Mailing List Archive

Daniel,

I think that you have a good start, but suble misunderstandings have your record(s) likely wrong.

> I operate a mail server that hosts mail for just under 500 domains. My
> clientele are real estate agents, most of whom are mobile. I have three
> scenarios that I am trying to deal with:
>
> 1. Users who use our webmail system, which sends all e-mail out through
> the SMTP server mail.vreo.com.
> 2. Users who use Outlook or some other MUA, and who are configured to
> send mail through mail.vreo.com (password authenticated, of course).
> 3. Users who use an MUA as above, but who send their mail through an
> ISP or some other foreign mail server.
Numbers 1 and 2 are not a problem. They are easy to account for. Number 3, though, is more of a problem. If a given user, say JohnSmith (below), will always send from the same location, then you can account for it. I'll address him below. The 'best' solution is to make him always send mail through your server.

>
> Let's say that Joe Schmoe (joe@buylandcuztheyaintmakinganymore.com) sends
> his e-mail through mail.vreo.com. My understanding is that in his zone we
> would need an SPF record that reads "v=spf1 mx:mail.vreo.com". Is this
> correct?
Probably not. First, you do not have a 'all' modifier which is practically necessary. Also, what your sample record says is 'the MX servers for the domain mail.vreo.com are allowed'. What you are probably wanting to say is either:
1) "v=spf1 mx:vreo.com -all" - which says that the MX servers for the domain vreo.com are allowed to send mail, or
2) "v=spf1 a:mail.vreo.com -all" - which says that the computer mail.vreo.com is allowed to send mail.

Possibly even better would be to create the appropriate record for the domain vreo.com, such as "v=spf1 mx:vreo.com -all" and then for buylandcuztheyaintmakinganymore.com and all your other customers, use:
"v=spf1 include:vreo.com -all"
which says to go get the SPF record for vreo.com and use whatever is in there. That way, if you change your configuration, such as adding another server, you won't have to change 500 domain SPF records.
>
> Now, let's say that John Smith
> (jsmith@sellyoursoulforahomeinsanfrancisco.com) is sitting at his home, and
> he sends an e-mail to AOL that goes out through his ISP's mail server. At
> the same time, his web site is sending out confirmation messages through
> mail.vreo.com to other AOL users. Where is AOL going to check for an SPF
> record? What needs to be in that SPF record in order for John's e-mail to
> go through?
In this case, you could use:
"v=spf1 mx:vreo.com a:joeshomecomputersdnsname -all"
or
"v=spf1 mx:vreo.com ip4:joeshomecomputersipaddress -all"
or use the include instead of the 'mx:...' part giving:
"v=spf1 include:vreo.com a:joeshomecomputersdnsname -all"

Good luck,
Marc

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com