spfdiscuss at alandoherty
Nov 5, 2010, 2:15 AM
Post #7 of 7
(2145 views)
Permalink
|
|
Re: SPF1 and 2 Help needed! Please Review
[In reply to]
|
|
At 00:14 05/11/2010 Friday, J.Nash | VerticalMail wrote:
>Alan,
>
>I got them to do a spf for gothamlistserver.com, but they are unsure of the sytax. damm it.
>
>can you help Please?
yes get them to send a list of all the ips that they send mail from with *@gothamlistserver.com in the envelope sender
and i'll give them the syntax
additionally both you and them (and anyone else using SPF) should also setup an SPF record for each servername that is used in an smtp HELO/EHLO
BTW this mail i am replying to came from
gateway01.websitewelcome.com (gateway01.websitewelcome.com [69.41.242.19]
before it got to listbox so i suspect you have not listed all your own sending ips in your own SPF record
you seem to send via a company called hostgator, so please ask them for a full list of what ip's you send from
or repeatedly mail yourself on a freemail like gmail till you are confident you have built your own list, as at the moment i suspect you don't actually have a working SPF as you don't actually have a complete list of the IP's you send from
send one test to myself directly and i'll have a clear look minus all the extra stuff the listserver adds
>Regards,
>
>John Nash/
>SVP /Business Development and
>Senior Interactive Strategist
>
>/*Midtown Consulting Group - B2B News Network - VerticalMail Inc.
>
>Toll Free Direct - 888.710.7915 ext. 105 l Fax -**561.948.8377 *
>
>*/Publishers of Leading B2B Electronic Newsletters Including:
>
>MortgageTrends - RealEstatePro News - BusinessPro News - LegalPro News - InsurancePro Times
>ConstructionPro News - AutoTrends - MedicalPro News - DentalPro News - ChiroPro News/*
>
>Offices In West Palm Beach, FL & New York, NY
>
>THE INFORMATION CONTAINED WITHIN THIS ELECTRONIC COMMUNICATION IS PROPRIETARY AND CONFIDENTIAL- IT IS INTENDED FOR THE USE OF THE DESIGNATED ADDRESSEE ONLY. UNAUTHORIZED USE, DISCLOSURE OR COPYING OF ANY MATERIAL CONTAINED HEREIN IS STRICTLY PROHIBITED AND MAY BE UNLAWFUL. IF YOU HAVE RECEIVED THIS COMMUNICATION IN ERROR, PLEASE NOTIFY US IMMEDIATELY BY CALLING 1.561.210.5066
>
>
>On 04/11/2010 20:05, alan wrote:
>>At 23:41 04/11/2010 Thursday, J.Nash | VerticalMail wrote:
>>>Alan,
>>>
>>>Awesome explanation and I totally follow you. I also agree with you on the PTR> please confirm in my case if you really think I need it.
>>i really doubt it but only you know what (if any) other machines are authorised to send email as you
>>
>>>Our ip's change almost never. Is it possible these extra lookups caused a significant the slowdown today?
>>not if the mail wasn't from your domain as said on the example sent the domain was gothamlistserver.com
>>so your SPF wouldn't effect anything
>>
>>their lack of SPF might have though
>>
>>>Just to confirm our best bet;
>>>
>>>v=spf1 ip4:4.71.172.57 ip4:69.67.53.38 ~all
>>>
>>>spf2.0/mfrom ip4:4.71.172.57 ip4:69.67.53.38 ~all
>>>
>>>spf2.0/pra ip4:4.71.172.57 ip4:69.67.53.38 ?all
>>yes (if resuming sending envelope-from your domain) if not get them to publish SPF would be worth it
>>
>>as for the senderID please do not refer to it as spf v2 as it IS NOT RELATED TO SPF
>>sender ID is entirely an attempt by Microsoft to confuse and mis-use/break SPF for purposes unintented
>>the only reason publishing a senderID is needed is because without one senderID using idiots will mis-use your spf record as a senderID record and block mail your policy did not intend to block
>>
>>why I always say end spf2.0/pra records ?all while v=spf1 ether -all or ~all depending on YOUR policy
>>
>>as far as forwarders, the receivers need to deal with enabling white listing of forwarders in the design of their MTA's I know I ensure all systems I setup do, and all users either whitelist their forwarders or loose mail
>>
>>Regards,
>>
>>>John Nash/
>>>SVP /Business Development and
>>>Senior Interactive Strategist
>>>
>>>/*Midtown Consulting Group - B2B News Network - VerticalMail Inc.
>>>
>>>Toll Free Direct - 888.710.7915 ext. 105 l Fax -**561.948.8377 *
>>>
>>>*/Publishers of Leading B2B Electronic Newsletters Including:
>>>
>>>MortgageTrends - RealEstatePro News - BusinessPro News - LegalPro News - InsurancePro Times
>>>ConstructionPro News - AutoTrends - MedicalPro News - DentalPro News - ChiroPro News/*
>>>
>>>Offices In West Palm Beach, FL& New York, NY
>>>
>>>THE INFORMATION CONTAINED WITHIN THIS ELECTRONIC COMMUNICATION IS PROPRIETARY AND CONFIDENTIAL- IT IS INTENDED FOR THE USE OF THE DESIGNATED ADDRESSEE ONLY. UNAUTHORIZED USE, DISCLOSURE OR COPYING OF ANY MATERIAL CONTAINED HEREIN IS STRICTLY PROHIBITED AND MAY BE UNLAWFUL. IF YOU HAVE RECEIVED THIS COMMUNICATION IN ERROR, PLEASE NOTIFY US IMMEDIATELY BY CALLING 1.561.210.5066
>>>
>>>
>>>On 04/11/2010 18:52, alan wrote:
>>>>At 21:37 04/11/2010 Thursday, J.Nash | VerticalMail wrote:
>>>>>We Need help Fast!
>>>>>
>>>>>We have recently changed domains and decided to update our SPF and Sender ID records.
>>>>>
>>>>>Our first question is our syntax which is shown below. Our SPF record passes perfectly at openspf.org although we would still like an expert to check it.
>>>>>
>>>>>Second question is could publishing the Sender ID or SPF2 record below be hurting us?
>>>>>
>>>>>Should me modify it or remove [the spf2] record all together? We have heard mixed opinions because we use a distributed list server environment and headers are below. One rumor we heard is that the PRA check in Sender ID could actually provide false positives and thus really hurt us as we publish several B2B electronic newsletters daily.
>>>>>
>>>>>domain: verticalmailcorp.com
>>>>>
>>>>>Published SPF record: v=spf1 ip4:4.71.172.57 a mx ptr a:gothamlistserver.com ~all
>>>>first question why make it so hard for the receivers to read your spf?
>>>>
>>>>ok so this equates to
>>>>v=spf1 ip4:4.71.172.57 (a = ip4:4.71.172.57 so same damn ip but you cost us one more dns lookup) (mx = ip4:4.71.172.57 but costs us 2 more dns lookups) (ptr = minimum 2 more dns lookups but only uou know how many ptr records point at *.verticalmailcorp.com either way just list the ips and save us the ambiguity and lookups) (a:gothamlistserver.com = ip4:69.67.53.38 and is fine unless the server belongs to you, in which case it isn't going to move ip without you knowing to update the spf first) -all
>>>>
>>>>so the above could be 3 dns lookups cheaper for receivers as (also the more expensive tests last ALWAYS)
>>>>v=spf1 ip4:4.71.172.57 a:gothamlistserver.com ptr ~all
>>>>or four cheaper if you control the domain gothamlistserver.com or know it will not move
>>>>v=spf1 ip4:4.71.172.57 ip4:69.67.53.38 ptr ~all
>>>>
>>>>and ptr is always expensive and silly when you know what ips have FQRDNS as *.verticalmailcorp.com just add the ip's of those that will send mail instead and save receivers looking up every spammer to check if they are *.verticalmailcorp.com
>>>>
>>>>>Published Sender ID Record: spf2.0/pra a mx IP4:4.71.172.57 -all
>>>>even though were not supposed to touch senderID as its dumb and bad and no receivers should use it, yes the above can hurt you in two ways
>>>>A it will break all forwarders even those doing SRS
>>>>B it will break all mail going trough mailinglists or other systems that change the envelope but don't mess with the from: address
>>>>C it effectively tells all idiots runing senderID to ignore your SPF record and accept forged envelopes from anywhere (just check the From: )
>>>>(obviously only the above for recievers stupid enough to use senderID)
>>>>
>>>>if you use senderID (and everyone should till no receivers are anymore, you should at a minimum equal your SPF policy
>>>>in your case
>>>>spf2.0/mfrom ip4:4.71.172.57 a:gothamlistserver.com ptr ~all
>>>>(ie an spf2.0/mfrom that exactly matches your SPF)
>>>>and additionally
>>>>spf2.0/pra ip4:4.71.172.57 a:gothamlistserver.com ptr ?all
>>>>(ie from: is positive legit if from YOU but also neutral if from forwarders and mailinglists)
>>>>
>>>>>We sent our regular list of about 300K today which we normally send daily and noticed lower opens and clicks than avaerage and hoping that an incorrectly spf2 record did not cause this!
>>>>it would if any of your receivers forward mail to say hotmail or other idiots checking senderID as they would be spambucketed at best
>>>>
>>>>>Also> our ESP recently changed our header configuration in that instead of the headers showing the Return-path of bounces [at] verticalmailcorp to mcgtitan [at] gothamlistserver same for the envelope-from
>>>>envelope from ONLY
>>>>(return path is only added by the last server when the mail arrives to show what the envelope from is)
>>>>IF above is true then its only the SPF record of gothamlistserver.com that matters not yours as yours isn't used in the one field that SPF checks.
>>>>and if so that will be an issue as they have no SPF
>>>>
>>>>>which is now showing as well.
>>>>>
>>>>>This has us majorly concerned for both deliverability and authentication purposes and was one of the main reasons we modded our SPF records. Clarification is needed asap on this issue
>>>>clarified you spf will never be checked if their domain is used in the envelope, their SPF (none) is all that will be seen
>>>>their spf2.0/mfrom (none) also will only be seen
>>>>your spf2.0/pra will however be checked (assuming your address in from: and no sender: header supercedes it
>>>>
>>>>the below is pretty much useless as it shows not all the received headers (like which ip hostgator used to send from etc)
>>>>but ity does show your SPF is irrelevant to the authenticity of this mail as it doesn't claim to be envelope-from you
>>>>
>>>>
>>>>>Recent Header:
>>>>>
>>>>>Return-path: *<mcgtitan [at] gothamlistserver>*
>>>>>Envelope-to: jcc [at] verticalmail
>>>>>Delivery-date: Thu, 04 Nov 2010 11:46:22 -0500
>>>>>
>>>>>Received: from verticalmailcorp.com ([4.71.172.57]:2419)
>>>>> by gator164.hostgator.com with smtp (Exim 4.69)
>>>>> (envelope-from<*mcgtitan [at] gothamlistserver*>)
>>>>> id 1PE2x8-0007vM-9G
>>>>> for info [at] verticalmail; Thu, 04 Nov 2010 11:46:18 -0500
>>>>>X-MailPersonHistoryID: 2751
>>>>>X-MailPersonSubscriberID: 5004698
>>>>>X-MailPersonEmail: info [at] verticalmail
>>>>>Reply-To: editor [at] verticalmailcorp
>>>>>From: "MortgageTrends"<editor [at] verticalmailcorp>
>>>>>To: "info [at] verticalmail"<info [at] verticalmail>
>>>>>Message-ID:<d11ce6fa2328442bbb74ebea1a62ba63 [at] verticalmailcorp>
>>>>>Date: Thu, 04 Nov 2010 12:46:16 -0400
>>>>>Subject: Work Virtually Now - Leads, CRM and Marketing Provided
>>>>>MIME-Version: 1.0
>>>>>Content-Type: multipart/related;
>>>>> boundary="----=_NextPart_8752583B_81F8_4A0D_9302_D5DAD2AA6AB9"
>>>>>X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
>>>>>X-AntiAbuse: Primary Hostname - gator164.hostgator.com
>>>>>X-AntiAbuse: Original Domain - verticalmail.net
>>>>>X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
>>>>>X-AntiAbuse: Sender Address Domain - gothamlistserver.com
>>>>>X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
>>>>>X-AntiAbuse: Primary Hostname - root.speedyserver.info
>>>>>X-AntiAbuse: Original Domain - mcgholdings.com
>>>>>X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
>>>>>X-AntiAbuse: Sender Address Domain - gothamlistserver.com
>>>>>X-Source:
>>>>>X-Source-Args:
>>>>>X-Source-Dir:
>>>>>
>>>>>--
>>>>>Regards,
>>>>>
>>>>>John Nash/
>>>>>SVP /Business Development and
>>>>>Senior Interactive Strategist
>>>>>
>>>>>/*Midtown Consulting Group - B2B News Network - VerticalMail Inc.
>>>>>
>>>>>Toll Free Direct - 888.710.7915 ext. 105 l Fax -**561.948.8377 *
>>>>>
>>>>>*/Publishers of Leading B2B Electronic Newsletters Including:
>>>>>
>>>>>MortgageTrends - RealEstatePro News - BusinessPro News - LegalPro News - InsurancePro Times
>>>>>ConstructionPro News - AutoTrends - MedicalPro News - DentalPro News - ChiroPro News/*
>>>>>
>>>>>Offices In West Palm Beach, FL& New York, NY
>>>>>
>>>>>THE INFORMATION CONTAINED WITHIN THIS ELECTRONIC COMMUNICATION IS PROPRIETARY AND CONFIDENTIAL- IT IS INTENDED FOR THE USE OF THE DESIGNATED ADDRESSEE ONLY. UNAUTHORIZED USE, DISCLOSURE OR COPYING OF ANY MATERIAL CONTAINED HEREIN IS STRICTLY PROHIBITED AND MAY BE UNLAWFUL. IF YOU HAVE RECEIVED THIS COMMUNICATION IN ERROR, PLEASE NOTIFY US IMMEDIATELY BY CALLING 1.561.210.5066
>>>>>
>>>>>
>>>>>
>>>>>-------------------------------------------
>>>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>>>
>>>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>>>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101104173753:C6BB739E-E85B-11DF-8E87-A09156916914
>>>>>Powered by Listbox: http://www.listbox.com
>>>>
>>>>-------------------------------------------
>>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>>
>>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/20041968-87a8609f
>>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101104185140:16960A96-E866-11DF-A4EB-BB6DA8689E9A
>>>>Powered by Listbox: http://www.listbox.com
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101104194146:16DC1750-E86D-11DF-A1BB-B3317B1818C4
>>>Powered by Listbox: http://www.listbox.com
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/20041968-87a8609f
>>Modify Your Subscription: https://www.listbox.com/member/?&
>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101104200453:50CBF96E-E870-11DF-86C0-F3210E8BF34A
>>Powered by Listbox: http://www.listbox.com
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>Modify Your Subscription: https://www.listbox.com/member/?&
>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101104201458:B7B285FC-E871-11DF-8363-A220C6F4DBAC
>Powered by Listbox: http://www.listbox.com
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101105051502:2A8C29DE-E8BD-11DF-915D-8CE7C5F4DBAC
Powered by Listbox: http://www.listbox.com
|
