Announcement

Collapse
No announcement yet.

SPF Records...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SPF Records...

    Morning all,

    I just wanted to double check a few things with regards to SPF records. All the information I've read on them seams to be a little ambiguous and doesn't make for easy reading...

    1. Am I correct in thinking that "-all" means only the mail server listed in the SPF record is allowed to send email for the domain?

    2. Is it better to use MX or IP, all i'm thinking is using IP will save 2 lookups, one for the MX then 1 for the a record... eg.
    "v=spf1 mx:mydomain.co.uk -all"
    or
    "v=spf1 ip4:123.123.123.123 -all"

    3. If i use MX eg "v=spf1 mx:mydomain.co.uk -all" but have 2 mx records will it look up & pass both mail servers...?

    4. Can I list 2 ip addresses eg. "v=spf1 ip4:123.123.123.123 ip4:321.321.321.321 -all" ?

    Many thanks

    Dave
    Last edited by QuattroDave; 13th November 2012, 13:42. Reason: typo

  • #2
    Re: SPF Records...

    If you find a comprehensible and well laid out explanation I would like to see it too. I encountered the same issue with this but was lucky enough to get someone who worked for a mail-filtering company to write it for me.
    A recent poll suggests that 6 out of 7 dwarfs are not happy

    Comment


    • #3
      Re: SPF Records...

      if you are writing it by hand you are doing it wrong, there are many SPF generators.
      By far my favorite is below. or just search for "Microsoft SPF"

      The best part is after you edit your dns and come back it will grab that and make sure its correct and allow you to make edits.

      http://www.microsoft.com/mscorp/safe...nderid/wizard/
      "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

      Comment


      • #4
        Re: SPF Records...

        Thanks! That's a great resource (and is now bookmarked), but it is still like getting someone to sit the exam for you. I would like to see a clear document that explains how to manually construct the SPF record.

        Personally, I would like to be in a position to be able to see when an SPF record has been incorrectly created.
        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment


        • #5
          Re: SPF Records...

          Originally posted by Blood View Post
          Thanks! That's a great resource (and is now bookmarked), but it is still like getting someone to sit the exam for you. I would like to see a clear document that explains how to manually construct the SPF record.

          Personally, I would like to be in a position to be able to see when an SPF record has been incorrectly created.
          Yep, its totally cheating!

          Not sure you would know for certain if the SPF record is incorrect, since you would need intimate knowledge on the mail flow of that organization. But if you enter any domain in the original link I posted, it will give you a feedback based on whatever is listed in that domains live DNS right now.

          Also note, that if your inbound and outbound email servers are the same, you only need to include 'MX', no need to hardcode the full IPs. I seen many that add both mx and the IPs of the mail servers; no need for that.
          Similarly if your web server (A) sends email, you can just include 'A' that way even if you change webservers, mail sent from it will be still legit.


          Some useful links for learning the hard way

          http://www.openspf.org/SPF_Record_Syntax
          http://en.wikipedia.org/wiki/Sender_Policy_Framework
          "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

          Comment


          • #6
            Re: SPF Records...

            There is also a lot of SPF checkers that receive email from you and report about the problems back.

            Comment

            Working...
            X