Mailing List Archive

yes sir thanks for help, my all domain have same mail server IP(
Ex.mail.lemeridianahmedabad.com, mail.phenixvp.com, mail.acmeintl.com all
mail server ip is same 74.86.58.248) so your given spf record is suitable
for all my domain.

Thank you very much for giving best support





On Thu, Jun 17, 2010 at 8:11 PM, Andrew Culver <aculver@uwo.ca> wrote:

> For each domain that you host, you need to ask "what hosts send mail for
> this domain?" Your record should list the outbound addresses of each of
> these hosts.
>
> If you are hosting domains for clients, do not assume that your mail
> server is the only server that they send their mail from. Ask them.
> Maybe they do not want SPF on their domain.
>
> Once you have decided which domains you want to create an SPF record for
> and you have a complete list of hosts that send mail for each domain,
> you can create an SPF record.
>
> (There are wizards that can help you, but these are often not perfect.
> If you use a wizard, don't assume that what it generates is ready for use.)
>
> Using the domain below (lemeridienahmedabad.com), we can see it already
> has an SPF record:
>
> lemeridienahmedabad.com. 14355 IN TXT "v=spf1 a mx -all" ""
>
> This is saying that "a" and "mx" are permitted to send mail as
> @lemeridienahmedabad.com. The "a" refers to
> lemeridienahmedabad.com itself, which is 74.86.56.202 and "mx" refers to
> the MX of the domain which is 74.53.172.242.
>
> If these IPs don't actually send mail, you can remove them. You can also
> list the actual IP addresses to reduce DNS lookups, unless there's some
> specific reason not to.
>
> Next you want to add the IP that your server sends mail from
> (74.86.58.248).
>
> This gives you:
> v=spf1 ip4:74.86.56.202 ip4:74.53.172.242 ip4:74.86.58.248 -all
>
> Try working through this process for your other domains. Post what you
> come up with to this list and we'll tell you if you've got it right. If
> we do it all for you, you won't learn. ;)
>
> Andrew
>
>
> deep pathak wrote:
> > Thanks for clear my doudt. but now i have only one problem is that we are
> > provide domain hosting and our mail server ip is 74.86.58.248(Static IP).
> we
> > have many client in differen location and may be they are using dynamic
> ip
> > internet connection. in this time our client sent mail from outlook or
> using
> > proxy+ server on that time if they sent mail on the mail information it
> show
> > that mail generated from their isp(Dynamic IP) IP so in spf verification
> it
> > is not match with mail server ip and bounce back due to spf.
> >
> > below is example.
> >
> >
> > Failed Recipient: ankush.puri@piaggio.co.in
> >
> > Reason: Remote host said: 550 See
> >
> >
> http://spf.pobox.com/why.html?sender=gmoffice%40lemeridienahmedabad.com&ip=7
> >
> > 4.86.58.248&receiver=pgvl.com (#5.7.1)
> >
> >
> >
> > -- The header and top 20 lines of the message follows --
> >
> >
> >
> > Received: from 121.247.162.121.ahmedabad-bb.vsnl.net.in[121.247.162.121] by
> >
> > mail.urlwebserver.com with SMTP;
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Thu, Jun 17, 2010 at 7:06 PM, Gino Cerullo <
> > gcerullo@pixelpointstudios.com> wrote:
> >
> >> On 17-Jun-10, at 9:19 AM, deep pathak wrote:
> >>
> >> As per my told in MX record there is show mx.cleanmailgateway.comserver
> >>> but
> >>> it is use for incomming mail filter, on outgoing mail 74.86.58.248 ip
> use
> >>> for mail relay. so if i am add 74.86.58.248 IP in sp record may be
> remote
> >>> server found that the MX server is diferent. so what is the perfect spf
> >>> record for my all client domain.
> >>>
> >>
> >> SPF doesn't care about the MX and the incoming mail server. It only
> wants
> >> to know which outgoing mail servers are authorized to send mail on
> behalf of
> >> the domain.
> >>
> >> You can try adding the IP address 74.86.58.248 but once it changes,
> since
> >> you said it is dynamic, then the SPF policy will not be correct anymore.
> IF
> >> it is a fixed address that does not change then you will be okay.
> >>
> >> Again, the only way to guarantee a correct SPF policy is to use fixed IP
> >> addresses.
> >>
> >> If you insist on using a mail relay that is on a dynamic IP address then
> >> you are better served by not having an SPF policy.
> >>
> >>
> >>
> >> --
> >> Gino Cerullo
> >>
> >> Pixel Point Studios
> >> 21 Chesham Drive
> >> Toronto, ON M3M 1W6
> >>
> >> 416-247-7740
> >>
> >>
> >>
> >> -------------------------------------------
> >> Sender Policy Framework: http://www.openspf.org [
> http://www.openspf.org]
> >> Modify Your Subscription: http://www.listbox.com/member/ [
> >> http://www.listbox.com/member/]
> >>
> >> Archives: https://www.listbox.com/member/archive/1020/=now
> >> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> >> Powered by Listbox: http://www.listbox.com
> >>
> >
> >
> > -------------------------------------------
> > Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> > Modify Your Subscription: http://www.listbox.com/member/ [
> http://www.listbox.com/member/]
> >
> > Archives: https://www.listbox.com/member/archive/1020/=now
> > RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> > Powered by Listbox: http://www.listbox.com
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [
> http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Dear Sir,

I got new problem regarding spf here with failure notice. below my spf
record which is add in my domain is it right for this.

v=spf1 ip4:74.86.58.248 ip4:74.86.56.202 include:aspmx.googlemail.com ~all
or
v=spf1 mx:mail.sarjanindia.com include:aspmx.googlemail.com ~all
or
this is wrong spf and want to change.

Failed Recipient: ro@hidrotek.cn
Reason: Remote host said: 520 ip and spf record not match

-- The header and top 20 lines of the message follows --

Received: from ABTS-mum-Dynamic-111.22.170.122.airtelbroadband.in[122.170.22.111]
by
mail.urlwebserver.com with SMTP;
Tue, 22 Jun 2010 13:53:43 +0530









On Tue, Jun 15, 2010 at 11:30 AM, deep pathak <pathakdeep07@gmail.com>wrote:

> Dear Sir,
>
> My self Deep, i need some help, my domain name is urlsoftware.com and i
> want to add spf record but i have one problem is that i have dynamic ip
> internet connection so how i can add spf record for my domain.
>
> Thanks,
> Deep Pathak
>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

deep pathak wrote on Tue, Jun 22 2010 at 11:26 am:

> v=spf1 mx:mail.sarjanindia.com include:aspmx.googlemail.com ~all

This record is invalid, there is no MX record for the mail.sarjanindia.com domain. You probably meant "a:mail.sarjanindia.com" or "mx:sarjanindia.com"?

> Failed Recipient: ro@hidrotek.cn
> Reason: Remote host said: 520 ip and spf record not match
>
> -- The header and top 20 lines of the message follows --
>
> Received: from ABTS-mum-Dynamic-
> 111.22.170.122.airtelbroadband.in[122.170.22.111] by
> mail.urlwebserver.com with SMTP; Tue, 22 Jun 2010 13:53:43 +0530


So you were sending to mail.urlwebserver.com and it received your message from 122.170.22.111? Does that server normally send out mail for you?

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Status Quo: Latin for the mess we are in.

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On 22-Jun-10, at 12:26 PM, deep pathak wrote:

> Dear Sir,
>
> I got new problem regarding spf here with failure notice. below my spf
> record which is add in my domain is it right for this.
>
> v=spf1 ip4:74.86.58.248 ip4:74.86.56.202
> include:aspmx.googlemail.com ~all
> or
> v=spf1 mx:mail.sarjanindia.com include:aspmx.googlemail.com ~all
> or
> this is wrong spf and want to change.
>
> Failed Recipient: ro@hidrotek.cn
> Reason: Remote host said: 520 ip and spf record not match
>
> -- The header and top 20 lines of the message follows --
>
> Received: from ABTS-mum-
> Dynamic-111.22.170.122.airtelbroadband.in[122.170.22.111]
> by
> mail.urlwebserver.com with SMTP;
> Tue, 22 Jun 2010 13:53:43 +0530

I believe we are missing a portion of the rejection message. Please
post the entire rejection otherwise I'm only guessing what might be
going on.

It looks like the email was relayed through 'mail.urlwebserver.com
[74.86.58.248]'


Email was sent from the address 'ro@hidrotek.cn' so let's look at the
SPF policy for 'hidrotek.cn'

hidrotek.cn. IN TXT "v=spf1 include:spf.263xmail.com ~all"

spf.263xmail.com. IN TXT "v=spf1 ip4:211.150.66.0/24
ip4:211.150.67.0/24 ip4:211.150.96.0/24 ip4:211.150.100.0/24
ip4:211.157.129.0/24 ip4:211.150.64.0/24 ip4:211.150.122.0/24
ip4:74.86.11.0/28 ip4:63.217.87.0/28 ip4:211.157.224.0/24 ~all

If the mail was relayed through 'mail.urlwebserver.com [74.86.58.248]'
then it should only SOFTFAIL since the SPF policy for 'hidrotek.cn'
does not included '74.86.58.24'.

The message should not have been rejected since the SPF policy is set
to only SOFTFAIL but regardless, the IP address is not authorized for
that domain.



--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

We need more information. Is this the full reject message?

What address is being used in the from (envelope mail from) command?

What is the IP address of the outbound mail server?


deep pathak wrote:
> v=spf1 mx:mail.sarjanindia.com

mail.sarjanindia.com has no MX record.

You seem to be just guessing at things and hoping they work, then asking
us to give you the answer when you get it wrong. This is a dangerous way
to implement SPF on a production mail service as you will almost
certainly cause delivery issues.

You need to learn more about the SPF syntax. I suggest reading through
the pages at http://www.openspf.org/, specifically
http://www.openspf.org/SPF_Record_Syntax and
http://www.openspf.org/FAQ/Common_mistakes. Once you have done some
research, then please ask us if you have any questions.

In the mean time, I recommend removing the SPF records from your domain
until you are confident that what you will be implementing is correct.

Andrew


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Sorry for resending this message. I forgot to address the first part.

On 22-Jun-10, at 12:26 PM, deep pathak wrote:

> Dear Sir,
>
> I got new problem regarding spf here with failure notice. below my spf
> record which is add in my domain is it right for this.
>
> v=spf1 ip4:74.86.58.248 ip4:74.86.56.202
> include:aspmx.googlemail.com ~all
> or
> v=spf1 mx:mail.sarjanindia.com include:aspmx.googlemail.com ~all
> or
> this is wrong spf and want to change.

What is the domain name that these SPF policies are for?

Also, 'v=spf1 mx:mail.sarjanindia.com include:aspmx.googlemail.com
~all' is invalid. There is no mx for 'mail.sarjanindia.com'.

>
> Failed Recipient: ro@hidrotek.cn
> Reason: Remote host said: 520 ip and spf record not match
>
> -- The header and top 20 lines of the message follows --
>
> Received: from ABTS-mum-
> Dynamic-111.22.170.122.airtelbroadband.in[122.170.22.111]
> by
> mail.urlwebserver.com with SMTP;
> Tue, 22 Jun 2010 13:53:43 +0530

I believe we are missing a portion of the rejection message. Please
post the entire rejection otherwise I'm only guessing what might be
going on.

It looks like the email was relayed through 'mail.urlwebserver.com
[74.86.58.248]'


Email was sent from the address 'ro@hidrotek.cn' so let's look at the
SPF policy for 'hidrotek.cn'

hidrotek.cn. IN TXT "v=spf1 include:spf.263xmail.com ~all"

spf.263xmail.com. IN TXT "v=spf1 ip4:211.150.66.0/24
ip4:211.150.67.0/24 ip4:211.150.96.0/24 ip4:211.150.100.0/24
ip4:211.157.129.0/24 ip4:211.150.64.0/24 ip4:211.150.122.0/24
ip4:74.86.11.0/28 ip4:63.217.87.0/28 ip4:211.157.224.0/24 ~all

If the mail was relayed through 'mail.urlwebserver.com [74.86.58.248]'
then it should only SOFTFAIL since the SPF policy for 'hidrotek.cn'
does not included '74.86.58.24'.

The message should not have been rejected since the SPF policy is set
to only SOFTFAIL but regardless, the IP address is not authorized for
that domain.



--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Dear Sir,

Following full failure notice recipt.
please help me.



Could not deliver message to the following recipient(s):

Failed Recipient: ro@hidrotek.cn
Reason: Remote host said: 520 ip and spf record not match

-- The header and top 20 lines of the message follows --

Received: from ABTS-mum-Dynamic-111.22.170.122.airtelbroadband.in[122.170.22.111]
by
mail.urlwebserver.com with SMTP;
Tue, 22 Jun 2010 13:53:43 +0530
Message-ID:
From: "import"
To: "'hidrotek-lily'"
Cc: "Meena Pillai"
References: <002d01cb109d$9ff7fb10$dfe7f130$@com>
In-Reply-To: <002d01cb109d$9ff7fb10$dfe7f130$@com>
Subject: Re: quotation form ningbo Hidrotek co.,ltd
Date: Tue, 22 Jun 2010 13:51:08 +0530
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_00F8_01CB1211.F821F4B0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6000.20661
X-MIMEOLE: Produced By Microsoft MimeOLE V6.0.6000.16386

This is a multi-part message in MIME format.

------=_NextPart_000_00F8_01CB1211.F821F4B0
Content-Type: text/plain;
charset="gb2312"
Content-Transfer-Encoding: quoted-printable










On Tue, Jun 22, 2010 at 10:19 PM, Gino Cerullo <
gcerullo@pixelpointstudios.com> wrote:

> On 22-Jun-10, at 12:26 PM, deep pathak wrote:
>
> Dear Sir,
>>
>> I got new problem regarding spf here with failure notice. below my spf
>> record which is add in my domain is it right for this.
>>
>> v=spf1 ip4:74.86.58.248 ip4:74.86.56.202 include:aspmx.googlemail.com~all
>> or
>> v=spf1 mx:mail.sarjanindia.com include:aspmx.googlemail.com ~all
>> or
>> this is wrong spf and want to change.
>>
>> Failed Recipient: ro@hidrotek.cn
>> Reason: Remote host said: 520 ip and spf record not match
>>
>> -- The header and top 20 lines of the message follows --
>>
>> Received: from ABTS-mum-Dynamic-111.22.170.122.airtelbroadband.in<http://abts-mum-dynamic-111.22.170.122.airtelbroadband.in/>
>> [122.170.22.111]
>> by
>> mail.urlwebserver.com with SMTP;
>> Tue, 22 Jun 2010 13:53:43 +0530
>>
>
> I believe we are missing a portion of the rejection message. Please post
> the entire rejection otherwise I'm only guessing what might be going on.
>
> It looks like the email was relayed through 'mail.urlwebserver.com[74.86.58.248]'
>
>
> Email was sent from the address 'ro@hidrotek.cn' so let's look at the SPF
> policy for 'hidrotek.cn'
>
> hidrotek.cn. IN TXT "v=spf1 include:spf.263xmail.com ~all"
>
> spf.263xmail.com. IN TXT "v=spf1 ip4:211.150.66.0/24 ip4:
> 211.150.67.0/24 ip4:211.150.96.0/24 ip4:211.150.100.0/24 ip4:
> 211.157.129.0/24 ip4:211.150.64.0/24 ip4:211.150.122.0/24 ip4:
> 74.86.11.0/28 ip4:63.217.87.0/28 ip4:211.157.224.0/24 ~all
>
> If the mail was relayed through 'mail.urlwebserver.com [74.86.58.248]'
> then it should only SOFTFAIL since the SPF policy for 'hidrotek.cn' does
> not included '74.86.58.24'.
>
> The message should not have been rejected since the SPF policy is set to
> only SOFTFAIL but regardless, the IP address is not authorized for that
> domain.
>
>
>
>
> --
> Gino Cerullo
>
> Pixel Point Studios
> 21 Chesham Drive
> Toronto, ON M3M 1W6
>
> 416-247-7740
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [
> http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

> Received: from
> ABTS-mum-Dynamic-111.22.170.122.airtelbroadband.in[122.170.22.111]

This mail was sent from a dynamic IP address on airtelbroadband.in.

> by
> mail.urlwebserver.com with SMTP;

Ir was received by mail.urlwebserver.com.

ro@hidrotek.cn

> To: "'hidrotek-lily'"

It was sent to ro@hidrotek.cn. hidrotek.cn has the SPF policy :-

"v=spf1 include:spf.263xmail.com ~all"

Which pans out to

"v=spf1 ip4:211.150.66.0/24 ip4:211.150.67.0/24 ip4:211.150.96.0/24
ip4:211.150.100.0/24 ip4:211.157.129.0/24 ip4:211.150.64.0/24
ip4:211.150.122.0/24 ip4:74.86.11.0/28 ip4:63.217.87.0/28
ip4:211.157.224.0/24 ~all"

The IP address from which your email is being sent is not listed in that
lot. That would lead to an outright rejection if the policy ended in
"-all". It is unclear why you got a rejection rather than a softfail - but
waht you are trying to do is clearly wrong anyway.

It would *appear* from what you have posted in the past that you have set
up your MSA incorrectly. If this is one of your subscribers attempting to
send email through your server, then you need to sort out an
authentication step to avoid SPF filtering on such emails. This is usually
done on port 587.

Vic.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

As per your tell for subscribers it my mistake ignore that curruntly i have
remove all spf from my domain, but tell me currect spf for my domain to
reslove this problem.

thanks.






On Wed, Jun 23, 2010 at 3:54 PM, Vic <spf1@beer.org.uk> wrote:

>
> > Received: from
> > ABTS-mum-Dynamic-111.22.170.122.airtelbroadband.in<http://abts-mum-dynamic-111.22.170.122.airtelbroadband.in/>
> [122.170.22.111]
>
> This mail was sent from a dynamic IP address on airtelbroadband.in.
>
> > by
> > mail.urlwebserver.com with SMTP;
>
> Ir was received by mail.urlwebserver.com.
>
> ro@hidrotek.cn
>
> > To: "'hidrotek-lily'"
>
> It was sent to ro@hidrotek.cn. hidrotek.cn has the SPF policy :-
>
> "v=spf1 include:spf.263xmail.com ~all"
>
> Which pans out to
>
> "v=spf1 ip4:211.150.66.0/24 ip4:211.150.67.0/24 ip4:211.150.96.0/24
> ip4:211.150.100.0/24 ip4:211.157.129.0/24 ip4:211.150.64.0/24
> ip4:211.150.122.0/24 ip4:74.86.11.0/28 ip4:63.217.87.0/28
> ip4:211.157.224.0/24 ~all"
>
> The IP address from which your email is being sent is not listed in that
> lot. That would lead to an outright rejection if the policy ended in
> "-all". It is unclear why you got a rejection rather than a softfail - but
> waht you are trying to do is clearly wrong anyway.
>
> It would *appear* from what you have posted in the past that you have set
> up your MSA incorrectly. If this is one of your subscribers attempting to
> send email through your server, then you need to sort out an
> authentication step to avoid SPF filtering on such emails. This is usually
> done on port 587.
>
> Vic.
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [
> http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

> but tell me currect spf for my domain to reslove this problem.

There is no correct SPF record to resolve this.

Please re-read my email. Your problem is that you are submitting email
through a port that tests for SPF, but you are submitting from dynamic
addresses that necessarily will not be covered by your SPF record. This
will fail.

You need to fix your mail submission, as per my last post. Playing with
SPF records is not going to work.

Vic.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On 23-Jun-10, at 12:56 PM, deep pathak wrote:

> As per your tell for subscribers it my mistake ignore that curruntly
> i have
> remove all spf from my domain, but tell me currect spf for my domain
> to
> reslove this problem.
>
> thanks.


No one can tell you what the correct SPF policy is for your domain. We
don't know the configuration of your network. We don't know how your
clients interact with your email servers. You need to figure that out
for yourself based on what servers you and your clients use for
outgoing email and how your clients submit email to those servers.

But, before you can do that, you also need to understand how the email
system works from the time a client sends the email up to the time it
is delivered to the recipient and how SPF affects that whole process.
I don't think you have a full understanding of all of that.

Many people who have trouble implementing SPF fail because they don't
have a full understanding of how SPF affects the email system. They
just publish their policy without knowing what it is exactly that they
are doing and how it affects the process.


--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On 6/23/2010 12:22 PM, Gino Cerullo wrote
:
> But, before you can do that, you also need to understand how the email
> system works from the time a client sends the email up to the time it
> is delivered to the recipient and how SPF affects that whole process.
> I don't think you have a full understanding of all of that.
>
> Many people who have trouble implementing SPF fail because they don't
> have a full understanding of how SPF affects the email system. They
> just publish their policy without knowing what it is exactly that they
> are doing and how it affects the process.

I think we all would like to have that clear understanding of how the
email system works from the time a client sends the email up to the time
it is delivered to the recipient and how SPF affects that whole process.

Could someone please point to clear documentation that give that in
detail and does not assume we already know all the terms and the formats?

Thank you.


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On 23-Jun-10, at 1:59 PM, Thomas Widlar wrote:

> I think we all would like to have that clear understanding of how
> the email system works from the time a client sends the email up to
> the time it is delivered to the recipient and how SPF affects that
> whole process.
>
> Could someone please point to clear documentation that give that in
> detail and does not assume we already know all the terms and the
> formats?


Try a Google search for the terms, 'how email works' and 'how SPF
affects email'

Read some of the articles from that result. It should give you enough
of a foundation that you will be able to come back here and ask
intelligent enough questions that we will be better able to answer
effectively.


--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Before everybody jumps in and complains about the response to Google
something please remember this. The way an email system is setup, and
the way an email can be sent out, varies a lot. It's very hard to answer
what seems like a simple question because there can be different
variables. What type of mail server is being used? Where is the DNS
server? As we've seen from the recent posts, is there a relay? Dynamic
IP? Where is the client sending the mail from?

Some of these answers are posted on openspf.org.

http://www.openspf.org/Related_Solutions

I always try to define the server that is responsible for sending out
emails. In my limited experience of publishing SPF records it has always
been less than three servers. This makes it easy. The spf record simply
specifies the IP address of those servers. By using the IP address you
eliminate the need for DNS lookups.

**NOTE** This should be public IP address.
v=spf1 ip4:192.168.0.10 ~all
OR - if you have more than one server sending out emails
v=spf1 ip4:192.168.0.10 ip4:192.168.0.11 ~all

~All allows for soft fail. Once you are sure that the record is correct
then change it to -all

Following these steps have greatly helped me as well.

http://www.openspf.org/FAQ/Common_mistakes



Felipe Tapia
Network Administrator

-----Original Message-----
From: Gino Cerullo [mailto:gcerullo@pixelpointstudios.com]
Sent: Wednesday, June 23, 2010 11:09 AM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Re: How to add spf if ip is dynamic

On 23-Jun-10, at 1:59 PM, Thomas Widlar wrote:

> I think we all would like to have that clear understanding of how
> the email system works from the time a client sends the email up to
> the time it is delivered to the recipient and how SPF affects that
> whole process.
>
> Could someone please point to clear documentation that give that in
> detail and does not assume we already know all the terms and the
> formats?


Try a Google search for the terms, 'how email works' and 'how SPF
affects email'

Read some of the articles from that result. It should give you enough
of a foundation that you will be able to come back here and ask
intelligent enough questions that we will be better able to answer
effectively.


--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.829 / Virus Database: 271.1.1/2958 - Release Date: 06/23/10
04:11:00


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

That was very helpful. Thank you.

A document where all terms are defined before used would be helpful to all.



On 6/23/2010 1:37 PM, Felipe Tapia wrote:
> Before everybody jumps in and complains about the response to Google
> something ...
>
> http://www.openspf.org/Related_Solutions
>
> ... The spf record simply specifies the IP address of those servers. By using the IP address you eliminate the need for DNS lookups.
>
> ~All allows for soft fail. Once you are sure that the record is correct
> then change it to -all
>
> http://www.openspf.org/FAQ/Common_mistakes
>




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

At 18:59 23/06/2010 Wednesday, Thomas Widlar wrote:
>On 6/23/2010 12:22 PM, Gino Cerullo wrote
>:
>>But, before you can do that, you also need to understand how the email system works from the time a client sends the email up to the time it is delivered to the recipient and how SPF affects that whole process. I don't think you have a full understanding of all of that.
>>
>>Many people who have trouble implementing SPF fail because they don't have a full understanding of how SPF affects the email system. They just publish their policy without knowing what it is exactly that they are doing and how it affects the process.
>
>I think we all would like to have that clear understanding of how the email system works from the time a client sends the email up to the time it is delivered to the recipient and how SPF affects that whole process.

no one can document it because everyones is going to be different

thats why 'one'* needs to understand one's own mailsystem before writing an SPF policy

obviously when running {as implied in this thread} a dumbass setup mailserver that checks spf on client submissions {not what spf is for and should never be done} it doesn't matter what your SPF policy is it will break mail
{but SPF dosn't break it the broken mailserver does, before SPF the issue is just hidden}

these issues were addressed in 1996 {i think} when mail from client to sending server {outgoing client>server} was standardised to port 587 and use of optional tls +/- smtp-auth

{so an admin could even get the stupidest mta in the world to apply different policy to incomming mail from untrusted third parties {port 25} and outgoing mail from clients {port 587} hell they can technically even use 2 different mta's for each role}

>Could someone please point to clear documentation that give that in detail and does not assume we already know all the terms and the formats?

err no YOUR system YOUR design YOUR documentation will be entirely seperate/different to mine and anyone elses

* one the under used English for generic 'you' as opposed to specific you


>Thank you.
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

At 17:56 23/06/2010 Wednesday, deep pathak wrote:
>As per your tell for subscribers it my mistake ignore that curruntly i have
>remove all spf from my domain, but tell me currect spf for my domain to
>reslove this problem.

the problem is not with spf if its effecting your subscribers sending mail to your/their outgoing mailserver

the problem is your outgoing mailserver checking spf for client submissions {you should never mis-use spf for this}

thus your mailserver till fixed is broken

as others have said your {and everyone elses} mailserver should only check spf on incomming mail port 25
it should never check mail on outgoing mail from clients on port 587 with suitable authentication

equally clients shouldn't attempt to send outgoing mail to your server on port25

some providers additionally allow port25 outgoing sumbissions from clients {with suitable authentication, but only IF they can also not do spf checks on authenticated connections}



>thanks.
>
>
>
>
>
>
>On Wed, Jun 23, 2010 at 3:54 PM, Vic <spf1@beer.org.uk> wrote:
>
>>
>> > Received: from
>> > ABTS-mum-Dynamic-111.22.170.122.airtelbroadband.in<http://abts-mum-dynamic-111.22.170.122.airtelbroadband.in/>
>> [122.170.22.111]
>>
>> This mail was sent from a dynamic IP address on airtelbroadband.in.
>>
>> > by
>> > mail.urlwebserver.com with SMTP;
>>
>> Ir was received by mail.urlwebserver.com.
>>
>> ro@hidrotek.cn
>>
>> > To: "'hidrotek-lily'"
>>
>> It was sent to ro@hidrotek.cn. hidrotek.cn has the SPF policy :-
>>
>> "v=spf1 include:spf.263xmail.com ~all"
>>
>> Which pans out to
>>
>> "v=spf1 ip4:211.150.66.0/24 ip4:211.150.67.0/24 ip4:211.150.96.0/24
>> ip4:211.150.100.0/24 ip4:211.157.129.0/24 ip4:211.150.64.0/24
>> ip4:211.150.122.0/24 ip4:74.86.11.0/28 ip4:63.217.87.0/28
>> ip4:211.157.224.0/24 ~all"
>>
>> The IP address from which your email is being sent is not listed in that
>> lot. That would lead to an outright rejection if the policy ended in
>> "-all". It is unclear why you got a rejection rather than a softfail - but
>> waht you are trying to do is clearly wrong anyway.
>>
>> It would *appear* from what you have posted in the past that you have set
>> up your MSA incorrectly. If this is one of your subscribers attempting to
>> send email through your server, then you need to sort out an
>> authentication step to avoid SPF filtering on such emails. This is usually
>> done on port 587.
>>
>> Vic.
>>
>>
>>
>> -------------------------------------------
>> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>> Modify Your Subscription: http://www.listbox.com/member/ [
>> http://www.listbox.com/member/]
>>
>> Archives: https://www.listbox.com/member/archive/1020/=now
>> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>> Powered by Listbox: http://www.listbox.com
>>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Thank you for provide me detail for mail relay process....

Thank you all..




On Thu, Jun 24, 2010 at 1:20 AM, alan <spfdiscuss@alandoherty.net> wrote:

> At 17:56 23/06/2010 Wednesday, deep pathak wrote:
> >As per your tell for subscribers it my mistake ignore that curruntly i
> have
> >remove all spf from my domain, but tell me currect spf for my domain to
> >reslove this problem.
>
> the problem is not with spf if its effecting your subscribers sending mail
> to your/their outgoing mailserver
>
> the problem is your outgoing mailserver checking spf for client submissions
> {you should never mis-use spf for this}
>
> thus your mailserver till fixed is broken
>
> as others have said your {and everyone elses} mailserver should only check
> spf on incomming mail port 25
> it should never check mail on outgoing mail from clients on port 587 with
> suitable authentication
>
> equally clients shouldn't attempt to send outgoing mail to your server on
> port25
>
> some providers additionally allow port25 outgoing sumbissions from clients
> {with suitable authentication, but only IF they can also not do spf checks
> on authenticated connections}
>
>
>
> >thanks.
> >
> >
> >
> >
> >
> >
> >On Wed, Jun 23, 2010 at 3:54 PM, Vic <spf1@beer.org.uk> wrote:
> >
> >>
> >> > Received: from
> >> > ABTS-mum-Dynamic-111.22.170.122.airtelbroadband.in<
> http://abts-mum-dynamic-111.22.170.122.airtelbroadband.in/>
> >> [122.170.22.111]
> >>
> >> This mail was sent from a dynamic IP address on airtelbroadband.in.
> >>
> >> > by
> >> > mail.urlwebserver.com with SMTP;
> >>
> >> Ir was received by mail.urlwebserver.com.
> >>
> >> ro@hidrotek.cn
> >>
> >> > To: "'hidrotek-lily'"
> >>
> >> It was sent to ro@hidrotek.cn. hidrotek.cn has the SPF policy :-
> >>
> >> "v=spf1 include:spf.263xmail.com ~all"
> >>
> >> Which pans out to
> >>
> >> "v=spf1 ip4:211.150.66.0/24 ip4:211.150.67.0/24 ip4:211.150.96.0/24
> >> ip4:211.150.100.0/24 ip4:211.157.129.0/24 ip4:211.150.64.0/24
> >> ip4:211.150.122.0/24 ip4:74.86.11.0/28 ip4:63.217.87.0/28
> >> ip4:211.157.224.0/24 ~all"
> >>
> >> The IP address from which your email is being sent is not listed in that
> >> lot. That would lead to an outright rejection if the policy ended in
> >> "-all". It is unclear why you got a rejection rather than a softfail -
> but
> >> waht you are trying to do is clearly wrong anyway.
> >>
> >> It would *appear* from what you have posted in the past that you have
> set
> >> up your MSA incorrectly. If this is one of your subscribers attempting
> to
> >> send email through your server, then you need to sort out an
> >> authentication step to avoid SPF filtering on such emails. This is
> usually
> >> done on port 587.
> >>
> >> Vic.
> >>
> >>
> >>
> >> -------------------------------------------
> >> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org
> ]
> >> Modify Your Subscription: http://www.listbox.com/member/ [
> >> http://www.listbox.com/member/]
> >>
> >> Archives: https://www.listbox.com/member/archive/1020/=now
> >> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> >> Powered by Listbox: http://www.listbox.com
> >>
> >
> >
> >-------------------------------------------
> >Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> >Modify Your Subscription: http://www.listbox.com/member/ [
> http://www.listbox.com/member/]
> >
> >Archives: https://www.listbox.com/member/archive/1020/=now
> >RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> >Powered by Listbox: http://www.listbox.com
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [
> http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

thank you sir


On Wed, Jun 23, 2010 at 11:39 PM, Gino Cerullo <
gcerullo@pixelpointstudios.com> wrote:

> On 23-Jun-10, at 1:59 PM, Thomas Widlar wrote:
>
> I think we all would like to have that clear understanding of how the
>> email system works from the time a client sends the email up to the time it
>> is delivered to the recipient and how SPF affects that whole process.
>>
>> Could someone please point to clear documentation that give that in
>> detail and does not assume we already know all the terms and the formats?
>>
>
>
> Try a Google search for the terms, 'how email works' and 'how SPF affects
> email'
>
> Read some of the articles from that result. It should give you enough of a
> foundation that you will be able to come back here and ask intelligent
> enough questions that we will be better able to answer effectively.
>
>
>
> --
> Gino Cerullo
>
> Pixel Point Studios
> 21 Chesham Drive
> Toronto, ON M3M 1W6
>
> 416-247-7740
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [
> http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com