Mailing List Archive

Spf Help?
Hello, I am not experienced much with servers, mail servers, etc, however
recently I have been placed with the task of increasing our mail
deliverability via the spf record.

I have tried multiple spf wizards, and tried injecting those into the TotalDns
provided by GoDaddy.

So my question is, how may I go about proceeding with this? I would include
more information, but I am afraid of getting this information obtained by
spammers.

Is this forum the place to ask, or should I try somewhere else?

I appreciate any help,
Thanks,
Michael




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101021145013:08D61342-DD44-11DF-8627-3CC54A3287EA
Powered by Listbox: http://www.listbox.com
RE: Spf Help? [ In reply to ]
Michael Kowalski wrote:
> Hello, I am not experienced much with servers, mail servers, etc,
> however recently I have been placed with the task of increasing our
> mail deliverability via the spf record.
>
> I have tried multiple spf wizards, and tried injecting those into the
> TotalDns provided by GoDaddy.
>
> So my question is, how may I go about proceeding with this? I would
> include more information, but I am afraid of getting this information
> obtained by spammers.
>
> Is this forum the place to ask, or should I try somewhere else?
>
> I appreciate any help,
> Thanks,
> Michael

If it's in DNS, it is by definition available to the world at large.

What have you tried to enter so far? What is the IP address of the mail servers that are valid for your domain? That is, what servers are authorized to send mail on your behalf?


...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Admin., Mail Admin.
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500

-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101021150007:6A582668-DD45-11DF-9D01-A6EE79B047B8
Powered by Listbox: http://www.listbox.com
Re: Spf Help? [ In reply to ]
Hello Kevin, thanks for the response. It is a pretty complicated mail server
setup and I am hoping to get a basic SPF record going first, and then attempt
to modify it as needed. We are using an old version of IceWarps Merak Mail
server, setup on W2K, with IIS 5.0 handling multiple websites. In addition to
that, we setup an Active Campaign Email Marketing Software on a subdomain
hosted by Hostgator. So I figure it's best to try and get a basic SPF record
first, and then try to accomodate the subdomain if possible.

What I am trying right now for an SPF record is:
v=spf1 a:enchantedboxes.com ~all

It may not yet be live as I have just updated it. I have been using
Kitterman's SPF validator tool to try and get a sense of whether or not the
SPF record is published correctly, visible, and in the correct syntax.

At that point, I try to test it sending an e-mail to spf-test@openspf.org,
which bounces and gives me the following information:

Transcript of session follows ... while talking to
mailout02.controlledmail.com
RCPT To:<spf-test@openspf.org>
550 5.7.1 <spf-test@openspf.org>: Recipient address rejected: SPF Tests:
Mail-From Result="fail": Mail From="admin@enchantedboxes.com" HELO
name="enchantedboxes.com" HELO Result="fail" Remote IP="64.92.223.215"

So the Mail-From Result is a fail, as well as the HELO result, however I am
not all too certain how to go about fixing these.

Further information about the setup, I was told that the inbound address is
equal to the MX record, which is mail.enchantedboxes.com. The person who set
up the system for us years back said that he never was sure what the outbound
address was, as it was confusing due to the multiple IPs hosted by IIS 5.0 and
Merak's vagueness as to which IP it was using.

The IP from out website www.enchantedboxes.com is 64.92.223.217. However it is
possible that the mail may be sent from 64.92.223.215, or any of the other IP
addresses, although I was told that it was probably being sent from the IP
with the last 3 digits being the shortest, which I believe is .215, I will
have to check.

Sorry for the long winded e-mail, any help is appreciated.
Thanks,
Michael







-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101021152602:07BB0076-DD49-11DF-BA27-39B64A3287EA
Powered by Listbox: http://www.listbox.com
Re: Re: Spf Help? [ In reply to ]
Hi Michael,

Michael Kowalski wrote:
> Hello Kevin, thanks for the response. It is a pretty complicated mail server
> setup and I am hoping to get a basic SPF record going first, and then attempt
> to modify it as needed. We are using an old version of IceWarps Merak Mail
> server, setup on W2K, with IIS 5.0 handling multiple websites. In addition to

None of these details matter to SPF.

> that, we setup an Active Campaign Email Marketing Software on a subdomain

Erm.. Are you a spammer? It's okay if you are. We'll still help you. It
makes it easier to block spammers if they use SPF. :)

> hosted by Hostgator. So I figure it's best to try and get a basic SPF record
> first, and then try to accomodate the subdomain if possible.
>
> What I am trying right now for an SPF record is:
> v=spf1 a:enchantedboxes.com ~all

This is saying that mail for your domain is sent from the host pointed
to by the enchantedboxes.com A record, which is 64.92.223.217.

>
> It may not yet be live as I have just updated it. I have been using
> Kitterman's SPF validator tool to try and get a sense of whether or not the
> SPF record is published correctly, visible, and in the correct syntax.
>
> At that point, I try to test it sending an e-mail to spf-test@openspf.org,
> which bounces and gives me the following information:
>
> Transcript of session follows ... while talking to
> mailout02.controlledmail.com
> RCPT To:<spf-test@openspf.org>
> 550 5.7.1 <spf-test@openspf.org>: Recipient address rejected: SPF Tests:
> Mail-From Result="fail": Mail From="admin@enchantedboxes.com" HELO
> name="enchantedboxes.com" HELO Result="fail" Remote IP="64.92.223.215"

This is telling us that your mail is coming from 64.92.223.215, not .217
as your SPF record indicates.

>
> So the Mail-From Result is a fail, as well as the HELO result, however I am
> not all too certain how to go about fixing these.
>
> Further information about the setup, I was told that the inbound address is
> equal to the MX record, which is mail.enchantedboxes.com. The person who set
> up the system for us years back said that he never was sure what the outbound
> address was, as it was confusing due to the multiple IPs hosted by IIS 5.0 and
> Merak's vagueness as to which IP it was using.

Inbound addresses do not matter. SPF only cares about what IP addresses
_send_ mail for your domain.

>
> The IP from out website www.enchantedboxes.com is 64.92.223.217. However it is
> possible that the mail may be sent from 64.92.223.215, or any of the other IP
> addresses, although I was told that it was probably being sent from the IP
> with the last 3 digits being the shortest, which I believe is .215, I will
> have to check.

Try:

v=spf1 ip4:64.92.223.215 ~all

Is this the only IP that sends mail for your domain? If you have others,
you should include them as well.

Once you're finished testing, you should change ~all to -all.

Andrew

>
> Sorry for the long winded e-mail, any help is appreciated.
> Thanks,
> Michael
>
>
>
>
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/14525495-91eca367
> Modify Your Subscription: https://www.listbox.com/member/?&
> Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101021152602:07BB0076-DD49-11DF-BA27-39B64A3287EA
> Powered by Listbox: http://www.listbox.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101021154400:8C28E2F4-DD4B-11DF-B84B-D77CEB7CE600
Powered by Listbox: http://www.listbox.com
Re: Re: Spf Help? [ In reply to ]
Hi Michael,

Michael Kowalski wrote:
> Hello Kevin, thanks for the response. It is a pretty complicated mail server
> setup and I am hoping to get a basic SPF record going first, and then attempt
> to modify it as needed. We are using an old version of IceWarps Merak Mail
> server, setup on W2K, with IIS 5.0 handling multiple websites. In addition to

None of these details matter to SPF.

> that, we setup an Active Campaign Email Marketing Software on a subdomain

Erm.. Are you a spammer? It's okay if you are. We'll still help you. It
makes it easier to block spammers if they use SPF. :)

> hosted by Hostgator. So I figure it's best to try and get a basic SPF record
> first, and then try to accomodate the subdomain if possible.
>
> What I am trying right now for an SPF record is:
> v=spf1 a:enchantedboxes.com ~all

This is saying that mail for your domain is sent from the host pointed
to by the enchantedboxes.com A record, which is 64.92.223.217.

>
> It may not yet be live as I have just updated it. I have been using
> Kitterman's SPF validator tool to try and get a sense of whether or not the
> SPF record is published correctly, visible, and in the correct syntax.
>
> At that point, I try to test it sending an e-mail to spf-test@openspf.org,
> which bounces and gives me the following information:
>
> Transcript of session follows ... while talking to
> mailout02.controlledmail.com
> RCPT To:<spf-test@openspf.org>
> 550 5.7.1 <spf-test@openspf.org>: Recipient address rejected: SPF Tests:
> Mail-From Result="fail": Mail From="admin@enchantedboxes.com" HELO
> name="enchantedboxes.com" HELO Result="fail" Remote IP="64.92.223.215"

This is telling us that your mail is coming from 64.92.223.215, not .217
as your SPF record indicates.

>
> So the Mail-From Result is a fail, as well as the HELO result, however I am
> not all too certain how to go about fixing these.
>
> Further information about the setup, I was told that the inbound address is
> equal to the MX record, which is mail.enchantedboxes.com. The person who set
> up the system for us years back said that he never was sure what the outbound
> address was, as it was confusing due to the multiple IPs hosted by IIS 5.0 and
> Merak's vagueness as to which IP it was using.

Inbound addresses do not matter. SPF only cares about what IP addresses
_send_ mail for your domain.

>
> The IP from out website www.enchantedboxes.com is 64.92.223.217. However it is
> possible that the mail may be sent from 64.92.223.215, or any of the other IP
> addresses, although I was told that it was probably being sent from the IP
> with the last 3 digits being the shortest, which I believe is .215, I will
> have to check.

Try:

v=spf1 ip4:64.92.223.215 ~all

Is this the only IP that sends mail for your domain? If you have others,
you should include them as well.

Once you're finished testing, you should change ~all to -all.

Andrew

>
> Sorry for the long winded e-mail, any help is appreciated.
> Thanks,
> Michael
>
>
>
>
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/14525495-91eca367
> Modify Your Subscription: https://www.listbox.com/member/?&
> Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101021152602:07BB0076-DD49-11DF-BA27-39B64A3287EA
> Powered by Listbox: http://www.listbox.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101021154400:8C21520A-DD4B-11DF-B6D3-A7217C978D38
Powered by Listbox: http://www.listbox.com
Re: Spf Help? [ In reply to ]
At 22:43 20/10/2010 Wednesday, Michael Kowalski wrote:
>Hello, I am not experienced much with servers, mail servers, etc, however
>recently I have been placed with the task of increasing our mail
>deliverability via the spf record.
>
>I have tried multiple spf wizards, and tried injecting those into the TotalDns
>provided by GoDaddy.
>
>So my question is, how may I go about proceeding with this? I would include
>more information, but I am afraid of getting this information obtained by
>spammers.

A spammers want information about your address' and receiving email setup

B your email addresses are nothing/little to do with your sending setup

C spf is only concerned with your sending email setup

D spf will have 0/very little positive effect on improving deliver ability
(unless you botch it then it will have the effect of killing deliver ability)


>Is this forum the place to ask, or should I try somewhere else?

yes this forum is the place to check re-check and ensure all is correct before committing records to dns

as for ensuring deliver ability, thats a way wider scope than we deal with here, but a simple guide on how to start on that is here
http://www.alandoherty.net/info/mailservers/

but to create the correct spf records you need

A to know the ip's of your sending mailservers
B to know the names used by those servers to greet others (helo/ehlo names)
C the domain names that will be used in the envelope-from address on mail leaving those servers

for a server that helos/ehlos as mailserver125.example.com with the ips of 192.168.34.5 and 192.168.56.7
it would simply have an spf record of
v=spf1 ip4:192.168.34.5 ip4:192.168.56.7 -all

for a server that helos/ehlos as mailserver126.example.com with the ips of 192.168.34.6 and 192.168.56.8
it would simply have an spf record of
v=spf1 ip4:192.168.34.5 ip4:192.168.56.8 -all

repeat for every server in the system....

then if mail is sent from random-address@example.net from these servers

the example.net spf record would be
v=spf1 ip4:192.168.34.5 ip4:192.168.56.8 ip4:192.168.34.5 ip4:192.168.56.7 -all

and if you have say control of ip's all the ips within the same block this can be shortened to say
>v=spf1 ip4:192.168.34.0/24 ip4:192.168.56.0/24 -all

ie the mail is from us if it came from 192.168.34.1-254 or 192.168.56.1-254

you see spf just tells folks 'yes we did send it (its not forged) not that it is either wanted or interesting or important' thats why it won't help much in deliver ability, but if you make a mistake and label your own mailservers as forgers, then yes it will negatively impact.

so now to brass tacks, if you want help we need your details, domains and ip's you send from and we can give you an spf record
or you can use the details above to make one (like we do) by hand

if the sending servers are not controlled by you, then whoever controls them should be able to provide you with the ip's they use for you to make an spf record, or better still with an already existing spf record you can include: into your own

ie if i were to send from my own servers and gmail i would have an spf of
v=spf1 ip4:193.120.211.157 ip4:193.120.238.109 ip4:195.2.202.32/27 include:_spf.google.com -all

{google provide the spf record of _spf.google.com to senders most isp's do provide _something.their-domain like i provide _client-spf1.alandoherty.net to my clients}




>I appreciate any help,
>Thanks,
>Michael
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>Modify Your Subscription: https://www.listbox.com/member/?&
>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101021145013:08D61342-DD44-11DF-8627-3CC54A3287EA
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101021184417:BBDFC670-DD64-11DF-AE72-83A43DE0EF21
Powered by Listbox: http://www.listbox.com
RE: Re: Spf Help? [ In reply to ]
Michael Kowalski wrote:
> Hello Kevin, thanks for the response. It is a pretty complicated mail
> server setup and I am hoping to get a basic SPF record going first,
> and then attempt to modify it as needed. We are using an old version
> of IceWarps Merak Mail server, setup on W2K, with IIS 5.0 handling
> multiple websites. In addition to that, we setup an Active Campaign
> Email Marketing Software on a subdomain hosted by Hostgator. So I
> figure it's best to try and get a basic SPF record first, and then
> try to accomodate the subdomain if possible.

One step at a time is always a good idea. We'll focus on the enchantedboxes.com first.

> What I am trying right now for an SPF record is:
> v=spf1 a:enchantedboxes.com ~all

Right now, your mail server is apparently mail.enchantedboxes.com according to nslookup. At least that's where you receive mail. Is that also the box you send from? Is it the only box that is authorized to send mail from the enchantedboxes.com domain?

mkm@mis-mkm-lnx:~$ nslookup
> set type=mx
> enchantedboxes.com
Server: 199.58.55.25
Address: 199.58.55.25#53

Non-authoritative answer:
enchantedboxes.com mail exchanger = 10 mail.enchantedboxes.com.

mail.enchantedboxes.com reports an address of 64.92.223.217

If that's the only box that should be allowed to send for enchantedboxes.com the just add the
enchantedboxes.com IN MX 10 mail.enchantedboxes.com
IN TXT "v=spf1 ip4:64.92.223.217 ~all"
mail.enchantedboxes.comm IN A 64.92.223.217
IN TXT "v=spf1 ip4:64.92.223.217 ~all"

If you have more than one host that is allowed to send outbound mail, then you'd do something like this:

enchantedboxes.com IN MX 10 mail.enchantedboxes.com
IN TXT "v=spf1 ip4:64.92.223.217 ip4:AAA.BBB.CCC.DDD ~all"
mail.enchantedboxes.comm IN A 64.92.223.217
IN TXT "v=spf1 ip4:64.92.223.217 ~all"
mail2.enchantedboxes.comm IN A AAA.BBB.CCC.DDD
IN TXT "v=spf1 ip4:AAA.BBB.CCC.DDD ~all"

Then, if anyone sends a mail with an address containing @enchantedboxes.com, @mail.enchantedboxes.com or @mail2.enchantedboxes.com the receiving host (i.e., my mail server) will perform a lookup to see if the host I'm talking to is one of the hosts you have listed as valid for your domain. If not, my mail server will know it's not from you and take appropriate measures.

Note that I'm using IP addresses here, rather than domain or host names. Saves a DNS lookup, but using "a:enchantedboxes.com" is certainly valid as well.

> It may not yet be live as I have just updated it. I have been using
> Kitterman's SPF validator tool to try and get a sense of whether or
> not the SPF record is published correctly, visible, and in the
> correct syntax.

It's live.


> At that point, I try to test it sending an e-mail to
> spf-test@openspf.org, which bounces and gives me the following
> information:
>
> Transcript of session follows ... while talking to
> mailout02.controlledmail.com RCPT To:<spf-test@openspf.org> 550 5.7.1
> <spf-test@openspf.org>: Recipient address rejected: SPF Tests:
> Mail-From Result="fail": Mail From="admin@enchantedboxes.com" HELO
> name="enchantedboxes.com" HELO Result="fail" Remote
> IP="64.92.223.215"

That's because, as Andrew pointed out, you're sending host IP is 64.92.223.215 but you specified that the valid host is 64.92.223.217 (the ip address associated with enchantedboxes.com in DNS.


> So the Mail-From Result is a fail, as well as the HELO result,
> however I am not all too certain how to go about fixing these.

Put in the records I showed you above and take out what you have.


> Further information about the setup, I was told that the inbound
> address is equal to the MX record, which is mail.enchantedboxes.com.

OK. If mail.enchantedboxes.com is the only valid host that should be sending mail then adding the above code should be all you need. Note that I'm referring to the first example, not the example with an additional host.

> The person who set up the system for us years back said that he never
> was sure what the outbound address was, as it was confusing due to
> the multiple IPs hosted by IIS 5.0 and Merak's vagueness as to which
> IP it was using.

Easy enough to tell. Just send a message to an external address (home email, hotmail, where ever) and look at the mail headers. They reveal all.


> The IP from out website www.enchantedboxes.com is 64.92.223.217.

So it appears that your web server and your mail server are the same host.

> However it is possible that the mail may be sent from 64.92.223.215,
> or any of the other IP addresses, although I was told that it was
> probably being sent from the IP with the last 3 digits being the
> shortest, which I believe is .215, I will have to check.

It's sent from whatever host is configured to send mail. It doesn't know/care about what address is lowest. Your email server has an IP address, and your DNS tells the rest of the world what it is. All quite self documenting if you know where to look.

Hope all that makes sense. It can be daunting - hang in there...



...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Admin., Mail Admin.
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500

-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101021162315:07DF0B6C-DD51-11DF-B2F1-DD1122B7A7FE
Powered by Listbox: http://www.listbox.com
Re: Re: Spf Help? [ In reply to ]
><pointless stuff removed>
>
>What I am trying right now for an SPF record is:
>v=spf1 a:enchantedboxes.com ~all
>
>It may not yet be live as I have just updated it. I have been using
>Kitterman's SPF validator tool to try and get a sense of whether or not the
>SPF record is published correctly, visible, and in the correct syntax.
>
>At that point, I try to test it sending an e-mail to spf-test@openspf.org,
>which bounces and gives me the following information:
>----------------usefull-------------
>Transcript of session follows ... while talking to
>mailout02.controlledmail.com
>RCPT To:<spf-test@openspf.org>
>550 5.7.1 <spf-test@openspf.org>: Recipient address rejected: SPF Tests:
>Mail-From Result="fail": Mail From="*@enchantedboxes.com" HELO <<nb dont publish he address
>name="enchantedboxes.com" HELO Result="fail" Remote IP="64.92.223.215"
>---------------usefull---------------
>So the Mail-From Result is a fail, as well as the HELO result, however I am
>not all too certain how to go about fixing these.

<also removed>

ok first mistake your mailserver greets others as enchantedboxes.com
(bad for many reasons
A a helo/ehlo should be a hostname ie something.enchantedboxes.com {some spamfilters score badly for raw domain-name as its a sign of incompetent admin, and incompetent admin often equals unresponsive to spamming customers/infected pc's etc
B enchantedboxes.com when looked up in dns (long before spf) also fails to point at that ip so it smells of forgery
C it means that if you ever fully separate your webserver from your mail your stuck with the dilema of which gets to keep the name
)

so assuming you find where to change this detail in your mailserver to something.enchantedboxes.com

you would setup an A record for something.enchantedboxes.com pointing to its ip 64.92.223.215
you would setup an spf/txt record for something.enchantedboxes.com of v=spf1 ip4:64.92.223.215 -all

then for the sending address of *@enchantedboxes.com
you would add an spf/txt record to enchantedboxes.com of v=spf1 ip4:64.92.223.215 -all

if you find your server sends from multple ip's (as it certainly receives on a different one to the one that sends)
you would equally add these ip's to the spf records and A records for the helo/ehlo name



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101021190642:DCF69DD6-DD67-11DF-B0CF-A2586A945D92
Powered by Listbox: http://www.listbox.com
Re: Spf Help? [ In reply to ]
Hi there,

On Thu, 21 Oct 2010, alan wrote:

> for a server that helos/ehlos as mailserver126.example.com with the ips of 192.168.34.6 and 192.168.56.8
> it would simply have an spf record of
> v=spf1 ip4:192.168.34.5 ip4:192.168.56.8 -all

Please double check that.

--

73,
Ged.


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101022063356:DEB2F484-DDC7-11DF-B095-36E94A3287EA
Powered by Listbox: http://www.listbox.com
Re: Spf Help? [ In reply to ]
At 11:33 22/10/2010 Friday, G.W. Haywood wrote:
>Hi there,
>
>On Thu, 21 Oct 2010, alan wrote:
>
>> for a server that helos/ehlos as mailserver126.example.com with the ips of 192.168.34.6 and 192.168.56.8
>> it would simply have an spf record of
>> v=spf1 ip4:192.168.34.5 ip4:192.168.56.8 -all
>
>Please double check that.

yes late night and lack of sleep typo makes

should have been
34.6 not 34.5, well spotted that lad!


>--
>
>73,
>Ged.
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>Modify Your Subscription: https://www.listbox.com/member/?&
>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101022063356:DEB2F484-DDC7-11DF-B095-36E94A3287EA
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101022112414:6C825D22-DDF0-11DF-A083-B5E5024B0E75
Powered by Listbox: http://www.listbox.com
Re: Spf Help? [ In reply to ]
Wow, thanks everyone! In all honesty I was not expecting so many replies and
answers, my head is somewhat spinning just trying to digest and understand all
this information. I am confused as how to reply to all these e-mails in an
organized method.

I'll start with giving an update on what I have done up to this point.
Firstly, I used the following SPF record: v=spf1 ip4:64.92.223.217
ip4:64.92.223.215 ~all. I included both IPs just to verify faster. When I have
a moment of time, I will try removing .215, and try to verify once more, and
vice-versa. So first I tested with Kitterman's SPF validator:
**************
SPF records are primarily published in DNS as TXT records.
The TXT records found for your domain are:
e<br>v=spf1 ip4:64.92.223.217 ip4:64.92.223.215 ~all<br>

SPF records should also be published in DNS as type SPF records.
Type SPF records found for the domain are:
e<br>

Checking to see if there is a valid SPF record.

Found v=spf1 record for www.enchantedboxes.com:
v=spf1 ip4:64.92.223.217 ip4:64.92.223.215 ~all
**************
So it seems that it is valid, however, I am unsure why it is saying there are
no "Type SPF" record found. Is there something I am still missing?

At this point I tried to follow some of Alan's advice, which was to change the
helo/ehlo in the mail server from "enchantedboxes.com"
to "mail.enchantedboxes.com" via the Mailserver Hostname. I wasn't sure if the
Mailserver Hostname corresponds to the helo/ehlo, but I figure most likely.

While doing this, I noticed something peculiar. Underneath the Mailserver
Hostname, there is a text field for "Use DNS Lookup", which is directed
to "208.42.228.200". I looked up the IP, and it directs to
subzero.icelabs.net. Now I know that we collocate our server with Ice Labs,
but I was thinking perhaps this should direct to our website ip,
64.92.223.217? I went ahead and sent an e-mail to our old server administrator
and am waiting for a reply, but I thought I would ask here as well.

Next, I sent a test email to test@openspf.org and recieved the following:
**************
The following addresses had permanent fatal errors ----- <spf-
test@openspf.org>

Transcript of session follows ----- ... while talking to
mailout02.controlledmail.com
RCPT To:<spf-test@openspf.org>
550 5.7.1 <spf-test@openspf.org>: Recipient address rejected: SPF Tests:
Mail-From Result="pass": Mail From="admin@enchantedboxes.com" HELO
name="mail.enchantedboxes.com" HELO Result="pass" Remote IP="64.92.223.215"
**************

So the good news is that the Mail-From Result is "pass", and the HELO
Result="pass", so I assume that I am making some good progress.


To make seperation, I make a second post with questions, and how to proceed
from here.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101022165554:C1CBDFC8-DE1E-11DF-8578-38B24A3287EA
Powered by Listbox: http://www.listbox.com
Re: Spf Help? [ In reply to ]
Ok, so I hope that last post went through. I assume there might be a short
delay before it is posted.

So to try and give some background information, and how things came to be, I
will answer Andrew's question, who asked if I am a spammer. We are a small
family runned company that wholesales Polish decorative wooden products and
accessories. We have a list of about 3,000 e-mails that we have been sending
mail(information, news, specials, promotions, etc) to for the past few years.
Being in charge of sending mail, I was not satisfied with the primitive e-mail
software (Handy Mailer) we were using. It did not have an e-mail database what
so ever, and no way of automatically handling unsubscribers. Updating the list
with new customer e-mails was a huge pain, and unsubscribers had to be
painfully removed by hand. In addition, I believe this software spammed
through our Outlook client, which left it in a state of devastation the next
morning after sending a campaign.

So, as a result I began to look through a multitude of email softwares, and
came to the conclusion that a self-hosted version of Active Camapaign's Email
Marketing Software was the best choice. However, due to our server being at
least 10 years old, and running on W2K, installing this software directly on
our host machine was incredibly difficult. I had managed to get it running,
however it was painfully slow and there were various errors. So following the
suggestion of AC's technical support, I decided to host this mail software
with Hostgator, as a subdomain (marketing.enchantedboxes.com) of
www.enchantedboxes.com.

After sending 2 campaigns, it was clear that there were severe issues with
deliverability. And thus I began researching the matter and came upon the
conclusion of trying to incorporate an SPF record.

So now my next question, as it seems that I have sucessfully(?) added the SPF
record to my domain, is how would I know go about adding the subdomain to the
working SPF record. The header for an e-mail sent from the subdomain is
substantially longer, and has many more entries.

I do not know if this is a good comparison, but I will post the headers from a
test email sent to out Outlook account from our Outlook account, and from the
subdomain's marketing software to the same Outlook account:

Outlook>Outlook:
Received: from EWBPC ([65.96.162.50])
by mail.enchantedboxes.com (Merak 5.3.3) with SMTP id AAA37674
for <misiu@enchantedboxes.com>; Fri, 22 Oct 2010 13:32:07 -0400
From: "Admin" <admin@enchantedboxes.com>
To: <misiu@enchantedboxes.com>
Subject: test
Date: Fri, 22 Oct 2010 13:58:28 -0400
Message-ID: <8A74165EBFCC4511BA904616DE266EA1@EWBPC>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0588_01CB71F1.344204F0"
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7600.16543
Thread-Index: ActyErn63m+SdhJAQ3+IKQ+3yujCYQ==
********************
Subdomain marketing software>Outlook:
Received: from gateway08.websitewelcome.com ([67.18.81.18])
by etherstreet.com (Merak 5.3.3) with SMTP id AAA37674
for <misiu@enchantedboxes.com>; Mon, 18 Oct 2010 17:01:10 -0400
Received: (qmail 22545 invoked from network); 18 Oct 2010 21:27:07 -0000
Received: from gator1197.hostgator.com (174.122.2.194)
by gateway08.websitewelcome.com with SMTP; 18 Oct 2010 21:27:07 -0000
Received: from misiu by gator1197.hostgator.com with local (Exim 4.69)
(envelope-from <bounced@enchantedboxes.com>)
id 1P7xEV-0000wI-WE
for misiu@enchantedboxes.com; Mon, 18 Oct 2010 16:27:04 -0500
To: misiu@enchantedboxes.com
Subject: October Wooden Box Sale from EWB
X-PHP-Script: marketing.enchantedboxes.com/12all/admin/api.php for 65.96.162.50
From: Enchanted World of Boxes <service@enchantedboxes.com>
Date: Mon, 18 Oct 2010 16:27:03 -0500
X-LibVersion: 3.3.2_4
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_=_swift-1778746094cbcbba7f09ef6.29421406_=_"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced by SwiftMailer 3.3.2_4
X-mid: bWlzaXVAZW5jaGFudGVkYm94ZXMuY29tICwgYzAgLCBtLTE=
X-Mailer: ACEM
User-Agent: ACEM
X-Sender: <service@enchantedboxes.com>
List-Unsubscribe: <http://marketing.enchantedboxes.com/12all/box.php?
nl=7&c=0&m=-1&s=eb8be315070c4cb0fbd70ea02ef462a6&funcml=unsub2>
Message-ID: <20101018212703.3587.151083156.swift@marketing.enchantedboxes.com>
X-AntiAbuse: This header was added to track abuse, please include it with any
abuse report
X-AntiAbuse: Primary Hostname - gator1197.hostgator.com
X-AntiAbuse: Original Domain - enchantedboxes.com
X-AntiAbuse: Originator/Caller UID/GID - [855 853] / [47 12]
X-AntiAbuse: Sender Address Domain - enchantedboxes.com
********************
Now the first thing that really confuses me with the subdomain's header, is
HostGators dns server, websitewelcome.com. I say this because if I examine two
headers from two different tests of the same e-mail I sent to myself, the
header information recieved is different.

Looking at this line:
Received: from gateway08.websitewelcome.com ([67.18.81.18])

The gateway08 changes, it could be gateway12, or gateway01, and possibly every
other combination of number. Same with the ip, the first four sets of numbers
seem to stay consistant, by the ending digits change, where .18 may
be .4, .56, or something else.

So I am confused as to how I would go about adding this to the SPF record,
assuming it is required. Could I simply just add the
domain "gator1197.hostgator.com", or its corresponding IP, "174.122.2.194"?

I am beginning to lose my train of thought as I've essentially confused myself
writing these two posts. Alan, thank you for this link:
http://www.alandoherty.net/info/mailservers/

I will try to follow it and add to it. I began reading it, and it is why I
asked about the DNS Lookup in the Merak Mail Server options. One final
question, once I finish a completed SPF record, would it be easy to convert it
into a Sender ID record? They seem relatively similar aside from the beginning
entry, from what little I know.

Thanks again everybody!
Michael



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101022172407:B304EFE4-DE22-11DF-BF04-2EDE4A3287EA
Powered by Listbox: http://www.listbox.com
RE: Re: Spf Help? [ In reply to ]
Michael Kowalski wrote on Fri, Oct 22 2010 at 3:55 pm:

> So it seems that it is valid, however, I am unsure why it is saying there are
> no "Type SPF" record found.

When it started out the only thing that really could be used is TXT records. After SPF got rolling a unique DNS record type was applied for and granted but not all DNS servers support it and most everyone is using TXT now anyway.


Steve Yates
Integrated Technical Solutions, Inc.

www.teamITS.com
630.420.2550
630.420.2771 (fax)




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101023144727:FA8B5A7A-DED5-11DF-A476-A7C6BED00346
Powered by Listbox: http://www.listbox.com
Re: Spf Help? [ In reply to ]
So I am not sure if anyone will see this since I am replying a few weeks
later, but based on my last post, to include hostgator information, would I
end up with something like:

v=spf1 ip4:64.92.223.217 ip4:64.92.223.215 include:websitewelcome.com -all

This is a header I am looking at:
Received: from gateway08.websitewelcome.com ([67.18.81.18])

The gateway08 changes, it could be gateway12, or gateway01, and possibly every
other combination of number. Same with the ip, the first four sets of numbers
seem to stay consistant, by the ending digits change, where .18 may
be .4, .56, or something else.

So is this the only way to go about it? I am guessing I am authorizing a ton
of spam along the way?

Thanks,
Michael






-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101118164248:C977E80E-F35C-11DF-AFCD-C5C834997010
Powered by Listbox: http://www.listbox.com
RE: Re: Spf Help? [ In reply to ]
Michael Kowalski wrote on Thu, Nov 18 2010 at 3:42 pm:

> v=spf1 ip4:64.92.223.217 ip4:64.92.223.215 include:websitewelcome.com -all
>
> This is a header I am looking at:
> Received: from gateway08.websitewelcome.com ([67.18.81.18])

> So is this the only way to go about it? I am guessing I am authorizing a ton
> of spam along the way?

Since they have published an SPF record that would work. You could also use

v=spf1 ip4:64.92.223.217 ip4:64.92.223.215 ?include:websitewelcome.com -all

...with the "?" indicating a Neutral response for anything coming from their servers.


-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Panic, n. - The first time you can't do it a second time.

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101118184414:C4ED7D7E-F36D-11DF-9DA9-B82955105308
Powered by Listbox: http://www.listbox.com
Re: Spf Help? [ In reply to ]
Hey Steve,

Thanks for the reply, I will go ahead and try as you suggested, "v=spf1
ip4:64.92.223.217 ip4:64.92.223.215 ?include:websitewelcome.com -all". I
suppose due to having the marketing software on a subdomain with HostGator on
a shared server has the downside of having to include the entire
websitewelcome nameserver. Is there any way I could try to further specify a
less broad entry? I will send HostGator a support ticket and ask, maybe they
know some way.

Also, one more question, how can I go about implementing a Sender ID? It seems
to be somewhat similar to SPF, albeit not exactly of course. I've been looking
on the web for some tutorial or forum that could help shed light on the
matter, but it seems this information is rather low key.

Thanks so much!
Michael







-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101119122520:FE7EB938-F401-11DF-B271-7AEAC5F4DBAC
Powered by Listbox: http://www.listbox.com
Re: Re: Spf Help? [ In reply to ]
Did you see this?

http://www.openspf.org/SPF_vs_Sender_ID

David

>Hey Steve,
>
>Thanks for the reply, I will go ahead and try as you suggested, "v=spf1
>ip4:64.92.223.217 ip4:64.92.223.215 ?include:websitewelcome.com -all". I
>suppose due to having the marketing software on a subdomain with HostGator on
>a shared server has the downside of having to include the entire
>websitewelcome nameserver. Is there any way I could try to further specify a
>less broad entry? I will send HostGator a support ticket and ask, maybe they
>know some way.
>
>Also, one more question, how can I go about implementing a Sender
>ID? It seems
>to be somewhat similar to SPF, albeit not exactly of course. I've
>been looking
>on the web for some tutorial or forum that could help shed light on the
>matter, but it seems this information is rather low key.
>
>Thanks so much!
>Michael



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101119123528:691A724A-F403-11DF-A9F8-B60FC6F4DBAC
Powered by Listbox: http://www.listbox.com
Re: Spf Help? [ In reply to ]
Hey David, yes I did look through that link a few times, but it is confusing.
Some places say that if your SPF record is working, you do not need Sender ID,
is this the case?

Also, went ahead and implemented the SPF record, and am in the process of
waiting for the rDNS to propogate. The rDNS should now point to our domain.

The problem with sending e-mails to Hotmail seems to have gotten better,
albeit there are still problems. When I send a test e-mail via Outlook 2003
via our mail server, I get a header like this in my Hotmail e-mail account
(much improved over the last time I checked, where e-mails were going to the
Hotmail junk inbox, now there is no visible problem):

X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtTQ0w9MQ==
X-Message-Status: n
X-SID-PRA: Admin <admin@enchantedboxes.com>
X-SID-Result: Pass
X-AUTH-Result: PASS

However, when I send an e-mail from our e-mail software on the subdomain
hosted by HostGator, I get:

X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtTQ0w9NA==
X-Message-Status: n
X-SID-PRA: Enchanted World of Boxes <service@enchantedboxes.com>
X-SID-Result: SoftFail
X-DKIM-Result: None
X-AUTH-Result: FAIL

So I am guessing that the SPF record is still not implemented correctly.
Should I try this?
"v=spf1 ip4:64.92.223.217 ip4:64.92.223.215 include:websitewelcome.com -all"
Although without the "?", I suppose I am taking responsibility for every e-
mail sent from HostGator? Are there any other options?

Thanks,
Michael



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101119132153:E746BD3A-F409-11DF-93E4-8F9620ADEC6C
Powered by Listbox: http://www.listbox.com
Re: Re: Spf Help? [ In reply to ]
The webpage says that Sender ID is not SPF. If you don't want to use
Sender ID, publish a

spf2.0/pra

record. Your email headers say "SID", not "SPF".

David

>Hey David, yes I did look through that link a few times, but it is confusing.
>Some places say that if your SPF record is working, you do not need
>Sender ID,
>is this the case?
>
>Also, went ahead and implemented the SPF record, and am in the process of
>waiting for the rDNS to propogate. The rDNS should now point to our domain.
>
>The problem with sending e-mails to Hotmail seems to have gotten better,
>albeit there are still problems. When I send a test e-mail via Outlook 2003
>via our mail server, I get a header like this in my Hotmail e-mail account
>(much improved over the last time I checked, where e-mails were going to the
>Hotmail junk inbox, now there is no visible problem):
>
>X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtTQ0w9MQ==
>X-Message-Status: n
>X-SID-PRA: Admin <admin@enchantedboxes.com>
>X-SID-Result: Pass
>X-AUTH-Result: PASS
>
>However, when I send an e-mail from our e-mail software on the subdomain
>hosted by HostGator, I get:
>
>X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtTQ0w9NA==
>X-Message-Status: n
>X-SID-PRA: Enchanted World of Boxes <service@enchantedboxes.com>
>X-SID-Result: SoftFail
>X-DKIM-Result: None
>X-AUTH-Result: FAIL
>
>So I am guessing that the SPF record is still not implemented correctly.
>Should I try this?
>"v=spf1 ip4:64.92.223.217 ip4:64.92.223.215 include:websitewelcome.com -all"
>Although without the "?", I suppose I am taking responsibility for every e-
>mail sent from HostGator? Are there any other options?
>
>Thanks,
>Michael
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/
>[http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>Modify Your Subscription:
>https://www.listbox.com/member/?&
>Unsubscribe Now:
>https://www.listbox.com/unsubscribe/?&&post_id=20101119132153:E746BD3A-F409-11DF-93E4-8F9620ADEC6C
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101119133339:86094018-F40B-11DF-83DE-3FD8C5F4DBAC
Powered by Listbox: http://www.listbox.com
Re: Spf Help? [ In reply to ]
I am sorry; I am really not that familiar with these things. It's true that
Hotmail seems to be reading the SPF as an SID in the lines that say PASS. If I
remove the SPF record, then the direct mailing would give the same result as
that which I sent via the subdomain. Also, why would I want to try and disable
SID? Isn't it needed for further verification?

Also, from examing the header a bit more, would it make sense to try and
add "gator1197.hostgator.com" and the IP "174.122.2.194"? I think the domain
and IP are referring to my subdomain. Perhaps in conjunction with
websitewelcome.com?

Thanks,
Michael




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101119135230:2DEC0E8A-F40E-11DF-AA9E-B5238CA9C7A4
Powered by Listbox: http://www.listbox.com
RE: Re: Spf Help? [ In reply to ]
>
>Also, from examing the header a bit more, would it make sense to try and
>add "gator1197.hostgator.com" and the IP "174.122.2.194"? I think the domain
>and IP are referring to my subdomain. Perhaps in conjunction with
>websitewelcome.com?

Is gator1197.hostgator.com [174.122.2.194] the delivering mail server to your domain? SPF is
only concerned with the mail server(s) directly delivering mail to you.

If you answered "yes" to my above question then gator1197.hostgator.com resolves to
174.122.2.194 so you could simply add ip4:174.122.2.194 to your existing record.

Wendy Honeycutt
SonicFog, Inc.




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101119141014:A55D18AE-F410-11DF-991E-AA51F559ED1D
Powered by Listbox: http://www.listbox.com
Re: Re: Spf Help? [ In reply to ]
I'm not familiar with them either. The webpage says that SID is not
SPF. It also says to either figure out what SID record you really
want or simply publish an empty SID record ("spf2.0/pra") so your SPF
record won't be misinterpreted as an SID record. Since the webpage
says that SID is not a good idea, just publish an empty SID record
and see what happens.

David

>I am sorry; I am really not that familiar with these things. It's true that
>Hotmail seems to be reading the SPF as an SID in the lines that say
>PASS. If I
>remove the SPF record, then the direct mailing would give the same result as
>that which I sent via the subdomain. Also, why would I want to try
>and disable
>SID? Isn't it needed for further verification?
>
>Also, from examing the header a bit more, would it make sense to try and
>add "gator1197.hostgator.com" and the IP "174.122.2.194"? I think the domain
>and IP are referring to my subdomain. Perhaps in conjunction with
>websitewelcome.com?
>
>Thanks,
>Michael



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101119141015:A65AEF56-F410-11DF-8A9C-5EDFC5F4DBAC
Powered by Listbox: http://www.listbox.com
RE: Re: Spf Help? [ In reply to ]
Michael Kowalski wrote on Fri, Nov 19 2010 at 11:24 am:

> suppose due to having the marketing software on a subdomain with
> HostGator on a shared server has the downside of having to include the
> entire websitewelcome nameserver. Is there any way I could try to
> further specify a less broad entry? I will send HostGator a support
> ticket and ask, maybe they know some way.

Yes, you would need to ask them. Some ISPs use a different set of mail servers, and hence a different SPF record, for their own domain vs. delivery servers for their customers.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101119171910:0B5B280C-F42B-11DF-8987-CC17C6F4DBAC
Powered by Listbox: http://www.listbox.com
Re: Spf Help? [ In reply to ]
Hello,

Thanks everyone, the problem seems to have been resolved. I'm not sure which
item helped, but the combination of SPF record, setting up the rDNS, and Host
Gator making some changes to how the subdomain works seems to have solved the
problem.

Everybody's help is so much appreciated!
Thanks again,
Michael



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101122122015:BE8F1996-F65C-11DF-92A9-E0241821B0C0
Powered by Listbox: http://www.listbox.com