headers
Andrew Culver | 30 Jun 15:32
Favicon

How best to include?

We are looking to expand SPF records to several of our subdomains and
clients' domains. We have 2 IP addresses which send outbound mail, which
would be the same for most of our clients and subdomains. Rather than
list these IPs in the SPF records for each client/subdomain, I think
using include: may be more appropriate in case we need to change the IP
in the future.

Then I got wondering, should I do really have all these other domains
include our top domain? What if we want to allow few more IP addresses
to send mail as @uwo.ca? I don't want to authorize that IP to send mail
as every other domain that's including us.

This is our current SPF record:

uwo.ca "v=spf1 ip4:129.100.74.146 ip4:129.100.74.147 ~all"

I'm thinking of laying things out in the following way:

_spf.uwo.ca "v=spf1 ip4:129.100.74.146 ip4:129.100.74.147 ~all"
uwo.ca "v=spf1 include:_spf.uwo.ca ~all"
its.uwo.ca "v=spf1 include:_spf.uwo.ca ~all"

This way its.uwo.ca (and others) wouldn't need to update their records
if we had to change our outbound mail servers and we could add
additional entries to uwo.ca without affecting all the other domains.

My only concern is the extra lookups caused by include. Is this a big
deal? Would others recommend the setup I described?

The description of how include works is also a bit unclear. If
(Continue reading)

Permalink | Reply | 1 comment |
headers
david.lw.wong | 30 Jun 09:55

Need help on SPF Records.

Hi SPF Support Forum,

I need some advice on SPF config on our DNS record. Our current SPF record 
on DNS

I am getting error message when sending email from @exxonmobil.com to 
mailing domain @franki.be and received rejection error message pointing to 
SPF record error

http://www.openspf.org/Why?id=david.lw.wong%40exxonmobil.com&ip=212.166.45.84&receiver=axsguard.franki-construct.be

From URL above, it mentioned that one of the mailing sending address 
212-166-45-84.win.be is not in the SPF record list.

So, it have recommend that we should insert the address into the SPF list.

But the problem is, we only have 4 outbound servers, which all already 
list in the SPF record

dalmxp61.exxonmobil.com
dalmxp62.exxonmobil.com
hoemxp61.exxonmobil.com
hoemxp62.exxonmobil.com

We not sure where is the 212-166-45-84.win.be comes from. Checking on our 
relay log, it seems that mail.franki.be mailing server have ip address - 
212.166.45.84 which similar to what it suggesting for us to put. But it 
just doesn't make any sense because the SPF list is for declaring our 
official sending mailing server which it should have sufficient for our 
SPF record for other to authenticate.
(Continue reading)

Permalink | Reply | 2 comments |
headers
Michael Ben-Nes | 28 Jun 11:08

Google app SPF test keep failing

Hi,

I am trying to setup an SPF record for the domain canaan.net.il So comments
from a web form will pass the SPF test.

The details are:

Sender: dontreplay <at> canaan.net.il
Server: 212.150.236.132

I added SPF & TXT records, both the same:
"v=spf1 ip4:212.150.236.0/24 a mx a:cs1.canaan.net.il a:
mail100.canaan.net.il ~all"
( This is only one of the variation I tested )

I passed the test successfully using: http://www.vamsoft.com/spfcheck.asp

But when the destination is a domain under Google app, I get the following
error:

Received-SPF: neutral (google.com: 212.150.236.132 is neither permitted nor
denied by best guess record for domain of www-data <at> mail100.canaan.net.il)
client-ip=212.150.236.132;
Authentication-Results: mx.google.com; spf=neutral (google.com:
212.150.236.132 is neither permitted nor denied by best guess record for
domain of www-data <at> mail100.canaan.net.il) smtp.mail=
www-data <at> mail100.canaan.net.il

I am actually clueless, any tip will be mostly appreciated?
(Continue reading)

Permalink | Reply | 4 comments |
headers
jerry | 23 Jun 02:51

Digest 1.441 for spf-help

I am on holiday until Monday 29th June 2009. If your enquiry is high priority you can call me on 07973 767053 or
contact my colleague Chris Maines (chris <at> softfusion.co.uk)

For support issues contact support <at> softfusion.co.uk

Thanks, Jerry
Permalink | Reply | 1 comment |
headers
Stephan Chayer | 19 Jun 15:39

SPF issue

Hi everyone,

We implemented SPF 3-4 years ago and we just started having issues.
Is there a new implementation for the past few weeks?

Example, our servers are in a coloc room in Montreal but our local office
ISP is a third party cable company.  So we are interested to put them in our
include:relais.videotron.ca listing in case we would throw mail directly
from the office.

Our spf record is: 
intrasoft.net. IN TXT "v=spf1 a mx a:mail.intrasoft.net
include:relais.videotron.ca include:vivaldi.intrasoft.net -all"

Some spf test tools are testing ok, and some not.  Some times we do get 
"Maximum DNS-interactive terms limit (10) exceeded." so we have no clue.  

We tried some other settings and we also have seen things about trivial
include.  We read that the include host needs a spf record to be valid? If
the ISP SMTP server doesn't have an SPF, how can we add them to our
customer's spf.

Our usual spf record used for hosted domains are:
Domain-name.com. IN TXT "v=spf1 a mx a:mail.domain-name.com
include:bellnet.ca include:relais.videotron.ca include:bellnexxia.net ~all".
The "~" should advertise that we are in transition but spf fails anyway.

Any help would be appreciated

Steve
(Continue reading)

Permalink | Reply | 1 comment |
headers
Rob Smith | 19 Jun 15:00
Favicon

Which domain do I put the SPF record in

Hi

We send out mail from our server called say mail.ourserver.com . The mail has the from address say
news <at> customersdomain.com  Ive created an SPF record in the zone file of ouserver.com which mentions the
ip address of mail.ourserver.com - do I need an SPF record in the zone file for customersdomain.com ?

Thanks in advance for help on this.

Rob Smith
Permalink | Reply | 1 comment |
headers
Torintino T | 17 Jun 21:07
Favicon

SPF creation Help


I have got Zimbra Collaboration Suite 5.0 Setup, 

i am receiving a lot of Spams, and Backscatter Spams as well.

Actually, i need please dedicated Practical steps to follow to create a successful SPF record creation to prevent
the Spams and specially the Backscatter Spams on Zimbra Server.

And does this SPF record has to be applied on both our own Zimbra mail server and the Mail Server's Public IP at
ISP to prevent Spams and Bacscatter Spams.

Your replies will be highly appreciated.

Thanks a lot.

Torinto
_________________________________________________________________
Windows Live™: Keep your life in sync. Check it out!
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_allup_explore_012009
Permalink | Reply | 6 comments |
headers
Torintino T | 17 Jun 20:54
Favicon

SPF Creation Help to prevent Spams and Backscatter Spams


_________________________________________________________________
More than messages–check out the rest of the Windows Live™.
http://www.microsoft.com/windows/windowslive/
Permalink | Reply | 0 comments |
headers
David S Roberts | 16 Jun 03:06

Multiple TXT Records good/bad?

I have setup TXT records for SPF1 and SPF2/MFROM.  I have been running this
way for quite a while, but only recently tried the tools at spf.org.  I
receive the following result:

An SPF-enabled mail server rejected a message that claimed an envelope
sender address of moongate1.com.

An SPF-enabled mail server received a message from x01.moongate1.net
(71.163.47.79) that claimed an envelope sender address of moongate1.com.

The domain moongate1.com has authorized x01.moongate1.net (71.163.47.79) to
send mail on its behalf, so the message should have been accepted. It is
impossible for us to say why it was rejected.

Could I be causing the problem by having the second TXT record?

moongate1.com txt v=spf1 ip4:71.163.47.64/27 include:aspmx.googlemail.com
-all

moongate1.com txt v=spf2.0/mfrom ip4:71.163.47.64/27
include:aspmx.googlemail.com -all

I also have deny all spf records on all specific subdomains and the catch
all *.moongate1.com

*.moongate1.com txt v=spf1 -all

*.moongate1.com txt v=spf2.0/mfrom -all

I would like to hear expert opinions on the multiple records question as
(Continue reading)

Permalink | Reply | 3 comments |
headers
jerry | 16 Jun 02:36

Digest 1.440 for spf-help

I am on holiday until Monday 29th June 2009. If your enquiry is high priority you can call me on 07973 767053 or
contact my colleague Chris Maines (chris <at> softfusion.co.uk)

For support issues contact support <at> softfusion.co.uk

Thanks, Jerry
Permalink | Reply | 0 comments |
headers
Ben Geerdes | 13 Jun 00:26

getting my spf record correctly

My spf record was working fine. However some time ago my ISP changed names and with it the names of their smtp servers.

My mailserver is at home, my ISP is online.nl, My mailserver relays via smtp.online.nl.
My domain is geerdes.nl, my nameservers are hosted by zoneedit.com
When I sent a mail, I can see that they are sent by smtp01.online.nl or smtp02.online.nl etc  (don't know how
many they have but at least 10).
my spf record is currently set up like this:

geerdes.nl. IN TXT "v=spf1 a:smtp01.online.nl a:smtp02.online.nl a:smtp03.online.nl
a:smtp04.online.nl a:smtp05.online.nl a:smtp06.online.nl a:smtp07.online.nl
a:smtp08.online.nl a:smtp09.online.nl a:smtp10.online.nl

When I sent a mail to auth-results <at> verifier.port25.com it returns a mail with 'pass'

If I send it to spf-test <at> openspf.org it returns:

Mail Delivery System [MAILER-DAEMON <at> smtp02.online.nl]

Your message did not reach some or all of the intended recipients.

      Subject:

The following recipient(s) cannot be reached:

      spf-test <at> openspf.org on 13-6-2009 0:11
            mailout02.controlledmail.com: Failed (550 5.7.1 <spf-test <at> openspf.org>: Recipient address   
rejected: SPF Tests: Mail-From Result)

So what could be still wrong?
(Continue reading)

Permalink | Reply | 5 comments |

Gmane