Mailing List Archive

need help to publish SPF
Hi,

I have used http://old.openspf.org/wizard.html to create spf records for
my domain. Can anyone check whether proper SPF records are in place or not for
the domain leartclub.com ?




Thanks
Danielk





-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e
Powered by Listbox: http://www.listbox.com
Re: need help to publish SPF [ In reply to ]
On 2010-09-01, at 10:34 AM, Tech K wrote:

> I have used http://old.openspf.org/wizard.html to create spf records for
> my domain. Can anyone check whether proper SPF records are in place or not for
> the domain leartclub.com ?


No one here can tell you whether the SPF policy is correct since none of us have knowledge of your network infrastructure. The best we can do is tell you whether the syntax of the policy is correct and to confirm with you what has been published and whether that is in fact what you intended to publish.

When I look up the policy for leartclub.com I get the following.

leartclub.com. IN TXT "v=spf1 ip4:174.37.103.245 a mx ~all"

This tells us that the only server allowed to send mail on behalf of 'leartclub.com' is at the IP address 174.37.103.245. If this is correct from the knowledge you have about your network set up then your policy is correct.

You should be aware that you policy statement has some un-needed redundancy that are an artifact of using the wizard to determine the policy.

The 'a' and 'mx' point to the same IP address and are therefore not needed and only serve to generate un-needed extra DNS lookups and by extension un-needed traffic. You can and should remove those to simplify the policy to look like this.

v=spf1 ip4:174.37.103.245 ~all

Also, once you are satisfied that the policy you've published is correct and also, and this is very important, that all your email users are aware that they are now restricted to only relaying mail fthrough the approved server and you have put in place the mechanisms to allow that to happen then you can and should change '~all' to '-all'.


--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e
Powered by Listbox: http://www.listbox.com
Re: need help to publish SPF [ In reply to ]
> Can anyone check whether proper SPF records are in place or not for
> the domain leartclub.com ?

The SPF record for that domain is now valid - you've got rid of the
spurious quotes.

You're still repeating yourself, though - the IP address, A and MX records
all go to the same place. So you could (should) simplify your record to :-

v=spf1 ip4:174.37.103.245 ~all

...Just like we told you in May :-)

Vic.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e
Powered by Listbox: http://www.listbox.com
Re: need help to publish SPF [ In reply to ]
Thank you for your suggestions.

Here is one additional thing I want to tell you

emails being sent from leartclub.com has HELO addresses cpanel.channelof.com
means we are using that as SMTP server

based on above any other changes required (because I heard that receivers
inbound mail server will check HELO and recerse DNS of that)


Thanks




________________________________
From: Gino Cerullo <gcerullo@pixelpointstudios.com>
To: spf-help@listbox.com
Sent: Wed, September 1, 2010 8:22:34 PM
Subject: Re: [spf-help] need help to publish SPF

On 2010-09-01, at 10:34 AM, Tech K wrote:

> I have used http://old.openspf.org/wizard.html to create spf records for
> my domain. Can anyone check whether proper SPF records are in place or not for

> the domain leartclub.com ?


No one here can tell you whether the SPF policy is correct since none of us have
knowledge of your network infrastructure. The best we can do is tell you whether
the syntax of the policy is correct and to confirm with you what has been
published and whether that is in fact what you intended to publish.

When I look up the policy for leartclub.com I get the following.

leartclub.com. IN TXT "v=spf1 ip4:174.37.103.245 a mx ~all"

This tells us that the only server allowed to send mail on behalf of
'leartclub.com' is at the IP address 174.37.103.245. If this is correct from the
knowledge you have about your network set up then your policy is correct.

You should be aware that you policy statement has some un-needed redundancy that
are an artifact of using the wizard to determine the policy.


The 'a' and 'mx' point to the same IP address and are therefore not needed and
only serve to generate un-needed extra DNS lookups and by extension un-needed
traffic. You can and should remove those to simplify the policy to look like
this.

v=spf1 ip4:174.37.103.245 ~all

Also, once you are satisfied that the policy you've published is correct and
also, and this is very important, that all your email users are aware that they
are now restricted to only relaying mail fthrough the approved server and you
have put in place the mechanisms to allow that to happen then you can and should
change '~all' to '-all'.


--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Modify Your Subscription:
https://www.listbox.com/member/?&
Unsubscribe Now:
https://www.listbox.com/unsubscribe/?&

Powered by Listbox: http://www.listbox.com






-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e
Powered by Listbox: http://www.listbox.com
Re: need help to publish SPF [ In reply to ]
Question for Vic about the quotes. Is the SPF entry actually suppose to be without quotes?

A little confusing as most examples or references I've seen include opening and closing double-quotes.

/greg

On 2010-09-01, at 7:57 AM, Vic wrote:

>
>> Can anyone check whether proper SPF records are in place or not for
>> the domain leartclub.com ?
>
> The SPF record for that domain is now valid - you've got rid of the
> spurious quotes.
>
> You're still repeating yourself, though - the IP address, A and MX records
> all go to the same place. So you could (should) simplify your record to :-
>
> v=spf1 ip4:174.37.103.245 ~all
>
> ...Just like we told you in May :-)
>
> Vic.
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Modify Your Subscription: https://www.listbox.com/member/?&
> Unsubscribe Now: https://www.listbox.com/unsubscribe/?&
> Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e
Powered by Listbox: http://www.listbox.com
Re: need help to publish SPF [ In reply to ]
> Is the SPF entry actually suppose to be without quotes?

The entire record will be quoted.

I omitted the quotes because the last time we went around this loop with
this poster, he put quotes everywhere...

> A little confusing as most examples or references I've seen include
> opening and closing double-quotes.

They should be there. Sometimes, the "helpful" web administration tools
you see will put them in for you - thus breaking an otherwise-valid
record. Beware...

Vic.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e
Powered by Listbox: http://www.listbox.com
Re: need help to publish SPF [ In reply to ]
Hello Vic,

Here is small addition to my previous post. I forgot to mention it before

I am using an email servers runing on linux host which as name
cpanel.channelof.com

when sending mails from my domain leartclub.com recipients see the HELO address
as from cpanel.channelof.com
with the above mentioned, any changed I need to add for SPF record?

This is the recent addition (linux emails server) and was not there in my old
post.


could you please suggest ?

Thanks



________________________________
From: Vic <spf1@beer.org.uk>
To: spf-help@listbox.com
Sent: Wed, September 1, 2010 8:27:00 PM
Subject: Re: [spf-help] need help to publish SPF


> Can anyone check whether proper SPF records are in place or not for
> the domain leartclub.com ?

The SPF record for that domain is now valid - you've got rid of the
spurious quotes.

You're still repeating yourself, though - the IP address, A and MX records
all go to the same place. So you could (should) simplify your record to :-

v=spf1 ip4:174.37.103.245 ~all

...Just like we told you in May :-)

Vic.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Modify Your Subscription:
https://www.listbox.com/member/?&
Unsubscribe Now:
https://www.listbox.com/unsubscribe/?&

Powered by Listbox: http://www.listbox.com






-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e
Powered by Listbox: http://www.listbox.com
Re: need help to publish SPF [ In reply to ]
> I am using an email servers runing on linux host which as name
> cpanel.channelof.com

Never mind what the host is called - what domain are you sending mail
from, and is the server in question covered by the SPF record for that
domain? That's all you need worry about.

> when sending mails from my domain leartclub.com recipients see the HELO
> address as from cpanel.channelof.com
> with the above mentioned, any changed I need to add for SPF record?

If a recipient is testing for SPF on the HELO exchange (as it might well
do), then that is an SPF record for a different domain. It has nothing
whatsoever to do with the SPF record for leartclub.com.

Given that channelof.com seem incapable of setting up a proper default web
page, I think it very unlikely you'll get accurate SPF records from them.
They're not publishing anything at present.

Vic.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e
Powered by Listbox: http://www.listbox.com