alan | 12 Feb 23:22 2010
Picon

Re: More detail on subdomains

At 20:38 12/02/2010  Friday, James R. Marcus wrote:
>Okay
>I'll set an SPF to tell the world not accept email from  <at> www.edhance.com with
<http://www.edhance.com>www.edhance.com  IN TXT "v=spf1 -all" correct?
>The part that I'm not quite clear on is the part with the relay hosts. The relay hosts
<http://relay1.edhance.com>relay1.edhance.com and
<http://relay0.edhance.com>relay0.edhance.com don't have txt record but they are in the
<http://edhance.com>edhance.com TXT record.  To be extra safe should I add a txt record for each of the
relays like this: <http://relay1.edhance.com>relay1.edhance.com.  IN TXT "v=spf1
ip4:67.110.143.100 -all" & <http://relay0.edhance.com>relay0.edhance.com.  IN TXT "v=spf1
ip4:67.110.143.99 -all"?
>
>Thanks,
>James

now from looking at your actual spf records {as now i see the bit quoted was for example.com not edhance.com
edhance.com IN TXT v=spf1 mx ip4:67.110.143.99 ip4:64.68.200.53 ip4:74.203.49.89
ip4:67.110.143.100 ip4:174.143.247.222 -all
relay0.edhance.com

i see you need to remove the mx or at least move it to after the ip4 records
{ALWAYS,ALWAYS order correctly ip4{fastest 0 extra lookups} then A{1 lookup} then only if necessary mx{4
in your case}}
if you know your ip's mx is never needed or useful {and in your case mx == ip4:67.110.143.99
ip4:67.110.143.100 ip4:64.68.200.53}

so i would rewrite your spf as follows given the available information
edhance.com IN TXT v=spf1 ip4:67.110.143.99 ip4:67.110.143.100 ip4:74.203.49.89
ip4:174.143.247.222 ip4:64.68.200.53 a:smtp2.easydns.com  -all

(Continue reading)


Gmane