Mailing List Archive: SPF: Help

spf configuration

Index | Next | Previous | View Threaded

john.lodge at myvoip20

May 29, 2007, 8:55 AM

Post #1 of 7 (2347 views)
Permalink

spf configuration

Hello

I am trying to set up spf records to allow mail to be delivered to the likes
of hotmail and yahoo.

I am testing with the help of the analysis site senderid.espcoalition.org
and canot get the desired results.

I have been tying this for about 2 weeks now, and cannot get my spf records
accepted and hope for some help

The domain I am sending from is navigo-group.com on 87.106.128.175

Hopefully
John Lodge

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&user_secret=e94af07d
Powered by Listbox: http://www.listbox.com

michael at breton

May 29, 2007, 9:25 AM

Post #2 of 7 (2290 views)
Permalink

Re: spf configuration [In reply to]

>I am trying to set up spf records to allow mail to be delivered to the
>likes
>of hotmail and yahoo.
>
>I am testing with the help of the analysis site senderid.espcoalition.org
>and canot get the desired results.
>
>I have been tying this for about 2 weeks now, and cannot get my spf records
>accepted and hope for some help
>
>The domain I am sending from is navigo-group.com on 87.106.128.175

Hello John,

I see your current SPF record looks like this:

"v=spf1 mx -all"

and the only MX for your domain does indeed point to that 87.106.128.175
address you mentioned.

You should understand, that SPF is for helping to validate the email source
as valid or not. When SPF passes, it is not intended to indicate any
particular email is less or more likely to be Spam.

Other people report having problems sending to hotmail and yahoo, even with
SPF setup correctly. The archives of this mailing list might contain some
helpful information. These problems really have nothing to do with SPF.

So, assuming your SPF record is really setup correctly, then there must be
some other thing causing emails from your domain to not be delivered
successfully.

Hope this helps...

Michael Breton

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&user_secret=e94af07d
Powered by Listbox: http://www.listbox.com

steve at teamITS

May 29, 2007, 10:25 AM

Post #3 of 7 (2277 views)
Permalink

RE: spf configuration [In reply to]

John Lodge wrote on 5/29/2007 10:55:20 AM:

> I am trying to set up spf records to allow mail to be delivered to the
likes
> of hotmail and yahoo.
>
> I am testing with the help of the analysis site
senderid.espcoalition.org

It looks like this site is for Sender ID not SPF. For SPF
testers see:

http://www.openspf.org/Tools

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- I wouldn't touch that subject with a 3.048m pole!

~ Taglines by Taglinator - www.srtware.com ~

-------------------------------------------
-----------------------------------------------------------------------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&user_secret=e94af07d
Powered by Listbox: http://www.listbox.com

michael at breton

Mar 19, 2008, 7:27 AM

Post #4 of 7 (1885 views)
Permalink

Re: SPF configuration [In reply to]

> We have a domain called af2a.com who is victim from spam sent from whatever [at] af2a
>
>
>
>
>
> My DNS is on my French Registrar Amen
>
> We have an exchange server that send the mails through our ISP smtp : static.magiconline.fr
>
>
>
> On my DNS admin control panel : have generated this string :
>
> af2a.com. IN TXT "v=spf1 ~all"
>
>
>
> Do you think it's ok ?
>
> Do I have to had the ISP smtp that sends mails for us in a A: or MX: field ?
>
> Is it dangerous ?
>
>
>

That SPF record you show "v=spf1 ~all" says all email from the af2a.com
domain should be suspected of being spam. This record will not help you
at all.

First thing you should do, is make sure your server itself isn't being
used by the spammers. If it is, then there is nothing that SPF can do
to prevent that. Same thing with your ISPs SMTP server. If their
server were being utilized to send the spam, then your SPF record would
not help prevent this abuse.

If you have a copy of the full headers from some of the spam in
question, that would help determine if it is going through your server
or your ISP's server.

Now to SPF:

If your Exchange server is using your ISPs SMTP server for all outgoing
email, then you should speak with your ISP about what your SPF record
should look like.

It looks like the email you sent to the list came from 195.154.193.36,
and if all your email always originates from just that single IP address
(Ask them), then the best SPF record for your domain, would be this
one: (Assuming your Exchange server sends all outgoing mail to your ISP.

af2a.com. IN TXT "v=spf1 ip4:195.154.193.36 ~all"

And once you know it is working well, you would change the "~all" to
"-all". You probably will not notice any reduction in spammers using
your domain to send their junk until it is changed to "-all". And you
won't notice any reduction at all if they are using either your server
or your ISPs server to send their stuff.

Hope this helps...

Michael Breton

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

steve at teamITS

Mar 19, 2008, 7:33 AM

Post #5 of 7 (1891 views)
Permalink

RE: SPF configuration [In reply to]

Alexandre (AF2A) wrote on 3/19/2008 9:01:38 AM:

> We have an exchange server that send the mails through our ISP smtp :
> static.magiconline.fr

Then your ISP's SMTP server should be listed in your SPF record.

> On my DNS admin control panel : have generated this string :
> af2a.com. IN TXT "v=spf1 ~all"
>
> Do you think it's ok ?

Well, that SPF record says that no server is allowed to send
mail from your domain so that's not what you want. From what you said,
I think you want:

v=spf1 a:static.magiconline.fr ~all

That says that only your ISP's server is allowed to send mail from your
domain. You should change "~all" to "-all" when you are done testing
your SPF record.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Excuse me if I sound bitter....I taste that way too.

~ Taglines by Taglinator - www.srtware.com ~

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

ateboul at af2a

Mar 19, 2008, 7:50 AM

Post #6 of 7 (1888 views)
Permalink

RE: SPF configuration [In reply to]

Thank you very much Steve and Michael.

The first string I gave you had been given as an advice by my Registrar (Amen.fr) !!!

Actually I called my ISP and ask them to call me back with a qualified person that could give me the smtp IP addresses my mails go through :

And yes, my Exchange server is configured to use my ISPs SMTP server for all outgoing email. That is already one good thing!
I hope that the spammers don't use the Exchange or ISP's smtp server....

Here is an example of the headers for one of them :

Microsoft Mail Internet Headers Version 2.0
Received: from fx7.security-mail.net ([85.31.212.20]) by mail.af2a.com with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 17 Mar 2008 15:18:40 +0100
Received: from fx72.security-mail.net (unknown [192.168.70.72])
by fx7.security-mail.net (MTA) with ESMTP id 19133B2BBD
for <dernieresminutes [at] af2a>; Mon, 17 Mar 2008 15:20:10 +0100 (CET)
Received: from fx72 (localhost [127.0.0.1])
by fx72.security-mail.net (MTA) with ESMTP id 8AFDD545934
for <dernieresminutes [at] af2a>; Mon, 17 Mar 2008 15:20:06 +0100 (CET)
X-Spam-Score: -
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-1000 required=5 WHITELISTED tests=[]
Received: from unknown (unknown [82.84.33.121])
by fx72.security-mail.net (MTA) with SMTP id 9A6E55420FE
for <dernieresminutes [at] af2a>; Mon, 17 Mar 2008 15:20:04 +0100 (CET)
Received: from [82.84.33.121] (port=4528 helo=ppp-82-84-33-121.dialup.tiscali.it)
by europe.security-mail.net with esmtp
id 236c8c-a4709-f9
for dernieresminutes [at] af2a; Mon, 17 Mar 2008 15:19:51 +0100
XX-Message-Id: <47DE7E07.8060601 [at] af2a>
Date: Mon, 17 Mar 2008 15:19:51 +0100
From: "Elbert" <xto [at] af2a>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: "Jacklyn" <dernieresminutes [at] af2a>
Subject: reater stamina in bed,
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Message-Id: <20080317142005.9A6E55420FE [at] fx72>
X-Virus-Scanned: by Security-Mail
Message-Id: <20080317142010.19133B2BBD [at] fx7>
Return-Path: xto [at] af2a
X-OriginalArrivalTime: 17 Mar 2008 14:18:40.0469 (UTC) FILETIME=[CC737050:01C88839]

Thanks again for your time.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Alexandre Teboul

Responsable Syst�mes d'Information

Tel: 01 56 88 56 17

Fax: 01 56 88 56 10

http://www.af2a.com

P Pensez � l'environnement avant d'imprimer ce message

-----Message d'origine-----
De�: Michael Breton [mailto:michael [at] breton]
Envoy�: mercredi 19 mars 2008 15:28
��: spf-help [at] v2
Objet�: Re: [spf-help] SPF configuration

> We have a domain called af2a.com who is victim from spam sent from whatever [at] af2a
>
>
>
>
>
> My DNS is on my French Registrar Amen
>
> We have an exchange server that send the mails through our ISP smtp : static.magiconline.fr
>
>
>
> On my DNS admin control panel : have generated this string :
>
> af2a.com. IN TXT "v=spf1 ~all"
>
>
>
> Do you think it's ok ?
>
> Do I have to had the ISP smtp that sends mails for us in a A: or MX: field ?
>
> Is it dangerous ?
>
>
>

That SPF record you show "v=spf1 ~all" says all email from the af2a.com
domain should be suspected of being spam. This record will not help you
at all.

First thing you should do, is make sure your server itself isn't being
used by the spammers. If it is, then there is nothing that SPF can do
to prevent that. Same thing with your ISPs SMTP server. If their
server were being utilized to send the spam, then your SPF record would
not help prevent this abuse.

If you have a copy of the full headers from some of the spam in
question, that would help determine if it is going through your server
or your ISP's server.

Now to SPF:

If your Exchange server is using your ISPs SMTP server for all outgoing
email, then you should speak with your ISP about what your SPF record
should look like.

It looks like the email you sent to the list came from 195.154.193.36,
and if all your email always originates from just that single IP address
(Ask them), then the best SPF record for your domain, would be this
one: (Assuming your Exchange server sends all outgoing mail to your ISP.

af2a.com. IN TXT "v=spf1 ip4:195.154.193.36 ~all"

And once you know it is working well, you would change the "~all" to
"-all". You probably will not notice any reduction in spammers using
your domain to send their junk until it is changed to "-all". And you
won't notice any reduction at all if they are using either your server
or your ISPs server to send their stuff.

Hope this helps...

Michael Breton

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

michael at breton

Mar 19, 2008, 8:27 AM

Post #7 of 7 (1886 views)
Permalink

Re: SPF configuration [In reply to]

Alexandre (AF2A) wrote:
> Thank you very much Steve and Michael.
>
> The first string I gave you had been given as an advice by my Registrar (Amen.fr) !!!
>
>
Your registrar probably cannot help you create your SPF record. If they
are also your DNS hosting company, they could help you publish the SPF
record you come up with.

> Actually I called my ISP and ask them to call me back with a qualified person that could give me the smtp IP addresses my mails go through :
>
> And yes, my Exchange server is configured to use my ISPs SMTP server for all outgoing email. That is already one good thing!
> I hope that the spammers don't use the Exchange or ISP's smtp server....
>
>
Ok then, so the addresses your ISP uses to send email is what needs to
be listed in your SPF record. Ideally, your ISP should publish their
own SPF record for their domains, and only after they have done so, you
could use the "include:" directive to place it in your record, like so:
"v=spf1 include:example.com -all". This type of construct is only valid
if example.com published an SPF record.

>
> Here is an example of the headers for one of them :
>
>
--snip--
> Received: from unknown (unknown [82.84.33.121])
> by fx72.security-mail.net (MTA) with SMTP id 9A6E55420FE
> for <dernieresminutes [at] af2a>; Mon, 17 Mar 2008 15:20:04 +0100 (CET)
>
Based on these headers, it doesn't look like the spammer is using your
server to send the junk (Just receive it)

I see that your original email to this list was from the IP address
195.154.193.36, and this last email was sent from 62.210.190.9, so it
appears that your ISP has at least two sending servers your email might
go through. They may have many more. Your best course of action is to
talk with your ISP about them providing an SPF record that you that you
can "include:" in your record.

The other part of SPF, is that the receiving servers need to check the
SPF record for email they receive before the spam that fails SPF is
stopped. Since your server was the one receiving these spam emails, you
will have to turn on SPF checking in the Exchange server to prevent
these message from being received once you have correctly published an
SPF record for your domain that ends with "-all".

Hope this helps...

Michael

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads