SPF Records…

Home Forums Other Misc SPF Records…

This topic contains 5 replies, has 4 voices, and was last updated by Avatar cult 7 years, 4 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • Avatar
    QuattroDave
    Member
    #160321

    Morning all,

    I just wanted to double check a few things with regards to SPF records. All the information I’ve read on them seams to be a little ambiguous and doesn’t make for easy reading…

    1. Am I correct in thinking that “-all” means only the mail server listed in the SPF record is allowed to send email for the domain?

    2. Is it better to use MX or IP, all i’m thinking is using IP will save 2 lookups, one for the MX then 1 for the a record… eg.
    “v=spf1 mx:mydomain.co.uk -all”
    or
    “v=spf1 ip4:123.123.123.123 -all”

    3. If i use MX eg “v=spf1 mx:mydomain.co.uk -all” but have 2 mx records will it look up & pass both mail servers…?

    4. Can I list 2 ip addresses eg. “v=spf1 ip4:123.123.123.123 ip4:321.321.321.321 -all” ?

    Many thanks

    Dave

    Blood
    Blood
    Moderator
    #336173

    Re: SPF Records…

    If you find a comprehensible and well laid out explanation I would like to see it too. I encountered the same issue with this but was lucky enough to get someone who worked for a mail-filtering company to write it for me.

    Avatar
    Lior_S
    Member
    #282976

    Re: SPF Records…

    if you are writing it by hand you are doing it wrong, there are many SPF generators.
    By far my favorite is below. or just search for “Microsoft SPF”

    The best part is after you edit your dns and come back it will grab that and make sure its correct and allow you to make edits.

    http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

    Blood
    Blood
    Moderator
    #336174

    Re: SPF Records…

    Thanks! That’s a great resource (and is now bookmarked), but it is still like getting someone to sit the exam for you. I would like to see a clear document that explains how to manually construct the SPF record.

    Personally, I would like to be in a position to be able to see when an SPF record has been incorrectly created.

    Avatar
    Lior_S
    Member
    #282977

    Re: SPF Records…

    Blood;266759 wrote:
    Thanks! That’s a great resource (and is now bookmarked), but it is still like getting someone to sit the exam for you. I would like to see a clear document that explains how to manually construct the SPF record.

    Personally, I would like to be in a position to be able to see when an SPF record has been incorrectly created.

    Yep, its totally cheating!

    Not sure you would know for certain if the SPF record is incorrect, since you would need intimate knowledge on the mail flow of that organization. But if you enter any domain in the original link I posted, it will give you a feedback based on whatever is listed in that domains live DNS right now.

    Also note, that if your inbound and outbound email servers are the same, you only need to include ‘MX’, no need to hardcode the full IPs. I seen many that add both mx and the IPs of the mail servers; no need for that.
    Similarly if your web server (A) sends email, you can just include ‘A’ that way even if you change webservers, mail sent from it will be still legit.

    Some useful links for learning the hard way :)

    http://www.openspf.org/SPF_Record_Syntax
    http://en.wikipedia.org/wiki/Sender_Policy_Framework

    Avatar
    cult
    Member
    #385901

    Re: SPF Records…

    There is also a lot of SPF checkers that receive email from you and report about the problems back.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.