Mailing List Archive: SPF: Help

Problem with setting up SPF record

Index | Next | Previous | View Threaded

thi at oceanpacificcapital

Jun 23, 2008, 11:28 AM

Post #1 of 5 (1290 views)
Permalink

Problem with setting up SPF record

I used an SPF creation wizard and this is what resulted from it:

v=spf1 a mx ip4:70.168.154.115 -all

My email server is with GoDaddy and the 70.168.154.115 is the IP address of
my office. I want to be able to send emails using GoDaddy's server, or if it
originates from this office. Is my SPF record correct?

At home, I'm sending email using my own local SMTP server but I'm using an
email address for the domain that the SPF record is for. However, the email
is still being sent to its recipients and it's not being rejected. What is
the problem?

Is there an email address I could spoof and should be rejected, so I could
test things out? I tried using email address for popular domains like
Microsoft, cnn, etc expecting them to have an SPF record but the emails
still get received by the recipients.

Thank you.

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

rob.macgregor at gmail

Jun 23, 2008, 12:00 PM

Post #2 of 5 (1215 views)
Permalink

Re: Problem with setting up SPF record [In reply to]

On Mon, Jun 23, 2008 at 19:28, Thi Them <thi [at] oceanpacificcapital> wrote:
> I used an SPF creation wizard and this is what resulted from it:
>
> v=spf1 a mx ip4:70.168.154.115 -all
>
> My email server is with GoDaddy and the 70.168.154.115 is the IP address of
> my office. I want to be able to send emails using GoDaddy's server, or if it
> originates from this office. Is my SPF record correct?

Nothing there shows anything obvious about GoDaddy, so I don't think
that'll work. GoDaddy do publish an SPF record, so the following
should work:

v=spf1 a mx ip4:70.168.154.115 include:spf.secureserver.net -all

> At home, I'm sending email using my own local SMTP server but I'm using an
> email address for the domain that the SPF record is for. However, the email
> is still being sent to its recipients and it's not being rejected. What is
> the problem?

Are the receiving mail servers checking SPF and rejecting upon
failure? Have you tried the email based testers listed on the Tools
page of the website?

> Is there an email address I could spoof and should be rejected, so I could
> test things out? I tried using email address for popular domains like
> Microsoft, cnn, etc expecting them to have an SPF record but the emails
> still get received by the recipients.

As mentioned above (and has been discussed before on the list), not
all servers reject based upon a failed SPF check.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

scott at kitterman

Jun 23, 2008, 12:02 PM

Post #3 of 5 (1222 views)
Permalink

Re: Problem with setting up SPF record [In reply to]

On Monday 23 June 2008 14:28, Thi Them wrote:
> I used an SPF creation wizard and this is what resulted from it:
>
> v=spf1 a mx ip4:70.168.154.115 -all
>
>
>
> My email server is with GoDaddy and the 70.168.154.115 is the IP address of
> my office. I want to be able to send emails using GoDaddy's server, or if
> it originates from this office. Is my SPF record correct?

I assume your server at GoDaddy is:

;; ANSWER SECTION:
oceanpacificcapital.com. 86400 IN MX 10
mail.oceanpacificcapital.com.

;; ADDITIONAL SECTION:
mail.oceanpacificcapital.com. 86400 IN A 216.69.163.27

If so, yes, but a and mx both point to the same IP address, so use:

v=spf1 a ip4:70.168.154.115 -all

The redundant mx mechanism just causes extra DNS lookups.

>
> At home, I'm sending email using my own local SMTP server but I'm using an
> email address for the domain that the SPF record is for. However, the email
> is still being sent to its recipients and it's not being rejected. What is
> the problem?

The receiver needs to check SPF and configure their mail server to reject mail
that fails SPF. Not everyone (or even most people) do this yet.
>
> Is there an email address I could spoof and should be rejected, so I could
> test things out? I tried using email address for popular domains like
> Microsoft, cnn, etc expecting them to have an SPF record but the emails
> still get received by the recipients.

See http://www.openspf.org/Tools for information on sending to
spf-test [at] openspf

Scott K

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

scott at kitterman

Jun 23, 2008, 12:09 PM

Post #4 of 5 (1216 views)
Permalink

Re: Problem with setting up SPF record [In reply to]

On Monday 23 June 2008 15:00, Rob MacGregor wrote:
> On Mon, Jun 23, 2008 at 19:28, Thi Them <thi [at] oceanpacificcapital> wrote:
> > I used an SPF creation wizard and this is what resulted from it:
> >
> > v=spf1 a mx ip4:70.168.154.115 -all
....
> Nothing there shows anything obvious about GoDaddy, so I don't think
> that'll work. GoDaddy do publish an SPF record, so the following
> should work:
>
> v=spf1 a mx ip4:70.168.154.115 include:spf.secureserver.net -all

The a and the mx point to his GoDaddy hosted server. He needs to check if the
mail really gets to the outside world from there (in which case the record I
suggested is correct) or if it goes through the GoDaddy relays, in which case
he'd want:

v=spf1 ip4:70.168.154.115 include:spf.secureserver.net -all

Scott K

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

thi at oceanpacificcapital

Jun 23, 2008, 12:30 PM

Post #5 of 5 (1207 views)
Permalink

RE: Problem with setting up SPF record [In reply to]

Thanks guys. I didn't know the recipient has to be setup to reject failed
emails according to SPF.

-----Original Message-----
From: Scott Kitterman [mailto:scott [at] kitterman]
Sent: Monday, June 23, 2008 12:03 PM
To: spf-help [at] v2
Subject: Re: [spf-help] Problem with setting up SPF record

On Monday 23 June 2008 14:28, Thi Them wrote:
> I used an SPF creation wizard and this is what resulted from it:
>
> v=spf1 a mx ip4:70.168.154.115 -all
>
>
>
> My email server is with GoDaddy and the 70.168.154.115 is the IP address
of
> my office. I want to be able to send emails using GoDaddy's server, or if
> it originates from this office. Is my SPF record correct?

I assume your server at GoDaddy is:

;; ANSWER SECTION:
oceanpacificcapital.com. 86400 IN MX 10
mail.oceanpacificcapital.com.

;; ADDITIONAL SECTION:
mail.oceanpacificcapital.com. 86400 IN A 216.69.163.27

If so, yes, but a and mx both point to the same IP address, so use:

v=spf1 a ip4:70.168.154.115 -all

The redundant mx mechanism just causes extra DNS lookups.

>
> At home, I'm sending email using my own local SMTP server but I'm using an
> email address for the domain that the SPF record is for. However, the
email
> is still being sent to its recipients and it's not being rejected. What is
> the problem?

The receiver needs to check SPF and configure their mail server to reject
mail
that fails SPF. Not everyone (or even most people) do this yet.
>
> Is there an email address I could spoof and should be rejected, so I could
> test things out? I tried using email address for popular domains like
> Microsoft, cnn, etc expecting them to have an SPF record but the emails
> still get received by the recipients.

See http://www.openspf.org/Tools for information on sending to
spf-test [at] openspf

Scott K

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
No virus found in this incoming message.
Checked by AVG.
Version: 8.0.100 / Virus Database: 270.4.1/1514 - Release Date: 6/23/2008
7:17 AM

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads