it?
>
>if their outoing mail for ecn.net.au does go through mail.webconnect.com.au yes their spf is flawed
>
>> As you say at the end of the email, there isn?t an spf record for mail.webconnect.com.au
>
>err no i clearly say there is one for mail.webconnect.com.au
>just none for webconnect.com.au
>
>>or worst case you trial + error test/find all these ip's by repeatedly mailing an external address via your setup/ISP
>>
>>once you have the IP's you can construct a master spf record for all the domains you host
>>like _SPF.your-main-domain.com "v=spf1 <details> -all"
>>
>>>> Ok, well there only seems to be one for the isp & we only have one that we send from. Problem is, I don?t know where to start on that wizard.
>
>then don't use the wizard
>
>>1) easynetworks.com.au's IP address is 203.143.228.14 (s1c0e.static.pacific.net.au).
>>Does that server send mail from easynetworks.com.au?
>
>no idea what has this got to do with you?
>
>>No, that is the incoming address, the outgoing mail leaves us via 203.201.149.50 & mail.webconnect.com.au then picks it up & relays it.
>
>ok so you are saying you only send mail from mail.webconnect.com.au
>as i posited earlier
>{as i said stop confusing yourself and the issues by talking about how mail gets to you /from you to them}
>the only thing relevant in SPF is who connects to us to send us your email
>so if it is ONLY mail.webconnect.com.au
>
>then the guesswork answer from my first email will work perfectly
>
>>2) This wizard found 2 names for the MX servers for easynetworks.com.au: s1c18.static.pacific.net.au and mail. (A single machine may go by more than one hostname. All of them are shown.)
>>MX servers receive mail for easynetworks.com.au.
>>Do they also send mail from easynetworks.com.au?
>
>obviously the answer is no if this is you
>but please use us or the wizard, you failed with the wizard so how about just answering the questions we ask
>taking the answers we give
>
>>s1c0e.static.pacific.net.au is our reverse dns ptr record.
>
>again irrelevant
>
>>Do they also send mail from easynetworks.com.au? yes, but they are relayed via a different ip than the incoming ip & are relayed to our isp.
>
>no you mean then
>
>>3) Do you want to just approve any host
>>whose name ends in easynetworks.com.au? (Expensive, unreliable and not recommended)
>>
>>I gather, I say no.
>
>correct
>
>
>>4) Do any other servers send mail from easynetworks.com.au?
>
>this is where you say yes for the first time and put in the name of the server that sends your email
>mail.webconnect.com.au
>
>>I have no idea what this is asking. We have 3 mail servers, all of which send mail via only one of those servers, via only one of our ip's & then go via our isps smtp server.
>
>again i state
>only the servers the world sees are relevant ie 1 mail.webconnect.com.au
>
>>5) You can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. To keep the wizard short we left out ptr:, but it works analogously
>>
>>Again, I'm not sure what to put here. Do I put my mx records in there & all of the mx records of all of the domains we host in there?
>
>please either use this forum or the wizard not both
>few here would have ever used it, as most could write the most complex spf records from memory
>
>>6) IP networks can be entered using CIDR notation, eg. 192.0.2.0/24
>>
>>Which cidr range?
>
>none in your case as you have one 1 mailserver with 1 ip so its totally done
>
>>7) Could mail from easynetworks.com.au originate through
>>servers belonging to some other domain?
>>If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here.
>>
>>Yes, our isp's, but their outgoing mail server don?t seem to have an spf record, whereas their incoming does.
>
>no spf is not per incoming or outgoing, please just read the answer given in the first mail and go
>
>>8) Do the above lines describe all the hosts
>>that send mail from easynetworks.com.au?
>>
>>Hosts, as in hostnames of the mail servers or names of the domains the mail servers send on behalf of?
>
>hosts as in ips as in the 1 you send mail from
>
>>9) easynetworks.com.au. IN TXT
>>
>>No idea what that is asking.
>>
>>
>>{we can help with the <details> when you can give them to us}
>>
>>>> What details do you need?
>
>we already guessed them
>the server(s) that send your email
>
>1 mail.webconnect.com.au
>
>>and then for each hosted domain, including your-main-domain.com
>>setup an spf record of "v=spf1 redirect=_SPF.your-main-domain.com"
>>
>>>> So I need to run that wizard for every domain we host?
>
>you never run the wizard you just put in the spf record as i gave you it
>
>>thus even the ones you don't handle dns for will be able to reference your spf record by adding this line to their dns
>>
>>and receivers will benefit from DNS caching of the one primary spf record
>>
>>>When I examine a message header it shows this to be correct.
>>>
>>>The questions being asked in the spf wizard doesn?t seem to match our requirements. I don?t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?
>>
>>I think I pretty much covered it above?
>>
>>btw the details if sending to the list from the aformentioned setup are
>>ISPs mailserver mail.webconnect.com.au
>>
>>so an spf {assuming they have but this one ip} would be
>>"v=spf1 a:mail.webconnect.com.au -all"
>>
>>but again rather than adding this to every customer directly
>>its better to have your costumers reference an SPF within your domain, as you are their ISP
>>you in turn reference an SPF or A record within your ISP's domain, {A currently
>>
>>i use the a: rather than ip4:203.22.70.85 because they may move the server ip at any time this stops that breaking your setup {assuming they correctly move the name}
>>
>>also i see that although webconnect.com.au dosnt use spf themselves
>>mail.webconnect.com.au does have a HELO/EHLO spf record so thats good to know and shows its likely well maintained
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
Alan, I am the systems engineer of every facet of our domains. Yes, I am the hostmaster.

Yes I have access to our public & private dns records.

We use www.ods.org as our nameservers & delegation.

Danny


-----Original Message-----
From: Alan Doherty [mailto:alan@alandoherty.net]
Sent: Thursday, 22 October 2009 12:32 PM
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] SPF tutorial-2

OK lets get down to basics

SPF relies on DNS records being added to your domains

first are you the hostmaster of the domains in question

IE do you have the ability to create DNS records within those domains
if no/dont know, then no wizard or person here can help, find out who is the DNS administrator and ask them to contact us.

{all the wizard does is what we did, took your details and gives back a working SPF record(s) for you to use within your DNS zone file}

if yes then what DNS administration tools do you have/use

if we are familiar we will assist

At 01:39 22/10/2009 Thursday, Danny Vincent wrote:
>Alan, thanks for your help so far, but all of what you say assumes that I am familiar with the spf wizard or where to put the entries you describe below.
>
>Neither of which I know.
>
>"now work with us, or the wizard"
>
>I don?t know how to fill out the wizard, so as it states on your site, I am to request help through this list. This has drawn some ire for some reason. I didn?t know there was a protocol for asking questions.
>
>If I am to ignore the wizard & enter the details you supplied below, where exactly do I enter the details?
>
>Why can the site have forums or procedures with screen shots, instead of me treading this minefield of asking the wrong question each time?
>
>
>
>Danny
>
>
>
>-----Original Message-----
>From: alan [mailto:spfdiscuss@alandoherty.net]
>Sent: Thursday, 22 October 2009 10:28 AM
>To: spf-help@v2.listbox.com
>Subject: RE: [spf-help] SPF tutorial-2
>
>before reading my responses to your ignoring my previous mail again your answer is
>
>A setup the spf record for
>
>_spf.your-primary-domain.com "v=spf1 a:mail.webconnect.com.au -all"
>or if theis is your primary domain
>_spf.easynetworks.com.au IN TXT "v=spf1 a:mail.webconnect.com.au -all"
>
>then after you have done this and after it has been checked by me for typos
>{please do not ignore this caveat as a typo can be fatal}
>
>you add the following spf record to
>easynetworks.com.au IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>
>once this has been checked /tested
>
>you add the same to each domain
>
>domain1.tld IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>domain2.com IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>
>etc.etc.
>
>now work with us, or the wizard, were volunteers and spf users
>and don't appreciate when our previous help is ignored
>and we start getting asked how to fill out a form, thats not what were here for
>
>At 23:45 21/10/2009 Wednesday, you wrote:
>
>
>>
>>
>>-----Original Message-----
>>From: alan [mailto:spfdiscuss@alandoherty.net]
>>Sent: Thursday, 22 October 2009 7:47 AM
>>To: spf-help@v2.listbox.com
>>Subject: RE: [spf-help] SPF tutorial-2
>>
>>
>>Hi all
>>
>>>Is there any sort of tutorial or step by step guide on setting up spf records?
>>
>>I found the easiest was read the RFC and syntax documents
>>as no one guide will fit all senders most guides are directed at simple senders, as complex setups usually have the technical know how behind them already
>>
>>>I am looking at setting up spf records for my domain & all the domains hosted on our mail servers
>>
>>ok sounds ok so far
>>
>>> of which there are about 30. The mail enters our servers via our mx record
>>
>>OK from now on no further mention of how other people mail you or MX records as these are unrelated to and irrelevant to how your users send their mail
>>{which is all that SPF deals with}
>>
>>> , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.
>>
>>ok so you users all send from your ISP's mail servers {how your users mail gets there is also beyond the scope of SPF}
>>
>>so can you get a list of the ip's of these servers from your isp? or do they possibly {as many do} already provide an SPF record to include in your own?
>>
>>>> yes, but Im a little confused. When I do an spf lookup on their domain, there is one attached to their incoming mx record
>
>ok again stop with the mentioning of anything to do with MX records
>spf records are attached to domain names only
>
>>" Yes, support@ecn.net.au has an SPF version 1 record.
>>
>>Hostname: ecn.net.au
>>IP: 203.22.70.2
>>Mailserver(s): warp.ecn.net.au
>>SPF Record:
>>v=spf1 mx ?all
>
>ok so you are saying ecn.net.au is another domain owned by webconnect.com.au
>and has an spf record of "v=spf1 mx ?all"
>which means
>trust mail from 203.22.70.2
>and additionally the rest of the globe as we don't trust spf
>
>>But their outgoing mail which goes through webconnect does not have an spf record & THAT is the one that matters isn?t it?
>
>if their outoing mail for ecn.net.au does go through mail.webconnect.com.au yes their spf is flawed
>
>> As you say at the end of the email, there isn?t an spf record for mail.webconnect.com.au
>
>err no i clearly say there is one for mail.webconnect.com.au
>just none for webconnect.com.au
>
>>or worst case you trial + error test/find all these ip's by repeatedly mailing an external address via your setup/ISP
>>
>>once you have the IP's you can construct a master spf record for all the domains you host
>>like _SPF.your-main-domain.com "v=spf1 <details> -all"
>>
>>>> Ok, well there only seems to be one for the isp & we only have one that we send from. Problem is, I don?t know where to start on that wizard.
>
>then don't use the wizard
>
>>1) easynetworks.com.au's IP address is 203.143.228.14 (s1c0e.static.pacific.net.au).
>>Does that server send mail from easynetworks.com.au?
>
>no idea what has this got to do with you?
>
>>No, that is the incoming address, the outgoing mail leaves us via 203.201.149.50 & mail.webconnect.com.au then picks it up & relays it.
>
>ok so you are saying you only send mail from mail.webconnect.com.au
>as i posited earlier
>{as i said stop confusing yourself and the issues by talking about how mail gets to you /from you to them}
>the only thing relevant in SPF is who connects to us to send us your email
>so if it is ONLY mail.webconnect.com.au
>
>then the guesswork answer from my first email will work perfectly
>
>>2) This wizard found 2 names for the MX servers for easynetworks.com.au: s1c18.static.pacific.net.au and mail. (A single machine may go by more than one hostname. All of them are shown.)
>>MX servers receive mail for easynetworks.com.au.
>>Do they also send mail from easynetworks.com.au?
>
>obviously the answer is no if this is you
>but please use us or the wizard, you failed with the wizard so how about just answering the questions we ask
>taking the answers we give
>
>>s1c0e.static.pacific.net.au is our reverse dns ptr record.
>
>again irrelevant
>
>>Do they also send mail from easynetworks.com.au? yes, but they are relayed via a different ip than the incoming ip & are relayed to our isp.
>
>no you mean then
>
>>3) Do you want to just approve any host
>>whose name ends in easynetworks.com.au? (Expensive, unreliable and not recommended)
>>
>>I gather, I say no.
>
>correct
>
>
>>4) Do any other servers send mail from easynetworks.com.au?
>
>this is where you say yes for the first time and put in the name of the server that sends your email
>mail.webconnect.com.au
>
>>I have no idea what this is asking. We have 3 mail servers, all of which send mail via only one of those servers, via only one of our ip's & then go via our isps smtp server.
>
>again i state
>only the servers the world sees are relevant ie 1 mail.webconnect.com.au
>
>>5) You can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. To keep the wizard short we left out ptr:, but it works analogously
>>
>>Again, I'm not sure what to put here. Do I put my mx records in there & all of the mx records of all of the domains we host in there?
>
>please either use this forum or the wizard not both
>few here would have ever used it, as most could write the most complex spf records from memory
>
>>6) IP networks can be entered using CIDR notation, eg. 192.0.2.0/24
>>
>>Which cidr range?
>
>none in your case as you have one 1 mailserver with 1 ip so its totally done
>
>>7) Could mail from easynetworks.com.au originate through
>>servers belonging to some other domain?
>>If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here.
>>
>>Yes, our isp's, but their outgoing mail server don?t seem to have an spf record, whereas their incoming does.
>
>no spf is not per incoming or outgoing, please just read the answer given in the first mail and go
>
>>8) Do the above lines describe all the hosts
>>that send mail from easynetworks.com.au?
>>
>>Hosts, as in hostnames of the mail servers or names of the domains the mail servers send on behalf of?
>
>hosts as in ips as in the 1 you send mail from
>
>>9) easynetworks.com.au. IN TXT
>>
>>No idea what that is asking.
>>
>>
>>{we can help with the <details> when you can give them to us}
>>
>>>> What details do you need?
>
>we already guessed them
>the server(s) that send your email
>
>1 mail.webconnect.com.au
>
>>and then for each hosted domain, including your-main-domain.com
>>setup an spf record of "v=spf1 redirect=_SPF.your-main-domain.com"
>>
>>>> So I need to run that wizard for every domain we host?
>
>you never run the wizard you just put in the spf record as i gave you it
>
>>thus even the ones you don't handle dns for will be able to reference your spf record by adding this line to their dns
>>
>>and receivers will benefit from DNS caching of the one primary spf record
>>
>>>When I examine a message header it shows this to be correct.
>>>
>>>The questions being asked in the spf wizard doesn?t seem to match our requirements. I don?t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?
>>
>>I think I pretty much covered it above?
>>
>>btw the details if sending to the list from the aformentioned setup are
>>ISPs mailserver mail.webconnect.com.au
>>
>>so an spf {assuming they have but this one ip} would be
>>"v=spf1 a:mail.webconnect.com.au -all"
>>
>>but again rather than adding this to every customer directly
>>its better to have your costumers reference an SPF within your domain, as you are their ISP
>>you in turn reference an SPF or A record within your ISP's domain, {A currently
>>
>>i use the a: rather than ip4:203.22.70.85 because they may move the server ip at any time this stops that breaking your setup {assuming they correctly move the name}
>>
>>also i see that although webconnect.com.au dosnt use spf themselves
>>mail.webconnect.com.au does have a HELO/EHLO spf record so thats good to know and shows its likely well maintained
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
Right, when I go to our name server & go to add a new dns record, there are choices from A, AAAA, MX, PTR, MX CNAME & TXT. So you are saying I need to go to our name server & add a new "txt" record for our domain & enter the spf details you mentioned earlier?

Danny



-----Original Message-----
From: Alan Doherty [mailto:alan@alandoherty.net]
Sent: Thursday, 22 October 2009 12:32 PM
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] SPF tutorial-2

OK lets get down to basics

SPF relies on DNS records being added to your domains

first are you the hostmaster of the domains in question

IE do you have the ability to create DNS records within those domains
if no/dont know, then no wizard or person here can help, find out who is the DNS administrator and ask them to contact us.

{all the wizard does is what we did, took your details and gives back a working SPF record(s) for you to use within your DNS zone file}

if yes then what DNS administration tools do you have/use

if we are familiar we will assist

At 01:39 22/10/2009 Thursday, Danny Vincent wrote:
>Alan, thanks for your help so far, but all of what you say assumes that I am familiar with the spf wizard or where to put the entries you describe below.
>
>Neither of which I know.
>
>"now work with us, or the wizard"
>
>I don?t know how to fill out the wizard, so as it states on your site, I am to request help through this list. This has drawn some ire for some reason. I didn?t know there was a protocol for asking questions.
>
>If I am to ignore the wizard & enter the details you supplied below, where exactly do I enter the details?
>
>Why can the site have forums or procedures with screen shots, instead of me treading this minefield of asking the wrong question each time?
>
>
>
>Danny
>
>
>
>-----Original Message-----
>From: alan [mailto:spfdiscuss@alandoherty.net]
>Sent: Thursday, 22 October 2009 10:28 AM
>To: spf-help@v2.listbox.com
>Subject: RE: [spf-help] SPF tutorial-2
>
>before reading my responses to your ignoring my previous mail again your answer is
>
>A setup the spf record for
>
>_spf.your-primary-domain.com "v=spf1 a:mail.webconnect.com.au -all"
>or if theis is your primary domain
>_spf.easynetworks.com.au IN TXT "v=spf1 a:mail.webconnect.com.au -all"
>
>then after you have done this and after it has been checked by me for typos
>{please do not ignore this caveat as a typo can be fatal}
>
>you add the following spf record to
>easynetworks.com.au IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>
>once this has been checked /tested
>
>you add the same to each domain
>
>domain1.tld IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>domain2.com IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>
>etc.etc.
>
>now work with us, or the wizard, were volunteers and spf users
>and don't appreciate when our previous help is ignored
>and we start getting asked how to fill out a form, thats not what were here for
>
>At 23:45 21/10/2009 Wednesday, you wrote:
>
>
>>
>>
>>-----Original Message-----
>>From: alan [mailto:spfdiscuss@alandoherty.net]
>>Sent: Thursday, 22 October 2009 7:47 AM
>>To: spf-help@v2.listbox.com
>>Subject: RE: [spf-help] SPF tutorial-2
>>
>>
>>Hi all
>>
>>>Is there any sort of tutorial or step by step guide on setting up spf records?
>>
>>I found the easiest was read the RFC and syntax documents
>>as no one guide will fit all senders most guides are directed at simple senders, as complex setups usually have the technical know how behind them already
>>
>>>I am looking at setting up spf records for my domain & all the domains hosted on our mail servers
>>
>>ok sounds ok so far
>>
>>> of which there are about 30. The mail enters our servers via our mx record
>>
>>OK from now on no further mention of how other people mail you or MX records as these are unrelated to and irrelevant to how your users send their mail
>>{which is all that SPF deals with}
>>
>>> , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.
>>
>>ok so you users all send from your ISP's mail servers {how your users mail gets there is also beyond the scope of SPF}
>>
>>so can you get a list of the ip's of these servers from your isp? or do they possibly {as many do} already provide an SPF record to include in your own?
>>
>>>> yes, but Im a little confused. When I do an spf lookup on their domain, there is one attached to their incoming mx record
>
>ok again stop with the mentioning of anything to do with MX records
>spf records are attached to domain names only
>
>>" Yes, support@ecn.net.au has an SPF version 1 record.
>>
>>Hostname: ecn.net.au
>>IP: 203.22.70.2
>>Mailserver(s): warp.ecn.net.au
>>SPF Record:
>>v=spf1 mx ?all
>
>ok so you are saying ecn.net.au is another domain owned by webconnect.com.au
>and has an spf record of "v=spf1 mx ?all"
>which means
>trust mail from 203.22.70.2
>and additionally the rest of the globe as we don't trust spf
>
>>But their outgoing mail which goes through webconnect does not have an spf record & THAT is the one that matters isn?t it?
>
>if their outoing mail for ecn.net.au does go through mail.webconnect.com.au yes their spf is flawed
>
>> As you say at the end of the email, there isn?t an spf record for mail.webconnect.com.au
>
>err no i clearly say there is one for mail.webconnect.com.au
>just none for webconnect.com.au
>
>>or worst case you trial + error test/find all these ip's by repeatedly mailing an external address via your setup/ISP
>>
>>once you have the IP's you can construct a master spf record for all the domains you host
>>like _SPF.your-main-domain.com "v=spf1 <details> -all"
>>
>>>> Ok, well there only seems to be one for the isp & we only have one that we send from. Problem is, I don?t know where to start on that wizard.
>
>then don't use the wizard
>
>>1) easynetworks.com.au's IP address is 203.143.228.14 (s1c0e.static.pacific.net.au).
>>Does that server send mail from easynetworks.com.au?
>
>no idea what has this got to do with you?
>
>>No, that is the incoming address, the outgoing mail leaves us via 203.201.149.50 & mail.webconnect.com.au then picks it up & relays it.
>
>ok so you are saying you only send mail from mail.webconnect.com.au
>as i posited earlier
>{as i said stop confusing yourself and the issues by talking about how mail gets to you /from you to them}
>the only thing relevant in SPF is who connects to us to send us your email
>so if it is ONLY mail.webconnect.com.au
>
>then the guesswork answer from my first email will work perfectly
>
>>2) This wizard found 2 names for the MX servers for easynetworks.com.au: s1c18.static.pacific.net.au and mail. (A single machine may go by more than one hostname. All of them are shown.)
>>MX servers receive mail for easynetworks.com.au.
>>Do they also send mail from easynetworks.com.au?
>
>obviously the answer is no if this is you
>but please use us or the wizard, you failed with the wizard so how about just answering the questions we ask
>taking the answers we give
>
>>s1c0e.static.pacific.net.au is our reverse dns ptr record.
>
>again irrelevant
>
>>Do they also send mail from easynetworks.com.au? yes, but they are relayed via a different ip than the incoming ip & are relayed to our isp.
>
>no you mean then
>
>>3) Do you want to just approve any host
>>whose name ends in easynetworks.com.au? (Expensive, unreliable and not recommended)
>>
>>I gather, I say no.
>
>correct
>
>
>>4) Do any other servers send mail from easynetworks.com.au?
>
>this is where you say yes for the first time and put in the name of the server that sends your email
>mail.webconnect.com.au
>
>>I have no idea what this is asking. We have 3 mail servers, all of which send mail via only one of those servers, via only one of our ip's & then go via our isps smtp server.
>
>again i state
>only the servers the world sees are relevant ie 1 mail.webconnect.com.au
>
>>5) You can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. To keep the wizard short we left out ptr:, but it works analogously
>>
>>Again, I'm not sure what to put here. Do I put my mx records in there & all of the mx records of all of the domains we host in there?
>
>please either use this forum or the wizard not both
>few here would have ever used it, as most could write the most complex spf records from memory
>
>>6) IP networks can be entered using CIDR notation, eg. 192.0.2.0/24
>>
>>Which cidr range?
>
>none in your case as you have one 1 mailserver with 1 ip so its totally done
>
>>7) Could mail from easynetworks.com.au originate through
>>servers belonging to some other domain?
>>If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here.
>>
>>Yes, our isp's, but their outgoing mail server don?t seem to have an spf record, whereas their incoming does.
>
>no spf is not per incoming or outgoing, please just read the answer given in the first mail and go
>
>>8) Do the above lines describe all the hosts
>>that send mail from easynetworks.com.au?
>>
>>Hosts, as in hostnames of the mail servers or names of the domains the mail servers send on behalf of?
>
>hosts as in ips as in the 1 you send mail from
>
>>9) easynetworks.com.au. IN TXT
>>
>>No idea what that is asking.
>>
>>
>>{we can help with the <details> when you can give them to us}
>>
>>>> What details do you need?
>
>we already guessed them
>the server(s) that send your email
>
>1 mail.webconnect.com.au
>
>>and then for each hosted domain, including your-main-domain.com
>>setup an spf record of "v=spf1 redirect=_SPF.your-main-domain.com"
>>
>>>> So I need to run that wizard for every domain we host?
>
>you never run the wizard you just put in the spf record as i gave you it
>
>>thus even the ones you don't handle dns for will be able to reference your spf record by adding this line to their dns
>>
>>and receivers will benefit from DNS caching of the one primary spf record
>>
>>>When I examine a message header it shows this to be correct.
>>>
>>>The questions being asked in the spf wizard doesn?t seem to match our requirements. I don?t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?
>>
>>I think I pretty much covered it above?
>>
>>btw the details if sending to the list from the aformentioned setup are
>>ISPs mailserver mail.webconnect.com.au
>>
>>so an spf {assuming they have but this one ip} would be
>>"v=spf1 a:mail.webconnect.com.au -all"
>>
>>but again rather than adding this to every customer directly
>>its better to have your costumers reference an SPF within your domain, as you are their ISP
>>you in turn reference an SPF or A record within your ISP's domain, {A currently
>>
>>i use the a: rather than ip4:203.22.70.85 because they may move the server ip at any time this stops that breaking your setup {assuming they correctly move the name}
>>
>>also i see that although webconnect.com.au dosnt use spf themselves
>>mail.webconnect.com.au does have a HELO/EHLO spf record so thats good to know and shows its likely well maintained
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
At 03:58 22/10/2009 Thursday, Danny Vincent wrote:
>Alan, I am the systems engineer of every facet of our domains. Yes, I am the hostmaster.
>
>Yes I have access to our public & private dns records.
>
>We use www.ods.org as our nameservers & delegation.

then complete step 1 as given and I'll test/verify it when done

create the dns entry below
_spf.easynetworks.com.au. IN TXT "v=spf1 a:mail.webconnect.com.au -all"

This is in standard bind format,
if it is parsing/understanding this string that is the source of the problem?
or whatever the problem is with following the instructions please elaborate.



>Danny
>
>
>-----Original Message-----
>From: Alan Doherty [mailto:alan@alandoherty.net]
>Sent: Thursday, 22 October 2009 12:32 PM
>To: spf-help@v2.listbox.com
>Subject: RE: [spf-help] SPF tutorial-2
>
>OK lets get down to basics
>
>SPF relies on DNS records being added to your domains
>
>first are you the hostmaster of the domains in question
>
>IE do you have the ability to create DNS records within those domains
>if no/dont know, then no wizard or person here can help, find out who is the DNS administrator and ask them to contact us.
>
>{all the wizard does is what we did, took your details and gives back a working SPF record(s) for you to use within your DNS zone file}
>
>if yes then what DNS administration tools do you have/use
>
>if we are familiar we will assist
>
>At 01:39 22/10/2009 Thursday, Danny Vincent wrote:
>>Alan, thanks for your help so far, but all of what you say assumes that I am familiar with the spf wizard or where to put the entries you describe below.
>>
>>Neither of which I know.
>>
>>"now work with us, or the wizard"
>>
>>I don?t know how to fill out the wizard, so as it states on your site, I am to request help through this list. This has drawn some ire for some reason. I didn?t know there was a protocol for asking questions.
>>
>>If I am to ignore the wizard & enter the details you supplied below, where exactly do I enter the details?
>>
>>Why can the site have forums or procedures with screen shots, instead of me treading this minefield of asking the wrong question each time?
>>
>>
>>
>>Danny
>>
>>
>>
>>-----Original Message-----
>>From: alan [mailto:spfdiscuss@alandoherty.net]
>>Sent: Thursday, 22 October 2009 10:28 AM
>>To: spf-help@v2.listbox.com
>>Subject: RE: [spf-help] SPF tutorial-2
>>
>>before reading my responses to your ignoring my previous mail again your answer is
>>
>>A setup the spf record for
>>
>>_spf.your-primary-domain.com "v=spf1 a:mail.webconnect.com.au -all"
>>or if theis is your primary domain
>>_spf.easynetworks.com.au IN TXT "v=spf1 a:mail.webconnect.com.au -all"
>>
>>then after you have done this and after it has been checked by me for typos
>>{please do not ignore this caveat as a typo can be fatal}
>>
>>you add the following spf record to
>>easynetworks.com.au IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>
>>once this has been checked /tested
>>
>>you add the same to each domain
>>
>>domain1.tld IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>domain2.com IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>
>>etc.etc.
>>
>>now work with us, or the wizard, were volunteers and spf users
>>and don't appreciate when our previous help is ignored
>>and we start getting asked how to fill out a form, thats not what were here for
>>
>>At 23:45 21/10/2009 Wednesday, you wrote:
>>
>>
>>>
>>>
>>>-----Original Message-----
>>>From: alan [mailto:spfdiscuss@alandoherty.net]
>>>Sent: Thursday, 22 October 2009 7:47 AM
>>>To: spf-help@v2.listbox.com
>>>Subject: RE: [spf-help] SPF tutorial-2
>>>
>>>
>>>Hi all
>>>
>>>>Is there any sort of tutorial or step by step guide on setting up spf records?
>>>
>>>I found the easiest was read the RFC and syntax documents
>>>as no one guide will fit all senders most guides are directed at simple senders, as complex setups usually have the technical know how behind them already
>>>
>>>>I am looking at setting up spf records for my domain & all the domains hosted on our mail servers
>>>
>>>ok sounds ok so far
>>>
>>>> of which there are about 30. The mail enters our servers via our mx record
>>>
>>>OK from now on no further mention of how other people mail you or MX records as these are unrelated to and irrelevant to how your users send their mail
>>>{which is all that SPF deals with}
>>>
>>>> , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.
>>>
>>>ok so you users all send from your ISP's mail servers {how your users mail gets there is also beyond the scope of SPF}
>>>
>>>so can you get a list of the ip's of these servers from your isp? or do they possibly {as many do} already provide an SPF record to include in your own?
>>>
>>>>> yes, but Im a little confused. When I do an spf lookup on their domain, there is one attached to their incoming mx record
>>
>>ok again stop with the mentioning of anything to do with MX records
>>spf records are attached to domain names only
>>
>>>" Yes, support@ecn.net.au has an SPF version 1 record.
>>>
>>>Hostname: ecn.net.au
>>>IP: 203.22.70.2
>>>Mailserver(s): warp.ecn.net.au
>>>SPF Record:
>>>v=spf1 mx ?all
>>
>>ok so you are saying ecn.net.au is another domain owned by webconnect.com.au
>>and has an spf record of "v=spf1 mx ?all"
>>which means
>>trust mail from 203.22.70.2
>>and additionally the rest of the globe as we don't trust spf
>>
>>>But their outgoing mail which goes through webconnect does not have an spf record & THAT is the one that matters isn?t it?
>>
>>if their outoing mail for ecn.net.au does go through mail.webconnect.com.au yes their spf is flawed
>>
>>> As you say at the end of the email, there isn?t an spf record for mail.webconnect.com.au
>>
>>err no i clearly say there is one for mail.webconnect.com.au
>>just none for webconnect.com.au
>>
>>>or worst case you trial + error test/find all these ip's by repeatedly mailing an external address via your setup/ISP
>>>
>>>once you have the IP's you can construct a master spf record for all the domains you host
>>>like _SPF.your-main-domain.com "v=spf1 <details> -all"
>>>
>>>>> Ok, well there only seems to be one for the isp & we only have one that we send from. Problem is, I don?t know where to start on that wizard.
>>
>>then don't use the wizard
>>
>>>1) easynetworks.com.au's IP address is 203.143.228.14 (s1c0e.static.pacific.net.au).
>>>Does that server send mail from easynetworks.com.au?
>>
>>no idea what has this got to do with you?
>>
>>>No, that is the incoming address, the outgoing mail leaves us via 203.201.149.50 & mail.webconnect.com.au then picks it up & relays it.
>>
>>ok so you are saying you only send mail from mail.webconnect.com.au
>>as i posited earlier
>>{as i said stop confusing yourself and the issues by talking about how mail gets to you /from you to them}
>>the only thing relevant in SPF is who connects to us to send us your email
>>so if it is ONLY mail.webconnect.com.au
>>
>>then the guesswork answer from my first email will work perfectly
>>
>>>2) This wizard found 2 names for the MX servers for easynetworks.com.au: s1c18.static.pacific.net.au and mail. (A single machine may go by more than one hostname. All of them are shown.)
>>>MX servers receive mail for easynetworks.com.au.
>>>Do they also send mail from easynetworks.com.au?
>>
>>obviously the answer is no if this is you
>>but please use us or the wizard, you failed with the wizard so how about just answering the questions we ask
>>taking the answers we give
>>
>>>s1c0e.static.pacific.net.au is our reverse dns ptr record.
>>
>>again irrelevant
>>
>>>Do they also send mail from easynetworks.com.au? yes, but they are relayed via a different ip than the incoming ip & are relayed to our isp.
>>
>>no you mean then
>>
>>>3) Do you want to just approve any host
>>>whose name ends in easynetworks.com.au? (Expensive, unreliable and not recommended)
>>>
>>>I gather, I say no.
>>
>>correct
>>
>>
>>>4) Do any other servers send mail from easynetworks.com.au?
>>
>>this is where you say yes for the first time and put in the name of the server that sends your email
>>mail.webconnect.com.au
>>
>>>I have no idea what this is asking. We have 3 mail servers, all of which send mail via only one of those servers, via only one of our ip's & then go via our isps smtp server.
>>
>>again i state
>>only the servers the world sees are relevant ie 1 mail.webconnect.com.au
>>
>>>5) You can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. To keep the wizard short we left out ptr:, but it works analogously
>>>
>>>Again, I'm not sure what to put here. Do I put my mx records in there & all of the mx records of all of the domains we host in there?
>>
>>please either use this forum or the wizard not both
>>few here would have ever used it, as most could write the most complex spf records from memory
>>
>>>6) IP networks can be entered using CIDR notation, eg. 192.0.2.0/24
>>>
>>>Which cidr range?
>>
>>none in your case as you have one 1 mailserver with 1 ip so its totally done
>>
>>>7) Could mail from easynetworks.com.au originate through
>>>servers belonging to some other domain?
>>>If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here.
>>>
>>>Yes, our isp's, but their outgoing mail server don?t seem to have an spf record, whereas their incoming does.
>>
>>no spf is not per incoming or outgoing, please just read the answer given in the first mail and go
>>
>>>8) Do the above lines describe all the hosts
>>>that send mail from easynetworks.com.au?
>>>
>>>Hosts, as in hostnames of the mail servers or names of the domains the mail servers send on behalf of?
>>
>>hosts as in ips as in the 1 you send mail from
>>
>>>9) easynetworks.com.au. IN TXT
>>>
>>>No idea what that is asking.
>>>
>>>
>>>{we can help with the <details> when you can give them to us}
>>>
>>>>> What details do you need?
>>
>>we already guessed them
>>the server(s) that send your email
>>
>>1 mail.webconnect.com.au
>>
>>>and then for each hosted domain, including your-main-domain.com
>>>setup an spf record of "v=spf1 redirect=_SPF.your-main-domain.com"
>>>
>>>>> So I need to run that wizard for every domain we host?
>>
>>you never run the wizard you just put in the spf record as i gave you it
>>
>>>thus even the ones you don't handle dns for will be able to reference your spf record by adding this line to their dns
>>>
>>>and receivers will benefit from DNS caching of the one primary spf record
>>>
>>>>When I examine a message header it shows this to be correct.
>>>>
>>>>The questions being asked in the spf wizard doesn?t seem to match our requirements. I don?t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?
>>>
>>>I think I pretty much covered it above?
>>>
>>>btw the details if sending to the list from the aformentioned setup are
>>>ISPs mailserver mail.webconnect.com.au
>>>
>>>so an spf {assuming they have but this one ip} would be
>>>"v=spf1 a:mail.webconnect.com.au -all"
>>>
>>>but again rather than adding this to every customer directly
>>>its better to have your costumers reference an SPF within your domain, as you are their ISP
>>>you in turn reference an SPF or A record within your ISP's domain, {A currently
>>>
>>>i use the a: rather than ip4:203.22.70.85 because they may move the server ip at any time this stops that breaking your setup {assuming they correctly move the name}
>>>
>>>also i see that although webconnect.com.au dosnt use spf themselves
>>>mail.webconnect.com.au does have a HELO/EHLO spf record so thats good to know and shows its likely well maintained
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>>Powered by Listbox: http://www.listbox.com
>>>
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
At 04:58 22/10/2009 Thursday, Danny Vincent wrote:
>Right, when I go to our name server & go to add a new dns record, there are choices from A, AAAA, MX, PTR, MX CNAME & TXT. So you are saying I need to go to our name server & add a new "txt" record for our domain & enter the spf details you mentioned earlier?

not for your domain for the domain
_spf.yourdomain

and yes SPF uses TXT records if the dns server is recent enough to understand/allow SPF native records these are used also

like the entry for the domain

www.yourdomain


>Danny
>
>
>
>-----Original Message-----
>From: Alan Doherty [mailto:alan@alandoherty.net]
>Sent: Thursday, 22 October 2009 12:32 PM
>To: spf-help@v2.listbox.com
>Subject: RE: [spf-help] SPF tutorial-2
>
>OK lets get down to basics
>
>SPF relies on DNS records being added to your domains
>
>first are you the hostmaster of the domains in question
>
>IE do you have the ability to create DNS records within those domains
>if no/dont know, then no wizard or person here can help, find out who is the DNS administrator and ask them to contact us.
>
>{all the wizard does is what we did, took your details and gives back a working SPF record(s) for you to use within your DNS zone file}
>
>if yes then what DNS administration tools do you have/use
>
>if we are familiar we will assist
>
>At 01:39 22/10/2009 Thursday, Danny Vincent wrote:
>>Alan, thanks for your help so far, but all of what you say assumes that I am familiar with the spf wizard or where to put the entries you describe below.
>>
>>Neither of which I know.
>>
>>"now work with us, or the wizard"
>>
>>I don?t know how to fill out the wizard, so as it states on your site, I am to request help through this list. This has drawn some ire for some reason. I didn?t know there was a protocol for asking questions.
>>
>>If I am to ignore the wizard & enter the details you supplied below, where exactly do I enter the details?
>>
>>Why can the site have forums or procedures with screen shots, instead of me treading this minefield of asking the wrong question each time?
>>
>>
>>
>>Danny
>>
>>
>>
>>-----Original Message-----
>>From: alan [mailto:spfdiscuss@alandoherty.net]
>>Sent: Thursday, 22 October 2009 10:28 AM
>>To: spf-help@v2.listbox.com
>>Subject: RE: [spf-help] SPF tutorial-2
>>
>>before reading my responses to your ignoring my previous mail again your answer is
>>
>>A setup the spf record for
>>
>>_spf.your-primary-domain.com "v=spf1 a:mail.webconnect.com.au -all"
>>or if theis is your primary domain
>>_spf.easynetworks.com.au IN TXT "v=spf1 a:mail.webconnect.com.au -all"
>>
>>then after you have done this and after it has been checked by me for typos
>>{please do not ignore this caveat as a typo can be fatal}
>>
>>you add the following spf record to
>>easynetworks.com.au IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>
>>once this has been checked /tested
>>
>>you add the same to each domain
>>
>>domain1.tld IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>domain2.com IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>
>>etc.etc.
>>
>>now work with us, or the wizard, were volunteers and spf users
>>and don't appreciate when our previous help is ignored
>>and we start getting asked how to fill out a form, thats not what were here for
>>
>>At 23:45 21/10/2009 Wednesday, you wrote:
>>
>>
>>>
>>>
>>>-----Original Message-----
>>>From: alan [mailto:spfdiscuss@alandoherty.net]
>>>Sent: Thursday, 22 October 2009 7:47 AM
>>>To: spf-help@v2.listbox.com
>>>Subject: RE: [spf-help] SPF tutorial-2
>>>
>>>
>>>Hi all
>>>
>>>>Is there any sort of tutorial or step by step guide on setting up spf records?
>>>
>>>I found the easiest was read the RFC and syntax documents
>>>as no one guide will fit all senders most guides are directed at simple senders, as complex setups usually have the technical know how behind them already
>>>
>>>>I am looking at setting up spf records for my domain & all the domains hosted on our mail servers
>>>
>>>ok sounds ok so far
>>>
>>>> of which there are about 30. The mail enters our servers via our mx record
>>>
>>>OK from now on no further mention of how other people mail you or MX records as these are unrelated to and irrelevant to how your users send their mail
>>>{which is all that SPF deals with}
>>>
>>>> , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.
>>>
>>>ok so you users all send from your ISP's mail servers {how your users mail gets there is also beyond the scope of SPF}
>>>
>>>so can you get a list of the ip's of these servers from your isp? or do they possibly {as many do} already provide an SPF record to include in your own?
>>>
>>>>> yes, but Im a little confused. When I do an spf lookup on their domain, there is one attached to their incoming mx record
>>
>>ok again stop with the mentioning of anything to do with MX records
>>spf records are attached to domain names only
>>
>>>" Yes, support@ecn.net.au has an SPF version 1 record.
>>>
>>>Hostname: ecn.net.au
>>>IP: 203.22.70.2
>>>Mailserver(s): warp.ecn.net.au
>>>SPF Record:
>>>v=spf1 mx ?all
>>
>>ok so you are saying ecn.net.au is another domain owned by webconnect.com.au
>>and has an spf record of "v=spf1 mx ?all"
>>which means
>>trust mail from 203.22.70.2
>>and additionally the rest of the globe as we don't trust spf
>>
>>>But their outgoing mail which goes through webconnect does not have an spf record & THAT is the one that matters isn?t it?
>>
>>if their outoing mail for ecn.net.au does go through mail.webconnect.com.au yes their spf is flawed
>>
>>> As you say at the end of the email, there isn?t an spf record for mail.webconnect.com.au
>>
>>err no i clearly say there is one for mail.webconnect.com.au
>>just none for webconnect.com.au
>>
>>>or worst case you trial + error test/find all these ip's by repeatedly mailing an external address via your setup/ISP
>>>
>>>once you have the IP's you can construct a master spf record for all the domains you host
>>>like _SPF.your-main-domain.com "v=spf1 <details> -all"
>>>
>>>>> Ok, well there only seems to be one for the isp & we only have one that we send from. Problem is, I don?t know where to start on that wizard.
>>
>>then don't use the wizard
>>
>>>1) easynetworks.com.au's IP address is 203.143.228.14 (s1c0e.static.pacific.net.au).
>>>Does that server send mail from easynetworks.com.au?
>>
>>no idea what has this got to do with you?
>>
>>>No, that is the incoming address, the outgoing mail leaves us via 203.201.149.50 & mail.webconnect.com.au then picks it up & relays it.
>>
>>ok so you are saying you only send mail from mail.webconnect.com.au
>>as i posited earlier
>>{as i said stop confusing yourself and the issues by talking about how mail gets to you /from you to them}
>>the only thing relevant in SPF is who connects to us to send us your email
>>so if it is ONLY mail.webconnect.com.au
>>
>>then the guesswork answer from my first email will work perfectly
>>
>>>2) This wizard found 2 names for the MX servers for easynetworks.com.au: s1c18.static.pacific.net.au and mail. (A single machine may go by more than one hostname. All of them are shown.)
>>>MX servers receive mail for easynetworks.com.au.
>>>Do they also send mail from easynetworks.com.au?
>>
>>obviously the answer is no if this is you
>>but please use us or the wizard, you failed with the wizard so how about just answering the questions we ask
>>taking the answers we give
>>
>>>s1c0e.static.pacific.net.au is our reverse dns ptr record.
>>
>>again irrelevant
>>
>>>Do they also send mail from easynetworks.com.au? yes, but they are relayed via a different ip than the incoming ip & are relayed to our isp.
>>
>>no you mean then
>>
>>>3) Do you want to just approve any host
>>>whose name ends in easynetworks.com.au? (Expensive, unreliable and not recommended)
>>>
>>>I gather, I say no.
>>
>>correct
>>
>>
>>>4) Do any other servers send mail from easynetworks.com.au?
>>
>>this is where you say yes for the first time and put in the name of the server that sends your email
>>mail.webconnect.com.au
>>
>>>I have no idea what this is asking. We have 3 mail servers, all of which send mail via only one of those servers, via only one of our ip's & then go via our isps smtp server.
>>
>>again i state
>>only the servers the world sees are relevant ie 1 mail.webconnect.com.au
>>
>>>5) You can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. To keep the wizard short we left out ptr:, but it works analogously
>>>
>>>Again, I'm not sure what to put here. Do I put my mx records in there & all of the mx records of all of the domains we host in there?
>>
>>please either use this forum or the wizard not both
>>few here would have ever used it, as most could write the most complex spf records from memory
>>
>>>6) IP networks can be entered using CIDR notation, eg. 192.0.2.0/24
>>>
>>>Which cidr range?
>>
>>none in your case as you have one 1 mailserver with 1 ip so its totally done
>>
>>>7) Could mail from easynetworks.com.au originate through
>>>servers belonging to some other domain?
>>>If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here.
>>>
>>>Yes, our isp's, but their outgoing mail server don?t seem to have an spf record, whereas their incoming does.
>>
>>no spf is not per incoming or outgoing, please just read the answer given in the first mail and go
>>
>>>8) Do the above lines describe all the hosts
>>>that send mail from easynetworks.com.au?
>>>
>>>Hosts, as in hostnames of the mail servers or names of the domains the mail servers send on behalf of?
>>
>>hosts as in ips as in the 1 you send mail from
>>
>>>9) easynetworks.com.au. IN TXT
>>>
>>>No idea what that is asking.
>>>
>>>
>>>{we can help with the <details> when you can give them to us}
>>>
>>>>> What details do you need?
>>
>>we already guessed them
>>the server(s) that send your email
>>
>>1 mail.webconnect.com.au
>>
>>>and then for each hosted domain, including your-main-domain.com
>>>setup an spf record of "v=spf1 redirect=_SPF.your-main-domain.com"
>>>
>>>>> So I need to run that wizard for every domain we host?
>>
>>you never run the wizard you just put in the spf record as i gave you it
>>
>>>thus even the ones you don't handle dns for will be able to reference your spf record by adding this line to their dns
>>>
>>>and receivers will benefit from DNS caching of the one primary spf record
>>>
>>>>When I examine a message header it shows this to be correct.
>>>>
>>>>The questions being asked in the spf wizard doesn?t seem to match our requirements. I don?t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?
>>>
>>>I think I pretty much covered it above?
>>>
>>>btw the details if sending to the list from the aformentioned setup are
>>>ISPs mailserver mail.webconnect.com.au
>>>
>>>so an spf {assuming they have but this one ip} would be
>>>"v=spf1 a:mail.webconnect.com.au -all"
>>>
>>>but again rather than adding this to every customer directly
>>>its better to have your costumers reference an SPF within your domain, as you are their ISP
>>>you in turn reference an SPF or A record within your ISP's domain, {A currently
>>>
>>>i use the a: rather than ip4:203.22.70.85 because they may move the server ip at any time this stops that breaking your setup {assuming they correctly move the name}
>>>
>>>also i see that although webconnect.com.au dosnt use spf themselves
>>>mail.webconnect.com.au does have a HELO/EHLO spf record so thats good to know and shows its likely well maintained
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>>Powered by Listbox: http://www.listbox.com
>>>
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
sorry if double posting resending from correct address

At 03:58 22/10/2009 Thursday, Danny Vincent wrote:
>Alan, I am the systems engineer of every facet of our domains. Yes, I am the hostmaster.
>
>Yes I have access to our public & private dns records.
>
>We use www.ods.org as our nameservers & delegation.

then complete step 1 as given and I'll test/verify it when done

create the dns entry below
_spf.easynetworks.com.au. IN TXT "v=spf1 a:mail.webconnect.com.au -all"

This is in standard bind format,
if it is parsing/understanding this string that is the source of the problem?
or whatever the problem is with following the instructions please elaborate.



>Danny
>
>
>-----Original Message-----
>From: Alan Doherty [mailto:alan@alandoherty.net]
>Sent: Thursday, 22 October 2009 12:32 PM
>To: spf-help@v2.listbox.com
>Subject: RE: [spf-help] SPF tutorial-2
>
>OK lets get down to basics
>
>SPF relies on DNS records being added to your domains
>
>first are you the hostmaster of the domains in question
>
>IE do you have the ability to create DNS records within those domains
>if no/dont know, then no wizard or person here can help, find out who is the DNS administrator and ask them to contact us.
>
>{all the wizard does is what we did, took your details and gives back a working SPF record(s) for you to use within your DNS zone file}
>
>if yes then what DNS administration tools do you have/use
>
>if we are familiar we will assist
>
>At 01:39 22/10/2009 Thursday, Danny Vincent wrote:
>>Alan, thanks for your help so far, but all of what you say assumes that I am familiar with the spf wizard or where to put the entries you describe below.
>>
>>Neither of which I know.
>>
>>"now work with us, or the wizard"
>>
>>I don?t know how to fill out the wizard, so as it states on your site, I am to request help through this list. This has drawn some ire for some reason. I didn?t know there was a protocol for asking questions.
>>
>>If I am to ignore the wizard & enter the details you supplied below, where exactly do I enter the details?
>>
>>Why can the site have forums or procedures with screen shots, instead of me treading this minefield of asking the wrong question each time?
>>
>>
>>
>>Danny
>>
>>
>>
>>-----Original Message-----
>>From: alan [mailto:spfdiscuss@alandoherty.net]
>>Sent: Thursday, 22 October 2009 10:28 AM
>>To: spf-help@v2.listbox.com
>>Subject: RE: [spf-help] SPF tutorial-2
>>
>>before reading my responses to your ignoring my previous mail again your answer is
>>
>>A setup the spf record for
>>
>>_spf.your-primary-domain.com "v=spf1 a:mail.webconnect.com.au -all"
>>or if theis is your primary domain
>>_spf.easynetworks.com.au IN TXT "v=spf1 a:mail.webconnect.com.au -all"
>>
>>then after you have done this and after it has been checked by me for typos
>>{please do not ignore this caveat as a typo can be fatal}
>>
>>you add the following spf record to
>>easynetworks.com.au IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>
>>once this has been checked /tested
>>
>>you add the same to each domain
>>
>>domain1.tld IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>domain2.com IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>
>>etc.etc.
>>
>>now work with us, or the wizard, were volunteers and spf users
>>and don't appreciate when our previous help is ignored
>>and we start getting asked how to fill out a form, thats not what were here for
>>
>>At 23:45 21/10/2009 Wednesday, you wrote:
>>
>>
>>>
>>>
>>>-----Original Message-----
>>>From: alan [mailto:spfdiscuss@alandoherty.net]
>>>Sent: Thursday, 22 October 2009 7:47 AM
>>>To: spf-help@v2.listbox.com
>>>Subject: RE: [spf-help] SPF tutorial-2
>>>
>>>
>>>Hi all
>>>
>>>>Is there any sort of tutorial or step by step guide on setting up spf records?
>>>
>>>I found the easiest was read the RFC and syntax documents
>>>as no one guide will fit all senders most guides are directed at simple senders, as complex setups usually have the technical know how behind them already
>>>
>>>>I am looking at setting up spf records for my domain & all the domains hosted on our mail servers
>>>
>>>ok sounds ok so far
>>>
>>>> of which there are about 30. The mail enters our servers via our mx record
>>>
>>>OK from now on no further mention of how other people mail you or MX records as these are unrelated to and irrelevant to how your users send their mail
>>>{which is all that SPF deals with}
>>>
>>>> , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.
>>>
>>>ok so you users all send from your ISP's mail servers {how your users mail gets there is also beyond the scope of SPF}
>>>
>>>so can you get a list of the ip's of these servers from your isp? or do they possibly {as many do} already provide an SPF record to include in your own?
>>>
>>>>> yes, but Im a little confused. When I do an spf lookup on their domain, there is one attached to their incoming mx record
>>
>>ok again stop with the mentioning of anything to do with MX records
>>spf records are attached to domain names only
>>
>>>" Yes, support@ecn.net.au has an SPF version 1 record.
>>>
>>>Hostname: ecn.net.au
>>>IP: 203.22.70.2
>>>Mailserver(s): warp.ecn.net.au
>>>SPF Record:
>>>v=spf1 mx ?all
>>
>>ok so you are saying ecn.net.au is another domain owned by webconnect.com.au
>>and has an spf record of "v=spf1 mx ?all"
>>which means
>>trust mail from 203.22.70.2
>>and additionally the rest of the globe as we don't trust spf
>>
>>>But their outgoing mail which goes through webconnect does not have an spf record & THAT is the one that matters isn?t it?
>>
>>if their outoing mail for ecn.net.au does go through mail.webconnect.com.au yes their spf is flawed
>>
>>> As you say at the end of the email, there isn?t an spf record for mail.webconnect.com.au
>>
>>err no i clearly say there is one for mail.webconnect.com.au
>>just none for webconnect.com.au
>>
>>>or worst case you trial + error test/find all these ip's by repeatedly mailing an external address via your setup/ISP
>>>
>>>once you have the IP's you can construct a master spf record for all the domains you host
>>>like _SPF.your-main-domain.com "v=spf1 <details> -all"
>>>
>>>>> Ok, well there only seems to be one for the isp & we only have one that we send from. Problem is, I don?t know where to start on that wizard.
>>
>>then don't use the wizard
>>
>>>1) easynetworks.com.au's IP address is 203.143.228.14 (s1c0e.static.pacific.net.au).
>>>Does that server send mail from easynetworks.com.au?
>>
>>no idea what has this got to do with you?
>>
>>>No, that is the incoming address, the outgoing mail leaves us via 203.201.149.50 & mail.webconnect.com.au then picks it up & relays it.
>>
>>ok so you are saying you only send mail from mail.webconnect.com.au
>>as i posited earlier
>>{as i said stop confusing yourself and the issues by talking about how mail gets to you /from you to them}
>>the only thing relevant in SPF is who connects to us to send us your email
>>so if it is ONLY mail.webconnect.com.au
>>
>>then the guesswork answer from my first email will work perfectly
>>
>>>2) This wizard found 2 names for the MX servers for easynetworks.com.au: s1c18.static.pacific.net.au and mail. (A single machine may go by more than one hostname. All of them are shown.)
>>>MX servers receive mail for easynetworks.com.au.
>>>Do they also send mail from easynetworks.com.au?
>>
>>obviously the answer is no if this is you
>>but please use us or the wizard, you failed with the wizard so how about just answering the questions we ask
>>taking the answers we give
>>
>>>s1c0e.static.pacific.net.au is our reverse dns ptr record.
>>
>>again irrelevant
>>
>>>Do they also send mail from easynetworks.com.au? yes, but they are relayed via a different ip than the incoming ip & are relayed to our isp.
>>
>>no you mean then
>>
>>>3) Do you want to just approve any host
>>>whose name ends in easynetworks.com.au? (Expensive, unreliable and not recommended)
>>>
>>>I gather, I say no.
>>
>>correct
>>
>>
>>>4) Do any other servers send mail from easynetworks.com.au?
>>
>>this is where you say yes for the first time and put in the name of the server that sends your email
>>mail.webconnect.com.au
>>
>>>I have no idea what this is asking. We have 3 mail servers, all of which send mail via only one of those servers, via only one of our ip's & then go via our isps smtp server.
>>
>>again i state
>>only the servers the world sees are relevant ie 1 mail.webconnect.com.au
>>
>>>5) You can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. To keep the wizard short we left out ptr:, but it works analogously
>>>
>>>Again, I'm not sure what to put here. Do I put my mx records in there & all of the mx records of all of the domains we host in there?
>>
>>please either use this forum or the wizard not both
>>few here would have ever used it, as most could write the most complex spf records from memory
>>
>>>6) IP networks can be entered using CIDR notation, eg. 192.0.2.0/24
>>>
>>>Which cidr range?
>>
>>none in your case as you have one 1 mailserver with 1 ip so its totally done
>>
>>>7) Could mail from easynetworks.com.au originate through
>>>servers belonging to some other domain?
>>>If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here.
>>>
>>>Yes, our isp's, but their outgoing mail server don?t seem to have an spf record, whereas their incoming does.
>>
>>no spf is not per incoming or outgoing, please just read the answer given in the first mail and go
>>
>>>8) Do the above lines describe all the hosts
>>>that send mail from easynetworks.com.au?
>>>
>>>Hosts, as in hostnames of the mail servers or names of the domains the mail servers send on behalf of?
>>
>>hosts as in ips as in the 1 you send mail from
>>
>>>9) easynetworks.com.au. IN TXT
>>>
>>>No idea what that is asking.
>>>
>>>
>>>{we can help with the <details> when you can give them to us}
>>>
>>>>> What details do you need?
>>
>>we already guessed them
>>the server(s) that send your email
>>
>>1 mail.webconnect.com.au
>>
>>>and then for each hosted domain, including your-main-domain.com
>>>setup an spf record of "v=spf1 redirect=_SPF.your-main-domain.com"
>>>
>>>>> So I need to run that wizard for every domain we host?
>>
>>you never run the wizard you just put in the spf record as i gave you it
>>
>>>thus even the ones you don't handle dns for will be able to reference your spf record by adding this line to their dns
>>>
>>>and receivers will benefit from DNS caching of the one primary spf record
>>>
>>>>When I examine a message header it shows this to be correct.
>>>>
>>>>The questions being asked in the spf wizard doesn?t seem to match our requirements. I don?t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?
>>>
>>>I think I pretty much covered it above?
>>>
>>>btw the details if sending to the list from the aformentioned setup are
>>>ISPs mailserver mail.webconnect.com.au
>>>
>>>so an spf {assuming they have but this one ip} would be
>>>"v=spf1 a:mail.webconnect.com.au -all"
>>>
>>>but again rather than adding this to every customer directly
>>>its better to have your costumers reference an SPF within your domain, as you are their ISP
>>>you in turn reference an SPF or A record within your ISP's domain, {A currently
>>>
>>>i use the a: rather than ip4:203.22.70.85 because they may move the server ip at any time this stops that breaking your setup {assuming they correctly move the name}
>>>
>>>also i see that although webconnect.com.au dosnt use spf themselves
>>>mail.webconnect.com.au does have a HELO/EHLO spf record so thats good to know and shows its likely well maintained
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>>Powered by Listbox: http://www.listbox.com
>>>
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
re-sending from correct address {apologies if it appears twice}

At 04:58 22/10/2009 Thursday, Danny Vincent wrote:
>Right, when I go to our name server & go to add a new dns record, there are choices from A, AAAA, MX, PTR, MX CNAME & TXT. So you are saying I need to go to our name server & add a new "txt" record for our domain & enter the spf details you mentioned earlier?

not for your domain for the domain
_spf.yourdomain

and yes SPF uses TXT records if the dns server is recent enough to understand/allow SPF native records these are used also

like the entry for the domain

www.yourdomain


>Danny
>
>
>
>-----Original Message-----
>From: Alan Doherty [mailto:alan@alandoherty.net]
>Sent: Thursday, 22 October 2009 12:32 PM
>To: spf-help@v2.listbox.com
>Subject: RE: [spf-help] SPF tutorial-2
>
>OK lets get down to basics
>
>SPF relies on DNS records being added to your domains
>
>first are you the hostmaster of the domains in question
>
>IE do you have the ability to create DNS records within those domains
>if no/dont know, then no wizard or person here can help, find out who is the DNS administrator and ask them to contact us.
>
>{all the wizard does is what we did, took your details and gives back a working SPF record(s) for you to use within your DNS zone file}
>
>if yes then what DNS administration tools do you have/use
>
>if we are familiar we will assist
>
>At 01:39 22/10/2009 Thursday, Danny Vincent wrote:
>>Alan, thanks for your help so far, but all of what you say assumes that I am familiar with the spf wizard or where to put the entries you describe below.
>>
>>Neither of which I know.
>>
>>"now work with us, or the wizard"
>>
>>I don?t know how to fill out the wizard, so as it states on your site, I am to request help through this list. This has drawn some ire for some reason. I didn?t know there was a protocol for asking questions.
>>
>>If I am to ignore the wizard & enter the details you supplied below, where exactly do I enter the details?
>>
>>Why can the site have forums or procedures with screen shots, instead of me treading this minefield of asking the wrong question each time?
>>
>>
>>
>>Danny
>>
>>
>>
>>-----Original Message-----
>>From: alan [mailto:spfdiscuss@alandoherty.net]
>>Sent: Thursday, 22 October 2009 10:28 AM
>>To: spf-help@v2.listbox.com
>>Subject: RE: [spf-help] SPF tutorial-2
>>
>>before reading my responses to your ignoring my previous mail again your answer is
>>
>>A setup the spf record for
>>
>>_spf.your-primary-domain.com "v=spf1 a:mail.webconnect.com.au -all"
>>or if theis is your primary domain
>>_spf.easynetworks.com.au IN TXT "v=spf1 a:mail.webconnect.com.au -all"
>>
>>then after you have done this and after it has been checked by me for typos
>>{please do not ignore this caveat as a typo can be fatal}
>>
>>you add the following spf record to
>>easynetworks.com.au IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>
>>once this has been checked /tested
>>
>>you add the same to each domain
>>
>>domain1.tld IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>domain2.com IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>
>>etc.etc.
>>
>>now work with us, or the wizard, were volunteers and spf users
>>and don't appreciate when our previous help is ignored
>>and we start getting asked how to fill out a form, thats not what were here for
>>
>>At 23:45 21/10/2009 Wednesday, you wrote:
>>
>>
>>>
>>>
>>>-----Original Message-----
>>>From: alan [mailto:spfdiscuss@alandoherty.net]
>>>Sent: Thursday, 22 October 2009 7:47 AM
>>>To: spf-help@v2.listbox.com
>>>Subject: RE: [spf-help] SPF tutorial-2
>>>
>>>
>>>Hi all
>>>
>>>>Is there any sort of tutorial or step by step guide on setting up spf records?
>>>
>>>I found the easiest was read the RFC and syntax documents
>>>as no one guide will fit all senders most guides are directed at simple senders, as complex setups usually have the technical know how behind them already
>>>
>>>>I am looking at setting up spf records for my domain & all the domains hosted on our mail servers
>>>
>>>ok sounds ok so far
>>>
>>>> of which there are about 30. The mail enters our servers via our mx record
>>>
>>>OK from now on no further mention of how other people mail you or MX records as these are unrelated to and irrelevant to how your users send their mail
>>>{which is all that SPF deals with}
>>>
>>>> , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.
>>>
>>>ok so you users all send from your ISP's mail servers {how your users mail gets there is also beyond the scope of SPF}
>>>
>>>so can you get a list of the ip's of these servers from your isp? or do they possibly {as many do} already provide an SPF record to include in your own?
>>>
>>>>> yes, but Im a little confused. When I do an spf lookup on their domain, there is one attached to their incoming mx record
>>
>>ok again stop with the mentioning of anything to do with MX records
>>spf records are attached to domain names only
>>
>>>" Yes, support@ecn.net.au has an SPF version 1 record.
>>>
>>>Hostname: ecn.net.au
>>>IP: 203.22.70.2
>>>Mailserver(s): warp.ecn.net.au
>>>SPF Record:
>>>v=spf1 mx ?all
>>
>>ok so you are saying ecn.net.au is another domain owned by webconnect.com.au
>>and has an spf record of "v=spf1 mx ?all"
>>which means
>>trust mail from 203.22.70.2
>>and additionally the rest of the globe as we don't trust spf
>>
>>>But their outgoing mail which goes through webconnect does not have an spf record & THAT is the one that matters isn?t it?
>>
>>if their outoing mail for ecn.net.au does go through mail.webconnect.com.au yes their spf is flawed
>>
>>> As you say at the end of the email, there isn?t an spf record for mail.webconnect.com.au
>>
>>err no i clearly say there is one for mail.webconnect.com.au
>>just none for webconnect.com.au
>>
>>>or worst case you trial + error test/find all these ip's by repeatedly mailing an external address via your setup/ISP
>>>
>>>once you have the IP's you can construct a master spf record for all the domains you host
>>>like _SPF.your-main-domain.com "v=spf1 <details> -all"
>>>
>>>>> Ok, well there only seems to be one for the isp & we only have one that we send from. Problem is, I don?t know where to start on that wizard.
>>
>>then don't use the wizard
>>
>>>1) easynetworks.com.au's IP address is 203.143.228.14 (s1c0e.static.pacific.net.au).
>>>Does that server send mail from easynetworks.com.au?
>>
>>no idea what has this got to do with you?
>>
>>>No, that is the incoming address, the outgoing mail leaves us via 203.201.149.50 & mail.webconnect.com.au then picks it up & relays it.
>>
>>ok so you are saying you only send mail from mail.webconnect.com.au
>>as i posited earlier
>>{as i said stop confusing yourself and the issues by talking about how mail gets to you /from you to them}
>>the only thing relevant in SPF is who connects to us to send us your email
>>so if it is ONLY mail.webconnect.com.au
>>
>>then the guesswork answer from my first email will work perfectly
>>
>>>2) This wizard found 2 names for the MX servers for easynetworks.com.au: s1c18.static.pacific.net.au and mail. (A single machine may go by more than one hostname. All of them are shown.)
>>>MX servers receive mail for easynetworks.com.au.
>>>Do they also send mail from easynetworks.com.au?
>>
>>obviously the answer is no if this is you
>>but please use us or the wizard, you failed with the wizard so how about just answering the questions we ask
>>taking the answers we give
>>
>>>s1c0e.static.pacific.net.au is our reverse dns ptr record.
>>
>>again irrelevant
>>
>>>Do they also send mail from easynetworks.com.au? yes, but they are relayed via a different ip than the incoming ip & are relayed to our isp.
>>
>>no you mean then
>>
>>>3) Do you want to just approve any host
>>>whose name ends in easynetworks.com.au? (Expensive, unreliable and not recommended)
>>>
>>>I gather, I say no.
>>
>>correct
>>
>>
>>>4) Do any other servers send mail from easynetworks.com.au?
>>
>>this is where you say yes for the first time and put in the name of the server that sends your email
>>mail.webconnect.com.au
>>
>>>I have no idea what this is asking. We have 3 mail servers, all of which send mail via only one of those servers, via only one of our ip's & then go via our isps smtp server.
>>
>>again i state
>>only the servers the world sees are relevant ie 1 mail.webconnect.com.au
>>
>>>5) You can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. To keep the wizard short we left out ptr:, but it works analogously
>>>
>>>Again, I'm not sure what to put here. Do I put my mx records in there & all of the mx records of all of the domains we host in there?
>>
>>please either use this forum or the wizard not both
>>few here would have ever used it, as most could write the most complex spf records from memory
>>
>>>6) IP networks can be entered using CIDR notation, eg. 192.0.2.0/24
>>>
>>>Which cidr range?
>>
>>none in your case as you have one 1 mailserver with 1 ip so its totally done
>>
>>>7) Could mail from easynetworks.com.au originate through
>>>servers belonging to some other domain?
>>>If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here.
>>>
>>>Yes, our isp's, but their outgoing mail server don?t seem to have an spf record, whereas their incoming does.
>>
>>no spf is not per incoming or outgoing, please just read the answer given in the first mail and go
>>
>>>8) Do the above lines describe all the hosts
>>>that send mail from easynetworks.com.au?
>>>
>>>Hosts, as in hostnames of the mail servers or names of the domains the mail servers send on behalf of?
>>
>>hosts as in ips as in the 1 you send mail from
>>
>>>9) easynetworks.com.au. IN TXT
>>>
>>>No idea what that is asking.
>>>
>>>
>>>{we can help with the <details> when you can give them to us}
>>>
>>>>> What details do you need?
>>
>>we already guessed them
>>the server(s) that send your email
>>
>>1 mail.webconnect.com.au
>>
>>>and then for each hosted domain, including your-main-domain.com
>>>setup an spf record of "v=spf1 redirect=_SPF.your-main-domain.com"
>>>
>>>>> So I need to run that wizard for every domain we host?
>>
>>you never run the wizard you just put in the spf record as i gave you it
>>
>>>thus even the ones you don't handle dns for will be able to reference your spf record by adding this line to their dns
>>>
>>>and receivers will benefit from DNS caching of the one primary spf record
>>>
>>>>When I examine a message header it shows this to be correct.
>>>>
>>>>The questions being asked in the spf wizard doesn?t seem to match our requirements. I don?t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?
>>>
>>>I think I pretty much covered it above?
>>>
>>>btw the details if sending to the list from the aformentioned setup are
>>>ISPs mailserver mail.webconnect.com.au
>>>
>>>so an spf {assuming they have but this one ip} would be
>>>"v=spf1 a:mail.webconnect.com.au -all"
>>>
>>>but again rather than adding this to every customer directly
>>>its better to have your costumers reference an SPF within your domain, as you are their ISP
>>>you in turn reference an SPF or A record within your ISP's domain, {A currently
>>>
>>>i use the a: rather than ip4:203.22.70.85 because they may move the server ip at any time this stops that breaking your setup {assuming they correctly move the name}
>>>
>>>also i see that although webconnect.com.au dosnt use spf themselves
>>>mail.webconnect.com.au does have a HELO/EHLO spf record so thats good to know and shows its likely well maintained
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>>Powered by Listbox: http://www.listbox.com
>>>
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
Ok, I have access to my domains records. Ive got A, MX, Cname & ptr records & realise you want me to add a .txt record.

I just don’t know how to set out the txt record.

Danny



-----Original Message-----
From: Alan Doherty [mailto:alan@alandoherty.net]
Sent: Thursday, 22 October 2009 2:17 PM
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] SPF tutorial-2

At 03:58 22/10/2009 Thursday, Danny Vincent wrote:
>Alan, I am the systems engineer of every facet of our domains. Yes, I am the hostmaster.
>
>Yes I have access to our public & private dns records.
>
>We use www.ods.org as our nameservers & delegation.

then complete step 1 as given and I'll test/verify it when done

create the dns entry below
_spf.easynetworks.com.au. IN TXT "v=spf1 a:mail.webconnect.com.au -all"

This is in standard bind format,
if it is parsing/understanding this string that is the source of the problem?
or whatever the problem is with following the instructions please elaborate.



>Danny
>
>
>-----Original Message-----
>From: Alan Doherty [mailto:alan@alandoherty.net]
>Sent: Thursday, 22 October 2009 12:32 PM
>To: spf-help@v2.listbox.com
>Subject: RE: [spf-help] SPF tutorial-2
>
>OK lets get down to basics
>
>SPF relies on DNS records being added to your domains
>
>first are you the hostmaster of the domains in question
>
>IE do you have the ability to create DNS records within those domains
>if no/dont know, then no wizard or person here can help, find out who is the DNS administrator and ask them to contact us.
>
>{all the wizard does is what we did, took your details and gives back a working SPF record(s) for you to use within your DNS zone file}
>
>if yes then what DNS administration tools do you have/use
>
>if we are familiar we will assist
>
>At 01:39 22/10/2009 Thursday, Danny Vincent wrote:
>>Alan, thanks for your help so far, but all of what you say assumes that I am familiar with the spf wizard or where to put the entries you describe below.
>>
>>Neither of which I know.
>>
>>"now work with us, or the wizard"
>>
>>I don?t know how to fill out the wizard, so as it states on your site, I am to request help through this list. This has drawn some ire for some reason. I didn?t know there was a protocol for asking questions.
>>
>>If I am to ignore the wizard & enter the details you supplied below, where exactly do I enter the details?
>>
>>Why can the site have forums or procedures with screen shots, instead of me treading this minefield of asking the wrong question each time?
>>
>>
>>
>>Danny
>>
>>
>>
>>-----Original Message-----
>>From: alan [mailto:spfdiscuss@alandoherty.net]
>>Sent: Thursday, 22 October 2009 10:28 AM
>>To: spf-help@v2.listbox.com
>>Subject: RE: [spf-help] SPF tutorial-2
>>
>>before reading my responses to your ignoring my previous mail again your answer is
>>
>>A setup the spf record for
>>
>>_spf.your-primary-domain.com "v=spf1 a:mail.webconnect.com.au -all"
>>or if theis is your primary domain
>>_spf.easynetworks.com.au IN TXT "v=spf1 a:mail.webconnect.com.au -all"
>>
>>then after you have done this and after it has been checked by me for typos
>>{please do not ignore this caveat as a typo can be fatal}
>>
>>you add the following spf record to
>>easynetworks.com.au IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>
>>once this has been checked /tested
>>
>>you add the same to each domain
>>
>>domain1.tld IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>domain2.com IN TXT "v=spf1 redirect=_spf.easynetworks.com.au"
>>
>>etc.etc.
>>
>>now work with us, or the wizard, were volunteers and spf users
>>and don't appreciate when our previous help is ignored
>>and we start getting asked how to fill out a form, thats not what were here for
>>
>>At 23:45 21/10/2009 Wednesday, you wrote:
>>
>>
>>>
>>>
>>>-----Original Message-----
>>>From: alan [mailto:spfdiscuss@alandoherty.net]
>>>Sent: Thursday, 22 October 2009 7:47 AM
>>>To: spf-help@v2.listbox.com
>>>Subject: RE: [spf-help] SPF tutorial-2
>>>
>>>
>>>Hi all
>>>
>>>>Is there any sort of tutorial or step by step guide on setting up spf records?
>>>
>>>I found the easiest was read the RFC and syntax documents
>>>as no one guide will fit all senders most guides are directed at simple senders, as complex setups usually have the technical know how behind them already
>>>
>>>>I am looking at setting up spf records for my domain & all the domains hosted on our mail servers
>>>
>>>ok sounds ok so far
>>>
>>>> of which there are about 30. The mail enters our servers via our mx record
>>>
>>>OK from now on no further mention of how other people mail you or MX records as these are unrelated to and irrelevant to how your users send their mail
>>>{which is all that SPF deals with}
>>>
>>>> , but leaves via a different ip address & is then passed onto our isp & leaves via their smtp servers.
>>>
>>>ok so you users all send from your ISP's mail servers {how your users mail gets there is also beyond the scope of SPF}
>>>
>>>so can you get a list of the ip's of these servers from your isp? or do they possibly {as many do} already provide an SPF record to include in your own?
>>>
>>>>> yes, but Im a little confused. When I do an spf lookup on their domain, there is one attached to their incoming mx record
>>
>>ok again stop with the mentioning of anything to do with MX records
>>spf records are attached to domain names only
>>
>>>" Yes, support@ecn.net.au has an SPF version 1 record.
>>>
>>>Hostname: ecn.net.au
>>>IP: 203.22.70.2
>>>Mailserver(s): warp.ecn.net.au
>>>SPF Record:
>>>v=spf1 mx ?all
>>
>>ok so you are saying ecn.net.au is another domain owned by webconnect.com.au
>>and has an spf record of "v=spf1 mx ?all"
>>which means
>>trust mail from 203.22.70.2
>>and additionally the rest of the globe as we don't trust spf
>>
>>>But their outgoing mail which goes through webconnect does not have an spf record & THAT is the one that matters isn?t it?
>>
>>if their outoing mail for ecn.net.au does go through mail.webconnect.com.au yes their spf is flawed
>>
>>> As you say at the end of the email, there isn?t an spf record for mail.webconnect.com.au
>>
>>err no i clearly say there is one for mail.webconnect.com.au
>>just none for webconnect.com.au
>>
>>>or worst case you trial + error test/find all these ip's by repeatedly mailing an external address via your setup/ISP
>>>
>>>once you have the IP's you can construct a master spf record for all the domains you host
>>>like _SPF.your-main-domain.com "v=spf1 <details> -all"
>>>
>>>>> Ok, well there only seems to be one for the isp & we only have one that we send from. Problem is, I don?t know where to start on that wizard.
>>
>>then don't use the wizard
>>
>>>1) easynetworks.com.au's IP address is 203.143.228.14 (s1c0e.static.pacific.net.au).
>>>Does that server send mail from easynetworks.com.au?
>>
>>no idea what has this got to do with you?
>>
>>>No, that is the incoming address, the outgoing mail leaves us via 203.201.149.50 & mail.webconnect.com.au then picks it up & relays it.
>>
>>ok so you are saying you only send mail from mail.webconnect.com.au
>>as i posited earlier
>>{as i said stop confusing yourself and the issues by talking about how mail gets to you /from you to them}
>>the only thing relevant in SPF is who connects to us to send us your email
>>so if it is ONLY mail.webconnect.com.au
>>
>>then the guesswork answer from my first email will work perfectly
>>
>>>2) This wizard found 2 names for the MX servers for easynetworks.com.au: s1c18.static.pacific.net.au and mail. (A single machine may go by more than one hostname. All of them are shown.)
>>>MX servers receive mail for easynetworks.com.au.
>>>Do they also send mail from easynetworks.com.au?
>>
>>obviously the answer is no if this is you
>>but please use us or the wizard, you failed with the wizard so how about just answering the questions we ask
>>taking the answers we give
>>
>>>s1c0e.static.pacific.net.au is our reverse dns ptr record.
>>
>>again irrelevant
>>
>>>Do they also send mail from easynetworks.com.au? yes, but they are relayed via a different ip than the incoming ip & are relayed to our isp.
>>
>>no you mean then
>>
>>>3) Do you want to just approve any host
>>>whose name ends in easynetworks.com.au? (Expensive, unreliable and not recommended)
>>>
>>>I gather, I say no.
>>
>>correct
>>
>>
>>>4) Do any other servers send mail from easynetworks.com.au?
>>
>>this is where you say yes for the first time and put in the name of the server that sends your email
>>mail.webconnect.com.au
>>
>>>I have no idea what this is asking. We have 3 mail servers, all of which send mail via only one of those servers, via only one of our ip's & then go via our isps smtp server.
>>
>>again i state
>>only the servers the world sees are relevant ie 1 mail.webconnect.com.au
>>
>>>5) You can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. To keep the wizard short we left out ptr:, but it works analogously
>>>
>>>Again, I'm not sure what to put here. Do I put my mx records in there & all of the mx records of all of the domains we host in there?
>>
>>please either use this forum or the wizard not both
>>few here would have ever used it, as most could write the most complex spf records from memory
>>
>>>6) IP networks can be entered using CIDR notation, eg. 192.0.2.0/24
>>>
>>>Which cidr range?
>>
>>none in your case as you have one 1 mailserver with 1 ip so its totally done
>>
>>>7) Could mail from easynetworks.com.au originate through
>>>servers belonging to some other domain?
>>>If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here.
>>>
>>>Yes, our isp's, but their outgoing mail server don?t seem to have an spf record, whereas their incoming does.
>>
>>no spf is not per incoming or outgoing, please just read the answer given in the first mail and go
>>
>>>8) Do the above lines describe all the hosts
>>>that send mail from easynetworks.com.au?
>>>
>>>Hosts, as in hostnames of the mail servers or names of the domains the mail servers send on behalf of?
>>
>>hosts as in ips as in the 1 you send mail from
>>
>>>9) easynetworks.com.au. IN TXT
>>>
>>>No idea what that is asking.
>>>
>>>
>>>{we can help with the <details> when you can give them to us}
>>>
>>>>> What details do you need?
>>
>>we already guessed them
>>the server(s) that send your email
>>
>>1 mail.webconnect.com.au
>>
>>>and then for each hosted domain, including your-main-domain.com
>>>setup an spf record of "v=spf1 redirect=_SPF.your-main-domain.com"
>>>
>>>>> So I need to run that wizard for every domain we host?
>>
>>you never run the wizard you just put in the spf record as i gave you it
>>
>>>thus even the ones you don't handle dns for will be able to reference your spf record by adding this line to their dns
>>>
>>>and receivers will benefit from DNS caching of the one primary spf record
>>>
>>>>When I examine a message header it shows this to be correct.
>>>>
>>>>The questions being asked in the spf wizard doesn?t seem to match our requirements. I don?t want to try & blunder my way through & find that mail is not flowing. Is there any help on this?
>>>
>>>I think I pretty much covered it above?
>>>
>>>btw the details if sending to the list from the aformentioned setup are
>>>ISPs mailserver mail.webconnect.com.au
>>>
>>>so an spf {assuming they have but this one ip} would be
>>>"v=spf1 a:mail.webconnect.com.au -all"
>>>
>>>but again rather than adding this to every customer directly
>>>its better to have your costumers reference an SPF within your domain, as you are their ISP
>>>you in turn reference an SPF or A record within your ISP's domain, {A currently
>>>
>>>i use the a: rather than ip4:203.22.70.85 because they may move the server ip at any time this stops that breaking your setup {assuming they correctly move the name}
>>>
>>>also i see that although webconnect.com.au dosnt use spf themselves
>>>mail.webconnect.com.au does have a HELO/EHLO spf record so thats good to know and shows its likely well maintained
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>>Powered by Listbox: http://www.listbox.com
>>>
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: SPF tutorial-2 [ In reply to ]
On Thu, Oct 22, 2009 at 06:14, Danny Vincent <danny@easynetworks.com.au> wrote:
> Ok, I have access to my domains records. Ive got A, MX, Cname & ptr records & realise you want me to add a .txt record.
>
> I just don’t know how to set out the txt record.

What type of DNS server are you using, what interface are you using to it?

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
Does this list not accept html? Ive sent through some screen shots & I didn’t get the email back, so I gather not?

Danny



-----Original Message-----
From: Rob MacGregor [mailto:rob.macgregor@gmail.com]
Sent: Thursday, 22 October 2009 4:28 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] SPF tutorial-2

On Thu, Oct 22, 2009 at 06:14, Danny Vincent <danny@easynetworks.com.au> wrote:
> Ok, I have access to my domains records. Ive got A, MX, Cname & ptr records & realise you want me to add a .txt record.
>
> I just don’t know how to set out the txt record.

What type of DNS server are you using, what interface are you using to it?

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: SPF tutorial-2 [ In reply to ]
On Thu, Oct 22, 2009 at 07:39, Danny Vincent <danny@easynetworks.com.au> wrote:
> Does this list not accept html? Ive sent through some screen shots & I didn’t get the email back, so I gather not?

That may be why your first email never made it to the list either.

Try using the name of the product instead ;) If you're uncertain the
people that run your DNS server should be able to help you.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
At 07:39 22/10/2009 Thursday, you wrote:
>Does this list not accept html? Ive sent through some screen shots & I didn?t get the email back, so I gather not?

i guess not try posting them online and send us a url


>Danny
>
>
>
>-----Original Message-----
>From: Rob MacGregor [mailto:rob.macgregor@gmail.com]
>Sent: Thursday, 22 October 2009 4:28 PM
>To: spf-help@v2.listbox.com
>Subject: Re: [spf-help] SPF tutorial-2
>
>On Thu, Oct 22, 2009 at 06:14, Danny Vincent <danny@easynetworks.com.au> wrote:
>> Ok, I have access to my domains records. Ive got A, MX, Cname & ptr records & realise you want me to add a .txt record.
>>
>> I just don?t know how to set out the txt record.
>
>What type of DNS server are you using, what interface are you using to it?
>
>--
> Please keep list traffic on the list.
>
>Rob MacGregor
> Whoever fights monsters should see to it that in the process he
> doesn't become a monster. Friedrich Nietzsche
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
Ok, in the screen shots I sent , it has 5 fields for me to fill out:

(ODS.ORG) Add Host on a Private Domain

1) host: in here I usually put e.g. mail
2) domain: in here is a drop down list of all my domains, in the screen shot I had easynetworks selected.
3) type: type of the dns record e.g. A,MX,PTR, TXT I gather I choose "txt"?
4) target: in here I usually specifiy an ip or another dns name if I am creating a cname record.

Is that of any help?

Danny





-----Original Message-----
From: Rob MacGregor [mailto:rob.macgregor@gmail.com]
Sent: Thursday, 22 October 2009 4:56 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] SPF tutorial-2

On Thu, Oct 22, 2009 at 07:39, Danny Vincent <danny@easynetworks.com.au> wrote:
> Does this list not accept html? Ive sent through some screen shots & I didn’t get the email back, so I gather not?

That may be why your first email never made it to the list either.

Try using the name of the product instead ;) If you're uncertain the
people that run your DNS server should be able to help you.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
url to screen shot:

http://img29.imageshack.us/img29/7783/ods.png

Danny



-----Original Message-----
From: alan [mailto:spfdiscuss@alandoherty.net]
Sent: Thursday, 22 October 2009 5:01 PM
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] SPF tutorial-2

At 07:39 22/10/2009 Thursday, you wrote:
>Does this list not accept html? Ive sent through some screen shots & I didn?t get the email back, so I gather not?

i guess not try posting them online and send us a url


>Danny
>
>
>
>-----Original Message-----
>From: Rob MacGregor [mailto:rob.macgregor@gmail.com]
>Sent: Thursday, 22 October 2009 4:28 PM
>To: spf-help@v2.listbox.com
>Subject: Re: [spf-help] SPF tutorial-2
>
>On Thu, Oct 22, 2009 at 06:14, Danny Vincent <danny@easynetworks.com.au> wrote:
>> Ok, I have access to my domains records. Ive got A, MX, Cname & ptr records & realise you want me to add a .txt record.
>>
>> I just don?t know how to set out the txt record.
>
>What type of DNS server are you using, what interface are you using to it?
>
>--
> Please keep list traffic on the list.
>
>Rob MacGregor
> Whoever fights monsters should see to it that in the process he
> doesn't become a monster. Friedrich Nietzsche
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: SPF tutorial-2 [ In reply to ]
On Thu, Oct 22, 2009 at 08:04, Danny Vincent <danny@easynetworks.com.au> wrote:
> Ok, in the screen shots I sent , it has 5 fields for me to fill out:
>
> (ODS.ORG) Add Host on a Private Domain
>
> 1) host: in here I usually put e.g. mail

You would leave this blank

> 2) domain: in here is a drop down list of all my domains, in the screen shot I had easynetworks selected.

Correct

> 3) type: type of the dns record e.g. A,MX,PTR, TXT  I gather I choose "txt"?

Correct

> 4) target: in here I usually specifiy an ip or another dns name if I am creating a cname record.

Here you would enter the SPF record

You should check with the people running the DNS service whether you
need to enter the information in the "Public domain" section (which
I'd expect) or the section you chose.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
At 08:04 22/10/2009 Thursday, Danny Vincent wrote:
>Ok, in the screen shots I sent , it has 5 fields for me to fill out:
>
>(ODS.ORG) Add Host on a Private Domain
>
>1) host: in here I usually put e.g. mail

in this case _spf

>2) domain: in here is a drop down list of all my domains, in the screen shot I had easynetworks selected.

ok

>3) type: type of the dns record e.g. A,MX,PTR, TXT I gather I choose "txt"?

yes

>4) target: in here I usually specifiy an ip or another dns name if I am creating a cname record.

for txt it will i assume allow you to type in the text value as given?









>Is that of any help?
>
>Danny
>
>
>
>
>
>-----Original Message-----
>From: Rob MacGregor [mailto:rob.macgregor@gmail.com]
>Sent: Thursday, 22 October 2009 4:56 PM
>To: spf-help@v2.listbox.com
>Subject: Re: [spf-help] SPF tutorial-2
>
>On Thu, Oct 22, 2009 at 07:39, Danny Vincent <danny@easynetworks.com.au> wrote:
>> Does this list not accept html? Ive sent through some screen shots & I didn?t get the email back, so I gather not?
>
>That may be why your first email never made it to the list either.
>
>Try using the name of the product instead ;) If you're uncertain the
>people that run your DNS server should be able to help you.
>
>--
> Please keep list traffic on the list.
>
>Rob MacGregor
> Whoever fights monsters should see to it that in the process he
> doesn't become a monster. Friedrich Nietzsche
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: SPF tutorial-2 [ In reply to ]
please Rob don't confuse the issue

we are walking him through setting up one central record
as _spf.his-domain.com

for his 30 or so customer domains to reference
{we do this as a separate record in case he wanted to move his mail in future to a separate setup to that of his customers} so the can continue referencing _spf.hisdomain and he just uses another for hisdomain

so host is NOT blank it is _spf as stated before

when done mail us so i can check in dns all is well before we then reference it from any of your domains

At 08:44 22/10/2009 Thursday, Rob MacGregor wrote:
>On Thu, Oct 22, 2009 at 08:04, Danny Vincent <danny@easynetworks.com.au> wrote:
>> Ok, in the screen shots I sent , it has 5 fields for me to fill out:
>>
>> (ODS.ORG) Add Host on a Private Domain
>>
>> 1) host: in here I usually put e.g. mail
>
>You would leave this blank
>
>> 2) domain: in here is a drop down list of all my domains, in the screen shot I had easynetworks selected.
>
>Correct
>
>> 3) type: type of the dns record e.g. A,MX,PTR, TXT Â I gather I choose "txt"?
>
>Correct
>
>> 4) target: in here I usually specifiy an ip or another dns name if I am creating a cname record.
>
>Here you would enter the SPF record
>
>You should check with the people running the DNS service whether you
>need to enter the information in the "Public domain" section (which
>I'd expect) or the section you chose.
>
>--
> Please keep list traffic on the list.
>
>Rob MacGregor
> Whoever fights monsters should see to it that in the process he
> doesn't become a monster. Friedrich Nietzsche
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
RE: SPF tutorial-2 [ In reply to ]
a brilliant piece of totaly bad engineering that interface {another product never to use}

yes target is the mis-label they are using to describe "value"

so as described umpteen times the "Value" of the txt record should be

v=spf1 a:mail.webconnect.com.au -all

as typed we will check so if you make a mistake it will cause you no harm we will just keep editing till it works


At 08:16 22/10/2009 Thursday, Danny Vincent wrote:
>url to screen shot:
>
>http://img29.imageshack.us/img29/7783/ods.png
>
>Danny
>
>
>
>-----Original Message-----
>From: alan [mailto:spfdiscuss@alandoherty.net]
>Sent: Thursday, 22 October 2009 5:01 PM
>To: spf-help@v2.listbox.com
>Subject: RE: [spf-help] SPF tutorial-2
>
>At 07:39 22/10/2009 Thursday, you wrote:
>>Does this list not accept html? Ive sent through some screen shots & I didn?t get the email back, so I gather not?
>
>i guess not try posting them online and send us a url
>
>
>>Danny
>>
>>
>>
>>-----Original Message-----
>>From: Rob MacGregor [mailto:rob.macgregor@gmail.com]
>>Sent: Thursday, 22 October 2009 4:28 PM
>>To: spf-help@v2.listbox.com
>>Subject: Re: [spf-help] SPF tutorial-2
>>
>>On Thu, Oct 22, 2009 at 06:14, Danny Vincent <danny@easynetworks.com.au> wrote:
>>> Ok, I have access to my domains records. Ive got A, MX, Cname & ptr records & realise you want me to add a .txt record.
>>>
>>> I just don?t know how to set out the txt record.
>>
>>What type of DNS server are you using, what interface are you using to it?
>>
>>--
>> Please keep list traffic on the list.
>>
>>Rob MacGregor
>> Whoever fights monsters should see to it that in the process he
>> doesn't become a monster. Friedrich Nietzsche
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

1 2  View All