Mailing List Archive

At 21:31 16/01/2010 Saturday, Robin Miller wrote:


>Thank you, Alessandro, Gino, and Alan, for taking the time to reply.

its a pity you seem to have ignored/left unread all i sent


>To repeat my situation, I own the domain cbar.pro for my business. I send e-mail from this domain through my website hosting company (bluehost.com), my ISP (charter.net) and a commercial e-mail sender for occasional large mailings.
>
>Bluehost uses a large number of outgoing mail servers. As far as I can tell, they're all of the form server_name.bluehost.com.
>
>Charter uses two, that I know of: smtp.charter.net (209.225.8.224, for personal accounts) and smtp.charterinternet.com (209.225.8.76, for business accounts).
>
>The commercial e-mailer told me to add ip4:38.100.176.0/24 to my SPF record to cover their outgoing mail server.

so how come you asked them {and have the correct details for them, yet haven't approached the other two?}



>Since my e-mail yesterday, I can confirm that bluehost has the following SPF record:
>
>v=spf1 ip4:66.147.240.0/20 ip4:67.222.65.0/19 ip4:69.89.16.0/20 ip4:74.220.192.0/19 ip4:67.222.32.0/19 ip4:70.40.192.0/19 ip4:67.20.64.0/18 a mx ptr ptr:0catch.com ~all
>
>And charter.net has the following SPF record:
>
>v=spf1 ip4:209.225.8.0/24 ip4:209.225.28.0/24 ip4:209.225.29.51/32 ip4:64.210.232.0/24 ip4:216.33.127.0/24 ip4:64.209.227.0/24 ~all
>
>I obtained both of these by using this SPF record query tool:
>
>http://www.kitterman.com/spf/validate.html
>
>
>Interestingly, both of these use ~all rather than -all.

yes because both of these are to validate user@isp address' thus they don't want non-srs forwarders to cause drop/rejects in mail from users/staff/sales with user@bluhost or user@charter address'
domain.com's SPF is not designed for inclusion usually, its designed for mail from user@domain.com and thus reflects their policy for their staff-mails
most ISP's offer some other like _spf.domain.com for customers to include in their spf {some don't some don't understand or know spf at all}

>This is just a very long e-mail to say that it looks like I can use a compact SPF record:
>
>v=spf1 include:bluehost.com include:charter.net ip4:38.100.176.0/24 ~all

as stated previously NO always raw ip's FIRST then A then MX etc last includes always
as otherwise mails from 38.100.176.* cause a minimum of 6 dnslookups {as they have to add in the includes before they get to the ips}
bluehost 2-4 {as they have not just raw ip's but a mx ptr and external ptr's} an i doubt this spf is designed for customers to include, 4 is not correct btw its actually 4+whatever number of hosts are listed in their mx's so likely at least another 2}
charter 5

order them correctly and have shorter time /faster checks and less resources used by recievers/checkers
38.100.176 1 lookup
charter 2
bluehost 3-6-whatever

yes it means that bluehost might take a few milliseconds longer to get to {but still a fraction of the time it will take to process their record as-is} but at least the mails from the simplest 38.100.178 and charter go through much faster and without all the multiple lookups within bluhosts OTT record

as for whether the include:charter and include:bluehost are correct or far too wide open the only people who can tell you this are bluehost and charter, though bluehosts does not appear to be designed for inclusion. most professional isp's provide a dedicated name to use in includes, why don't you ask them if they do?

v=spf1 ip4:38.100.176.0/24 include:charter.net include:bluehost.com


>And I can change ~all to -all after some further testing.
>
>Thanks again,
>Robin
>
>
>
>
>
>
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com