Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: Help

spf question & wizard

  

 
SPF help RSS feed   Index | Next | Previous | View Threaded


JamesM at AMPAWN

Mar 25, 2008, 2:09 PM

Post #1 of 5 (972 views)
Permalink
spf question & wizard
Hi,

I used the wizard and it generated the following SPF record:



v=spf1 ip4:192.168.1.0/24 a mx a:no mx:ampawn.com include:no ~all



but I read in one of your earlier posts that the tilde that is in front
of the all at the end is supposed to be a dash.

Do I need to change it to a dash and re-submit to my ISP?



Thanks



James

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


steve at teamITS

Mar 25, 2008, 3:49 PM

Post #2 of 5 (912 views)
Permalink
RE: spf question & wizard [In reply to]
James Martinez wrote on 3/25/2008 4:09:15 PM:

> I used the wizard and it generated the following SPF record:

The wizard is an OK starting point but not perfect.

> v=spf1 ip4:192.168.1.0/24 a mx a:no mx:ampawn.com include:no ~all

Breaking down (I assume this is for the domain ampawn.com):

ip4:192.168.1.0/24
- this is a private IP range so basically can't be used to send
mail on the public Internet. Remove it.

a
mx
- this says the host "ampawn.com" and the MX for ampawn.com can
send mail.

a:no
- uh, there is no host called "no" so remove it.

mx:ampawn.com
- this says the MX for ampawn.com can send mail. Repeat of
above, so remove it.

include:no
- uh, there is no host called "no" so remove it. This probably
makes your record invalid since you cannot include something that does
not exist.

~all
- this says you are testing your SPF record so others should not
actually reject mail that comes from a server that is not included in
your SPF record. When you have it perfected, change this to "-all".

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Any sufficiently advanced magic looks like technology.

~ Taglines by Taglinator - www.srtware.com ~

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


JamesM at AMPAWN

Mar 25, 2008, 5:09 PM

Post #3 of 5 (911 views)
Permalink
RE: spf question & wizard [In reply to]
So what should the correct spf look like if the public address for the mail server is 65.198.165.27?
Also, if I have already sent the other spf record to my ISP is it going to stop messages from being able to come in?
Thanks
James

________________________________

From: Steve Yates [mailto:steve [at] teamITS]
Sent: Tue 3/25/2008 5:49 PM
To: spf-help [at] v2
Subject: RE: [spf-help] spf question & wizard



James Martinez wrote on 3/25/2008 4:09:15 PM:

> I used the wizard and it generated the following SPF record:

The wizard is an OK starting point but not perfect.

> v=spf1 ip4:192.168.1.0/24 a mx a:no mx:ampawn.com include:no ~all

Breaking down (I assume this is for the domain ampawn.com):

ip4:192.168.1.0/24
- this is a private IP range so basically can't be used to send
mail on the public Internet. Remove it.

a
mx
- this says the host "ampawn.com" and the MX for ampawn.com can
send mail.

a:no
- uh, there is no host called "no" so remove it.

mx:ampawn.com
- this says the MX for ampawn.com can send mail. Repeat of
above, so remove it.

include:no
- uh, there is no host called "no" so remove it. This probably
makes your record invalid since you cannot include something that does
not exist.

~all
- this says you are testing your SPF record so others should not
actually reject mail that comes from a server that is not included in
your SPF record. When you have it perfected, change this to "-all".

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Any sufficiently advanced magic looks like technology.

~ Taglines by Taglinator - www.srtware.com ~

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


steve at teamITS

Mar 25, 2008, 8:29 PM

Post #4 of 5 (914 views)
Permalink
RE: spf question & wizard [In reply to]
James Martinez wrote on 3/25/2008 7:09:33 PM:

> So what should the correct spf look like if the public address for the
> mail server is 65.198.165.27?

If that is the only source for mail from your domain, you can
use:

v=spf1 ip4:65.198.165.27 -all

> Also, if I have already sent the other spf
> record to my ISP is it going to stop messages from being able to come
> in?

An SPF record will not affect your incoming mail unless your
mail server checks for SPF and the mail is coming from another IP. Of
course, the mail would have to come from your domain for your SPF record
to have any relevance.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Virgin wool comes from ugly and lonely sheep...

~ Taglines by Taglinator - www.srtware.com ~

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


alex at ergens

Mar 26, 2008, 12:52 AM

Post #5 of 5 (911 views)
Permalink
Re: spf question & wizard [In reply to]
On Tue, Mar 25, 2008 at 05:49:36PM -0500, Steve Yates wrote:

A good answer, which could use some expansion:

> > I used the wizard and it generated the following SPF record:
>
> The wizard is an OK starting point but not perfect.
>
> > v=spf1 ip4:192.168.1.0/24 a mx a:no mx:ampawn.com include:no ~all
>
> Breaking down (I assume this is for the domain ampawn.com):
[...]
>
> a
> mx
> - this says the host "ampawn.com" and the MX for ampawn.com can
> send mail.

Looking at A and MX for ampawn, I see:

;; QUESTION SECTION:
;ampawn.com. IN A

;; ANSWER SECTION:
ampawn.com. 21600 IN A 65.198.165.27


;; QUESTION SECTION:
;ampawn.com. IN MX

;; ANSWER SECTION:
ampawn.com. 21600 IN MX 10 mail.ampawn.com.
ampawn.com. 21600 IN MX 100 mail.uu.net.
;; ADDITIONAL SECTION:
mail.ampawn.com. 21600 IN A 65.198.165.27


mail.uu.net will not be sending mail in your name. You don't need
to list it, and perhaps you don't even want to list it. This means
you should change "mx" into "a:mail.ampawn.com".

And then you notice "mail.ampawn.com" has the same address as
"ampawn.com", you can read in the FAQ that each host needs to
be listed only once, so either remove "a:mail.ampawn.com" or
remove "a". We like short, so we choose "a" to stay.

And then there's always the question: "is this a static address?"
to which the answer is often "yes". In such a case, why should a
gazillion receivers lookup the address a gazillion times, if the
publisher of the SPF record only needs to do this once?
Meaning: don't use "a", use "ip4:65.198.165.27".

What remains is: "v=spf1 ip4:65.198.165.27 ~all"

(I know, this was already posted, I just wanted to elaborate on "why")

Make sure to change "~all" into "-all" when you're done testing.

Alex

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

SPF help RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.