The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SPF Record

Discussion in 'E-mail Discussions' started by GoWilkes, Aug 31, 2007.

  1. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I'm lost as can be when it comes to creating a SPF record. I understand that I need it, I just don't understand what it does, or how to implement it.

    In an attempt to make heads or tails out of it, I used the wizard to create a record:
    http://old.openspf.org/wizard.html

    It might just be because it's 5am, but I'm not 100% sure that I even understand the questions!

    The name of the server is server1.web-wilkes.com, and the domain that I'm creating this for is gowilkes.com. Most emails use the SMTP server mail.gowilkes.NET (not .com), although I also send emails through gowilkes.com and, occassionally, wildblue.net (if my server is running slow or giving me a problem). In all cases, the return address is through gowilkes.com.

    First question: do I need to include gowilkes.net and wildblue.net in this record? Neither account is on this server, so I don't get how this would have an impact, but the wizard sure made it sound like it does.


    Next question.

    Here is the record that I came up with:
    gowilkes.com. IN TXT "v=spf1 a mx include:gowilkes.net ~all"

    Now that I have it, what do I do with it??? The wizard just said "put this in your zone file." Eh? Where's the zone file?


    Next question.

    The wizard also gave me the following record:
    server1.web-wilkes.com. IN TXT "v=spf1 a -all"

    For an explanation, it said "if you know which hostname your mail server uses in its HELO command, you should pick out the appropriate entries and ignore the rest." This is the only entry it gave, but how would I know which hostname my mail server uses in its HELO command?

    Assuming that it is correct, the instructions said "this should also appear in DNS." Eh? Where's the file to edit for DNS?


    Please don't think that I'm being lazy and asking you guys to do the legwork for me on this one, because that's not true. I've read over the openspf.org info a dozen times over the last several months, and if I didn't know better then I would just swear that it's written in Russian! :) The more that I read it, the less sense it makes, so I'm having to turn to the pros to translate for me.

    TIA,

    Jason
     
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    Question 1: A-Record


    The wizard will attempt to resolve the domain to an IP, then do a rDNS on the IP for a hostname. Click YES


    Question 2: MX-Record


    In most cases, this will be true. Exceptions for this is if you have an irregular MX record modification, or are using another outgoing mail server or domain to send mail. (like your ISP)



    Question 3: PTR


    Typically, you do not want to enable this setting unless the you have mail accounts set up for subdomains or have domains that are similar in ending that need to relay through this domain.



    Question 4: A subs


    The answer is usually no. The only other server that would send on behalf of that domain would be the servername , but this was already allowed in question 1. The next two fields can be left blank, unless you specifically have the information to add to them.



    Question 5: Include



    Fill in this field mainly if you are planning on using another mail server or domain (such as your ISP, etc) to send mail. Otherwise say no.


    Question 6: ~all

    Check your answers and hit yes.


    The typical SPF looks like this:

    "v=spf1 a mx ~all"


    Adding the Zone Entry

    You can add the SPF record either WHM (easy) or manually in the zone file of that domain (Not as easy).

    The line will look something like this:

    domain.com. 14400 IN TXT "v=spf1 a mx ~all"
     
  3. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    Or you could refuse to support something that's non-standards compliance...

    Just sort of kidding, but I've not used SPFs yet and don't seem to be having any issues because of it. Vanessa, your answer is very clear and thoughtful and I have found it informative. Thank You. If I ever do go the SPF route, I will surely refer to it.

    There is some interesting reading on SPF in this thread too
    http://forums.cpanel.net/showthread.php?t=39349
     
  4. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    Anyone knows whats the difference between "~all" and "-all"?
     
  5. MichaelFindlay

    Joined:
    Sep 4, 2007
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    I believe one is used as for Server Hostnames, for stuff like formail etc.
     
  6. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    Nope wrong, apparently "~all" is a Soft Fail, which can be used by admins when they first install SPF records, thus failed emails will only be marked as failed, while "-all" is a Fail and the emails will be rejected.

    So use "~all" for testing and then move them to "-all" once you are done testing.
     
  7. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Use "~all" if you want an SPF record but don't want it to do anything (most people using SPF for anti-spam will not refuse a soft-fail). Use "-all" if you want your mail rejected because over time something changed. If you don't believe in the non-standards SPF system then "~all" is for you - it's the SPF system you have when you don't want SPF. :D
     
  8. pjman

    pjman Well-Known Member

    Joined:
    Mar 22, 2003
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New York
    SPF record crazy.

    I migrated servers and had a terrible change in email deliverability for large email lists to specifically to hotmail/msn. The culprit was "~all". This increases your spam score slightly when you have a newer server. Once I switched to "-all", a lot more messages got through.

    If you have a server that has been actively sending mail for more than 5 months, it really doesn't matter. But, it helps you when you first start.
     
  9. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    Part of the problem with -ALL is that you need to explicitly state where the emails can come from.

    For most who only use email from home or from the office, this is fine. But for anyone that is mobile, it can be a problem.

    On the road, they might be using a different outgoing mailserver, and using -ALL is telling any receiving server that this mail is not valid.
     
  10. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    Thats not entirely true.

    If you are mobile, you'll be using your own mail server (mail.yourserver.com, port 25) to send out emails, as if you are at home or at the office.

    The only way you'll have problems is if the ISP you are using while mobile is not allowing you to access port 25. Easily solved by letting Exim listen on an alternative port.

    So SPF with "-all" works fine and you shouldn't have a reason to use anyone else's email server to send out emails.
     
  11. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    in a perfect world, yes.
    But, AOL 'allows' you to connect on port 25 to your own server. Whoops... it appears that they do but it is actually using AOL's servers. So, you would think you are using your own mailserver, never knowing that you aren't.

    Also, what about Blackberry's, where people are sending mail out with their business return address, but sending from their Blackberry? There are so many variables for a mobile user.

    For stationary people, -all is good.

    On the receiving end, SPF should not be used as a block. Instead it should just be used as part of a scoring system.
     
  12. Marktek

    Marktek Member

    Joined:
    Jan 18, 2008
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Actually, you would want to have port 26 or 587 open if you use AOL, Comcast, Bellsouth and so on. They all do block port 25 so opening up port 26 or 587 resolves that.

    The SPF issue, using PDAs and Blackberries, cell phones and mobile devices. The SPF wouldn't affect that if you are using the email server specified in the SPF record.
     
Loading...

Share This Page