Was wondering if any of you guys have ever setup an SPF record for your server for sending out mailing lists and whatnot? I'm trying to do everything I can to ensure my new mailing lists don't get dumped to the spam filters, but after some reading about SPF records, I am very confused and my lack of knowledge about servers is upsetting me.
Anyone ever set one up? If so, how difficult was it?
SPF Record
Moderator: General Moderators
- seodevhead
- Forum Regular
- Posts: 705
- Joined: Sat Oct 08, 2005 8:18 pm
- Location: Windermere, FL
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
I have 
First you need to know why it's beneficial to have one (apart from the wishes of certain spam checkers). All it is, is a DNS record which doesn't just map a IP to a name. Your email address carries with a MX record --- otherwise it wouldn't be an email address! That MX record tells SMTP server where any email sent to that address is headed. Technically, anybody could send an email from your address because SMTP is a stupidly dumb protocol and cannot really verify who's sending the email. Wait... it can -- that's what SPF is for.
SPF essentially is nothing more than a "list" of locations you can send email from using that domain name in your address. So if you are joe@bloggs.com you might decided the only place you can send email from that address is 1.2.3.4. However, you may decide that you can send it from any other A record at bloggs.com, or maybe that you can use gmail's smtp servers to send email from that address.
SPF provides this list, but it's not concrete. Some servers will check the SPF record, others will not. Even ones that check the SPF record and realise someone's sending email from the wrong location may ignore the fact and process the mail anyway. You can set the severity of failures in the record itself.
If you don't have direct access to your zone files you're going to struggle to set a SPF record up since most web-page DNS setting forms only allow MX, A and CNAME records but you need a TXT record.
When you understand that SPF is nothing more than a valid list of locations it becomes extremely simple. You create the record as TXT, specify v=spf1, list all the locations then set the severity.
The specific syntax is explained in the documentation but here's mine for example:
That says:
* This is a SPF record
* I can send from my ISP
* I can send from My workplace
* I can send from the MX server of the domain
* I can send from the A record of the domain
* Anything else should fail, harshly.
How strict do you want to be? I can help you create the record if you only want it to comply with hotmail's spam filters.
First you need to know why it's beneficial to have one (apart from the wishes of certain spam checkers). All it is, is a DNS record which doesn't just map a IP to a name. Your email address carries with a MX record --- otherwise it wouldn't be an email address! That MX record tells SMTP server where any email sent to that address is headed. Technically, anybody could send an email from your address because SMTP is a stupidly dumb protocol and cannot really verify who's sending the email. Wait... it can -- that's what SPF is for.
SPF essentially is nothing more than a "list" of locations you can send email from using that domain name in your address. So if you are joe@bloggs.com you might decided the only place you can send email from that address is 1.2.3.4. However, you may decide that you can send it from any other A record at bloggs.com, or maybe that you can use gmail's smtp servers to send email from that address.
SPF provides this list, but it's not concrete. Some servers will check the SPF record, others will not. Even ones that check the SPF record and realise someone's sending email from the wrong location may ignore the fact and process the mail anyway. You can set the severity of failures in the record itself.
If you don't have direct access to your zone files you're going to struggle to set a SPF record up since most web-page DNS setting forms only allow MX, A and CNAME records but you need a TXT record.
When you understand that SPF is nothing more than a valid list of locations it becomes extremely simple. You create the record as TXT, specify v=spf1, list all the locations then set the severity.
The specific syntax is explained in the documentation but here's mine for example:
Code: Select all
@ IN TXT "v=spf1 ip4:82.7.254.40/24 ip4:213.205.138.154 mx a -all"* This is a SPF record
* I can send from my ISP
* I can send from My workplace
* I can send from the MX server of the domain
* I can send from the A record of the domain
* Anything else should fail, harshly.
How strict do you want to be? I can help you create the record if you only want it to comply with hotmail's spam filters.
- seodevhead
- Forum Regular
- Posts: 705
- Joined: Sat Oct 08, 2005 8:18 pm
- Location: Windermere, FL
Boy, what a great post d11wtq. I often wonder why I can never find quality explanations on how some things work except for when I ask on a forum...lol. This is definitely something I am seeking for my server, as it would be nice to have the added layer of authentication behind our emails, and block forgeries as well.
I had sent off a note to my dedicated management and they were actually kind enough to set one up for me. Better they do it than me since I generally don't like tinkering with the server. But now I'll be able to at least look up the file and see how the rules are compared to your SPF to see what kind of 'strictness' they applied.
Thanks so much for your informative post. I always like having a good understanding of what it is my server guys are installing.
I had sent off a note to my dedicated management and they were actually kind enough to set one up for me. Better they do it than me since I generally don't like tinkering with the server. But now I'll be able to at least look up the file and see how the rules are compared to your SPF to see what kind of 'strictness' they applied.
Thanks so much for your informative post. I always like having a good understanding of what it is my server guys are installing.