For each domain that you host, you need to ask "what hosts send mail for
this domain?" Your record should list the outbound addresses of each of
these hosts.
If you are hosting domains for clients, do not assume that your mail
server is the only server that they send their mail from. Ask them.
Maybe they do not want SPF on their domain.
Once you have decided which domains you want to create an SPF record for
and you have a complete list of hosts that send mail for each domain,
you can create an SPF record.
(There are wizards that can help you, but these are often not perfect.
If you use a wizard, don't assume that what it generates is ready for use.)
Using the domain below (lemeridienahmedabad.com), we can see it already
has an SPF record:
lemeridienahmedabad.com. 14355 IN TXT "v=spf1 a mx -all" ""
This is saying that "a" and "mx" are permitted to send mail as
@lemeridienahmedabad.com. The "a" refers to
lemeridienahmedabad.com itself, which is 74.86.56.202 and "mx" refers to
the MX of the domain which is 74.53.172.242.
If these IPs don't actually send mail, you can remove them. You can also
list the actual IP addresses to reduce DNS lookups, unless there's some
specific reason not to.
Next you want to add the IP that your server sends mail from (74.86.58.248).
This gives you:
v=spf1 ip4:74.86.56.202 ip4:74.53.172.242 ip4:74.86.58.248 -all
Try working through this process for your other domains. Post what you
come up with to this list and we'll tell you if you've got it right. If
we do it all for you, you won't learn. ;)
Andrew
deep pathak wrote:
> Thanks for clear my doudt. but now i have only one problem is that we are
> provide domain hosting and our mail server ip is 74.86.58.248(Static IP). we
> have many client in differen location and may be they are using dynamic ip
> internet connection. in this time our client sent mail from outlook or using
> proxy+ server on that time if they sent mail on the mail information it show
> that mail generated from their isp(Dynamic IP) IP so in spf verification it
> is not match with mail server ip and bounce back due to spf.
>
> below is example.
>
>
> Failed Recipient: ankush.puri@piaggio.co.in
>
> Reason: Remote host said: 550 See
>
> http://spf.pobox.com/why.html?sender=gmoffice%40lemeridienahmedabad.com&ip=7
>
> 4.86.58.248&receiver=pgvl.com (#5.7.1)
>
>
>
> -- The header and top 20 lines of the message follows --
>
>
>
> Received: from 121.247.162.121.ahmedabad-bb.vsnl.net.in [121.247.162.121] by
>
> mail.urlwebserver.com with SMTP;
>
>
>
>
>
>
>
>
>
>
>
> On Thu, Jun 17, 2010 at 7:06 PM, Gino Cerullo <
> gcerullo@pixelpointstudios.com> wrote:
>
>> On 17-Jun-10, at 9:19 AM, deep pathak wrote:
>>
>> As per my told in MX record there is show mx.cleanmailgateway.com server
>>> but
>>> it is use for incomming mail filter, on outgoing mail 74.86.58.248 ip use
>>> for mail relay. so if i am add 74.86.58.248 IP in sp record may be remote
>>> server found that the MX server is diferent. so what is the perfect spf
>>> record for my all client domain.
>>>
>>
>> SPF doesn't care about the MX and the incoming mail server. It only wants
>> to know which outgoing mail servers are authorized to send mail on behalf of
>> the domain.
>>
>> You can try adding the IP address 74.86.58.248 but once it changes, since
>> you said it is dynamic, then the SPF policy will not be correct anymore. IF
>> it is a fixed address that does not change then you will be okay.
>>
>> Again, the only way to guarantee a correct SPF policy is to use fixed IP
>> addresses.
>>
>> If you insist on using a mail relay that is on a dynamic IP address then
>> you are better served by not having an SPF policy.
>>
>>
>>
>> --
>> Gino Cerullo
>>
>> Pixel Point Studios
>> 21 Chesham Drive
>> Toronto, ON M3M 1W6
>>
>> 416-247-7740
>>
>>
>>
>> -------------------------------------------
>> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>> Modify Your Subscription: http://www.listbox.com/member/ [
>> http://www.listbox.com/member/]
>>
>> Archives: https://www.listbox.com/member/archive/1020/=now
>> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>> Powered by Listbox: http://www.listbox.com
>>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
-------------------------------------------
Sender Policy Framework:
http://www.openspf.org [
http://www.openspf.org]
Modify Your Subscription:
http://www.listbox.com/member/ [
http://www.listbox.com/member/]
Archives:
https://www.listbox.com/member/archive/1020/=now RSS Feed:
https://www.listbox.com/member/archive/rss/1020/ Powered by Listbox:
http://www.listbox.com