spf-help | 20 Apr 15:44
Favicon

Thank you for being part of spf-help

We've removed gmssh-spf-help-2 <at> m.gmane.org from spf-help.

No further action is necessary. Thank you for being with us.

-----------------------------------------------------------

**** PLEASE NOTE ****

We are getting reports of INVOLUNTARY UNSUBSCRIBTIONS.
We believe that there is a bug in the list software so
that people may be unsubscribed without asking to be
unsubscribed.  The message may say that you were dropped
by the list moderator, but that part of the message is
false.  If this happened to you, please resubscribe.

Rejoin spf-help at https://www.listbox.com/member/?member_id=10912636&id_secret=10912636-0616e5eb

brian | 8 Mar 21:58

multiple domains

I have several domains hosted on a single server. That machine's 
hostname is domain1.com, same as that used for Postfix. The outgoing 
server used for all email accounts is mail.domain1.com.

I'm having a lot of trouble understanding how to create SPF records for 
all of the domains on this server. Specifically, the instructions for 
the tool at openspf.org are making my head spin. I think that this is 
what I need:

domain1.com:
v=spf1 a:mail.domain1.com -all

domain2.com:
v=spf1 a:domain2.com include:mail.domain1.com -all

etc.

Is this correct? I'm unsure whether I need an SPF record for each 
domain, or a single one for domain1.com that includes the others.

Jackie Choquette | 4 Mar 22:12
Favicon

Help with SPF for multiple domains please

I am trying to help a client of my set up an SPF record for his domain. He has 
the need to authenticate mail from three locations

1. his domain whistlerreservations.com which is set up with google apps mail

2. Via a third party booking engine that sends mail from the domain rezserve.com

3. Via campaign monitor (cmail1.com) which is an email distribution system.

I have set up the following

v=spf1 a mx include:rezserve.com include:cmail1.com include:_spf.google.com ~all

but am getting the following error when validating with the 
http://www.kitterman.com/spf/validate.html SPF Records Testing Tools Results - 

PermError SPF Permanent Error: No valid SPF record for included domain: 
rezserve.com: include:rezserve.com 

Does Rezserve.com have to do something on there end? If so what do they need to 
do? Also do I need to specify a mx in my spf if I already have 
include:_spf.google.com in there? 

I hacked this together from various sources

1) google apps help - google.com/support/a/bin/answer.py?answer=178723]SPF 
records - Google Apps Help[/url]

which says to set the following v=spf1 include:_spf.google.com ~all

2) Campaingmonitor help -help.campaignmonitor.com/topic.aspx?t=88

Which says to set - v=spf1 mx include:cmail1.com ~all

Below is the mail header from one of the messages sent from resserve.com

Delivered-To: jac <at> whistlerwebandprint.com
Received: by 10.231.30.196 with SMTP id v4cs105047ibc;
Mon, 28 Feb 2011 13:54:38 -0800 (PST)
Received: by 10.227.156.207 with SMTP id y15mr5389341wbw.38.1298930077969;
Mon, 28 Feb 2011 13:54:37 -0800 (PST)
Return-Path: <reservations <at> whistlerreservations.com>
Received: from rezserve.com ([204.14.93.102])
by mx.google.com with ESMTPS id p44si7256090wej.197.2011.02.28.13.54.36
(version=TLSv1/SSLv3 cipher=OTHER);
Mon, 28 Feb 2011 13:54:36 -0800 (PST)
Received-SPF: neutral (google.com: 204.14.93.102 is neither permitted nor denied 
by best guess record for domain of reservations <at> whistlerreservations.com) 
client-ip=204.14.93.102;
Authentication-Results: mx.google.com; spf=neutral (google.com: 204.14.93.102 is 
neither permitted nor denied by best guess record for domain of 
reservations <at> whistlerreservations.com) 
smtp.mail=reservations <at> whistlerreservations.com
Received: from rezserve.com (localhost.localdomain [127.0.0.1])
by rezserve.com (8.13.1/8.13.1) with ESMTP id p1SLsT8X032018
for <jac <at> whistlerwebandprint.com>; Mon, 28 Feb 2011 16:54:29 -0500
Received: (from apache <at> localhost)
by rezserve.com (8.13.1/8.13.1/Submit) id p1SLsTll032016;
Mon, 28 Feb 2011 16:54:29 -0500
Date: Mon, 28 Feb 2011 16:54:29 -0500

Picon

Re: do you see something i don't

El mi�, 02-03-2011 a las 14:59 -0500, Andrew Culver escribi�:
> The DNS records you gave below aren't the same as what I see.
> 
> Trying "listas.fcal.uner.edu.ar"
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28806
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 1
> 
> ;; QUESTION SECTION:
> ;listas.fcal.uner.edu.ar.	IN	ANY
> 
> ;; ANSWER SECTION:
> listas.fcal.uner.edu.ar. 4350	IN	A	190.228.25.197
> listas.fcal.uner.edu.ar. 4340	IN	MX	10 listas.fcal.uner.edu.ar.
> listas.fcal.uner.edu.ar. 4334	IN	TXT	"v=spf1 mx -all"
> 
> ;; AUTHORITY SECTION:
> fcal.uner.edu.ar.	4341	IN	NS	ns1.uner.edu.ar.
> fcal.uner.edu.ar.	4341	IN	NS	ns1.fcal.uner.edu.ar.
> fcal.uner.edu.ar.	4341	IN	NS	ns2.fcal.uner.edu.ar.
> 
> ;; ADDITIONAL SECTION:
> ns2.fcal.uner.edu.ar.	4341	IN	A	170.210.29.130
> 
> Received 170 bytes from 129.100.2.12#53 in 1 ms
> 
> 
> Andrew
> 

that's because you are not inside the RIU network, that is our
commercial link and the visible address to commercial Internet

it isn't an error, it's the supposed answer

regards.

--

-- 
Carlos R. Pasqualini <pasqualinic <at> fcal.uner.edu.ar>
Adm. de Redes - Facultad de Ciencias de la Alimentaci�n - UNER

Benny Pedersen | 25 Feb 19:30

Re: Where is the difference?

On Fri, 25 Feb 2011 19:04:55 +0100, Marc Oliv� <marc <at> elnucli.com> wrote:

> The (HARD)FAIL) message header:

http://old.openspf.org/wizard.html?mydomain=aerobicyfitness.espainucli.com&submit=Go!

aerobicyfitness.espainucli.com's IP address is 212.36.77.75
(xen-ad0059.srv.cat). 
Does that server send mail from aerobicyfitness.espainucli.com?

add ip4:212.36.77.75 to the above spf record

Picon

Contact information to the webmaster for openspf.org

Hi everyone,

I have tried to contact the webmaster for the web page "openspf.org", 
because the web page has a error, but the mail address I write to (
spf-webmasters <at> v2.listbox.com
) does not work.

Have any person a directly mail address to the webmaster?

I can not write via the form on the openspf.org-web page, because the form 
also have a error.

Thanks for the answer.

Regards,
Anders 

Ball (LIMAR | 10 Feb 02:46
Favicon

my email

Dear Sir

 

                This is my email.

 

Regards,

(Ball) Kanasin Seehatri

IT Supervisor

-----------------------------------------------------------------

Limar Oiltools Co., Ltd.

H/P     : +66 (0) 23825281

Email : ball <at> limaroiltools.com

Web    : www.limaroiltools.com

-----------------------------------------------------------------

 

Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/

Archives | Modify Your Subscription | Unsubscribe Now
Timothy DeHan | 3 Feb 16:02

Would the following SPF be the best?

I host email for my families different domains.  I am confused on how best to create SPF records for each of their domains.  Each of the different domains point to the same IP address of the server.  The email server is located in my house and Comcast Business is my ISP.  I have a PTR record created with Comcast.  My family is located all over the country with multiple different ISPs.  There are MX records setup in DNS for each of their domains.

 

Would the following SPF be the best?  v=spf1 ip4:70.89.155.193 a mx ~all

 

Or something like this?  v=spf1 a mx ptr mx:mail.whateverdomain.com ~all

Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/

Archives | Modify Your Subscription | Unsubscribe Now
Rob Smith | 3 Feb 11:57
Picon
Gravatar

Using subdomain for mailout

Hi
 
Ive got a client who has part of his company who want to send out email newsletters. Theyve been asked to set up an SPF record to allow a third party mailing company to send the mail on their behalf. At present their domain has no SPF records. I asked our clients if they could give me a list of every mail server that sends mail for their domain, as if I put only the third party mailing companys server in the SPF, other mail from the companys other servers might get bounced. After two weeks they still couldnt provide a definitive list of servers, as the company seems to use lots of third party servers to send mailouts for their different products.
 
One solution thats been suggested is to create a subdomain for the third party mailing company, then stick with having no SPF record for the main domain - ie
 
 
company.co.uk
 
No SPF record
 
mailouts.company.co.uk
 
IN TXT "v=spf1 a:3rdparty.mailer.server.com ~all"
 
 
It looks like this might work, though it looks a bit complicated. Im wondering if anyone has any thoughts on this setup, and any drawbacks they might know of.
 
Thanks in advance
 
Rob Smith
 
 

Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/

Archives | Modify Your Subscription | Unsubscribe Now
Yann GMAIL | 2 Feb 14:32
Picon

best practices for txt records with more than 255 characters

Hi all,
 
I want to know what is the best way to configure my spf with multiple ip addresses with no PTR records and managed by differents administrators.
My problem today is about two limits : 255 characters for one TXT record and 10 DNS lookup
 
today, i have a email domain : mydomain.com
with a TXT and a redirect to _spf.mydomain.com
the TXT of _spfmydomain.com contains all the IP addresses of my trusted senders.
 
thank you

Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/

Archives | Modify Your Subscription | Unsubscribe Now
J4K | 28 Jan 16:22
Picon

v=spf1 mx ~all SoftFail

Dear everyone,

    I recently started to host my own Email server for my domain.  I noticed that the registar for my domain name added an SPF of:
v=spf1 mx ~all

What concerns me is the tilde character ~.  I understood this to softfail. 
SoftFail The SPF record has designated the host as NOT being allowed to send but is in transition accept but mark

Since the MX records for this domain are correct, and there should be no other servers sending on its behalf, then ought to record be:
v=spf1 mx +all
Would the +all mean that only the servers listed in the MX records can send?

Any help would be greatly appreciated.

Best regards, Simon.

-----------------------
Deatils from dig below

# dig -t txt klunky.co.uk

; <<>> DiG 9.7.2-P3 <<>> -t txt klunky.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50965
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;klunky.co.uk.            IN    TXT

;; ANSWER SECTION:
klunky.co.uk.        3600    IN    TXT    "v=spf1 mx ~all"

;; Query time: 0 msec
;; SERVER: 62.58.61.186#53(62.58.61.186)
;; WHEN: Fri Jan 28 16:12:09 2011
;; MSG SIZE  rcvd: 57

Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/

Archives | Modify Your Subscription | Unsubscribe Now

Gmane