LinkBack URL
About LinkBacksIf my domain does not have SPF record then where and how could I set it up?
I belive I should go to address http://www.openspf.org/
However I have no clue how to get started over there.
Could someone guide me through?
SPF record
If my domain does not have SPF record then where and how could I set it up?
I belive I should go to address http://www.openspf.org/
However I have no clue how to get started over there.
Could someone guide me through?
Whm Admin Panel
-DNS Functions
+ Edit DNS Zone
Select your domain and click Edit
scroll page Below
Add New Entries Below this Line
yourdomain.com. 14400 IN TXT "v=spf1 a mx ptr ip4:xxx.xxx.xxx.xxx ip4:xxx.xxx.xxx.xxx ~all"
and Click Save
Note :xxx.xxx.xxx.xxx is your server Ip's
Regards,
Tymsah
Ok, I did that and it gave me following results:
Modifying Zone mydomain.com
zone mydomain.com/IN: loaded serial xxxxxxxxxx
OK
Bind reloading on myhost using rndc zone: [mydomain.com]
Reconfiguring Local Mail: This server will serve as the primary mail exchanger for mydomain.com's mail.
Zone Modified!
But dnsstuff.com gives me still warning message:
I should have SPF working or do I have to do anything else?Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004).
Also was that text ment to be typed with or without quotation marks?
Not sure this applies here, but the tools to do this are trickling down the pipe right now (in CURRENT and EDGE ATM.) http://changelog.cpanel.net/index.cgi
Enhancements:
Added interface for installing Domain Keys and SPF via cPanel
I just updated a test server to the latest Current, thought I would take a look at this new feature and see what all it offers. Granted, I've only looked at for about 5 or 10 minutes right now, so I haven't put a lot of investigation into this.Originally Posted by Infopro
I do wonder whether or not if this feature was tested or not.
It doesn't seem to work for me when I test it out.
When I Enable SPF, the DNS zone for the account just gets the following added to it:
IN TXT "v=spf1 a mx ?all"
and the serial number for the DNS zone isn't updated.
Further, when I revisit the Email Authentication section in the control panel, it still says that SPF is disabled.
This was suppose to fix the enhancement request as detailed at:
http://bugzilla.cpanel.net/show_bug.cgi?id=5224
But it doesn't provide any level of customization. SPF is either enabled or not. The bug report that I originall filed requested for some level of customization of the SPF record. I'm not a big fan of having a blanket SPF record, because a webhost can't know what mail servers (and what IPs those mail servers are using to send out mail) each of their accounts are using.
From this quick glance I have had of this new Email Authentication system, I don't recommend it.
It has literally only been released to the "EDGE" and "CURRENT" versions in the last couple of days, so the testing is taking place right now with users such as yourself trying it out. To some extent, that is the point of an EDGE release...
You would be better served adding your thoughts about enhancements to Bugzilla than complaining about it in the forum, as it is literally a brand new and undeveloped addition to cPanel at this stage
I have been trying to add an SPF TXT record manually today. For some reason, adding a TXT record to the zone seems to result in something like:
"v=spf1" "a" "mx" "?all"
...note the extra quotes.
This results in a broken SPF record. It looks like a bug in the Edit DNS Zone function that adds in extra quotes where they are not wanted. I'm running Release WHM 11.11.0 cPanel 11.16.0-R18450
Further to this, manually editing /var/named/mydomain.com.db to correctly enter "v=spf1 a mx ?all" and restarting named gets the SPF record working fine - so it looks like a bug.
Last edited by AlanH; 12-21-2007 at 11:44 AM.
We fixed the problems with the serial number(s) not updating when adding the SPF/DomainKeys records.
I just tested adding "v=spf1 a mx ?all" to a zone on 11.16.0-C18546, it added the record just fine:
Code:morespf.test. 14400 IN TXT "v=spf1 a mx ?all"
AlanH, does the above still malfunction on the latest Release build (18546) for you?
sparek-3, if you notice, I didn't close that Bugzilla request. My comment was purely for informational purposes only.
Yep, still malfunctions on R18546 adding extra quotes - updated cPanel to test earlier this afternoon.
cPanel tool also doesn't seem to function correctly when there is a parked domain.
Edit: Correction - quotes issue is fixed in R18546
Last edited by AlanH; 12-24-2007 at 02:16 AM.
I'm detecting some "fruitiness" with this tool
I don't think I'll be letting clients loose with it just yet.
I just tried this tool, and while the SPF/DomainKeys entries were added, from cPanel it reports both as:
Enabled & Inactive (Dns Check Failed)
So not entirely sure what to do there, no real documentation or diagnostic route was given, but if I don't disable it, both entries stay live in the zone still.
Does the same for me where there is a parked domain. It seems to try updating the zone file for the parked domain, creates a working file in /var/named but then gives up...
Yeah - this account I am testing has a few other domains on it, so that may be the case, I just started going thru the files and noticed that the TXT record doesn't reflect the primary domain in the primary dns zone - if I manually edit it, and move SPF above the DomainKey I get the status changed to:
Enabled & Active (DNS Check Passed)
So maybe a "Per-Domain" option should be added that way cPanel only attempts to add the records to the domain requested, would remove some complexity from the code in my mind, then if folks use parked/add-on domains for active email, they can enable each accordingly.
A good start for sure.
In my case it didn't automatically add the dot after domain name so I had to do it manually and I've got it working too now.
Reply With Quote