Sign in with
Sign up | Sign in
Your question

SPF dns TXT records for mail

Last response: in Windows 2000/NT
Share
May 3, 2005 5:03:29 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Well, I've decided that I would like to add an SPF record to validate my
mail server on the Internet.

Note: At present only a few mail servers support this, but HOTMAIL is one.
Without this SPF TXT record in DNS, HOTMAIL considers your incoming mail to
be junk and you find it in your junk folder.

Anyway,

I mange my own Internet DNS using a DNS service provider (via GUI).

This GUI does support SPF records and has a place to "Add an SPF record".

However, I am asked to provide a hostname and I am unsure what to use for a
hostname.

I tried using my previously defined hostname (with A record) and when I
added this SPF txt record it REPLACED my original A record. Apparently that
must mean I cannot have a TXT record and an A record with the same
hostname???

Anyway, for those that know what an SPF record is, can you help here? I
need advice on how to handle the hostname portion.

Note: My mail server does have a valid hostname (FQDN), with A record, and
presents that name during the mail negotiations. My hostname is present in
the mail headers it creates.

Thanks,

-Frank
Anonymous
May 3, 2005 6:50:57 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Frankster wrote:
> Well, I've decided that I would like to add an SPF record to validate
> my mail server on the Internet.
>
> Note: At present only a few mail servers support this, but HOTMAIL is
> one. Without this SPF TXT record in DNS, HOTMAIL considers your
> incoming mail to be junk and you find it in your junk folder.
>
> Anyway,
>
> I mange my own Internet DNS using a DNS service provider (via GUI).
>
> This GUI does support SPF records and has a place to "Add an SPF
> record".
>
> However, I am asked to provide a hostname and I am unsure what to use
> for a hostname.
>
> I tried using my previously defined hostname (with A record) and when
> I added this SPF txt record it REPLACED my original A record.
> Apparently that must mean I cannot have a TXT record and an A record
> with the same hostname???
>
> Anyway, for those that know what an SPF record is, can you help here?
> I need advice on how to handle the hostname portion.
>
> Note: My mail server does have a valid hostname (FQDN), with A
> record, and presents that name during the mail negotiations. My
> hostname is present in the mail headers it creates.

Go to spf.pobox.com and run the SPF wizard.
You need at least one of these:
1. host names that can send mail for your Domain
2. domains that have MX servers that can send mail from your domain
3. IP addresses of mail servers that can send mail from your domain A CIDR
is acceptable such as 192.168.0.0/29 (just an example)



--?
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
May 3, 2005 10:00:44 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Thank you. Yes, I think I've got it! I finally figured out how to add a
TXT record without removing the original A record in the process. I have
configured all my domains (4) with appropriate SPF records. I now get a
PASS when checking compliance at the following (GREAT!) website:

http://www.dnsstuff.com/pages/spf.htm

My output looks like this (with domain name and IP changed to protect the
innocent - ME!) LOL!

----start---
SPF lookup of sender droid@xxxxxxxxx.com from IP 6x.1xx.1xx.xx:

SPF string used: v=spf1 mx ptr ~all.
Processing SPF string: v=spf1 mx ptr ~all.
Testing 'mx' on IP=6x.1xx.1xx.xx, target domain xxxxxxxxxx.com, CIDR 32,
default=PASS. MATCH!
Testing 'ptr' on IP=6x.1xx.1xx.xx, target domain xxxxxxxxxx.com, CIDR 32,
default=PASS.
Testing 'all' on IP=6x.1xx.1xx.xx, target domain xxxxxxxxxx.com, CIDR 32,
default=SOFTFAIL.

Result: PASS


Possible Results:
Pass - This IP is authorized to send E-mail from this domain.
Fail - This IP is not authorized to send E-mail from this domain
SoftFail - This IP probably is not authorized to send E-mail from this
domain, but the domain owners are not certain
Neutral - The domain does not know if the IP is allowed to send E-mail or
not.
TempError - A temporary error occurred. The E-mail should be retried later.
PermError - A permanent error was encountered. The E-mail should be
rejected.
None - No SPF record was found. It cannot be determined if the IP is allowed
to send E-mail from this domain.
---end---

At this point in time HOTMAIL still plunks mail from my domains into "junk".
However, I'm hoping that this is just a propagation issue (or caching issue)
and that in a day or so HOTMAIL will accept my mail as fully authenticated.
We'll see. At least I test good now.

I've learned a lot about mail in the last 8 hours or so :) 

Thanks,

-Frank

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:o d5fulBUFHA.2820@tk2msftngp13.phx.gbl...
> Frankster wrote:
>> Well, I've decided that I would like to add an SPF record to validate
>> my mail server on the Internet.
>>
>> Note: At present only a few mail servers support this, but HOTMAIL is
>> one. Without this SPF TXT record in DNS, HOTMAIL considers your
>> incoming mail to be junk and you find it in your junk folder.
>>
>> Anyway,
>>
>> I mange my own Internet DNS using a DNS service provider (via GUI).
>>
>> This GUI does support SPF records and has a place to "Add an SPF
>> record".
>>
>> However, I am asked to provide a hostname and I am unsure what to use
>> for a hostname.
>>
>> I tried using my previously defined hostname (with A record) and when
>> I added this SPF txt record it REPLACED my original A record.
>> Apparently that must mean I cannot have a TXT record and an A record
>> with the same hostname???
>>
>> Anyway, for those that know what an SPF record is, can you help here?
>> I need advice on how to handle the hostname portion.
>>
>> Note: My mail server does have a valid hostname (FQDN), with A
>> record, and presents that name during the mail negotiations. My
>> hostname is present in the mail headers it creates.
>
> Go to spf.pobox.com and run the SPF wizard.
> You need at least one of these:
> 1. host names that can send mail for your Domain
> 2. domains that have MX servers that can send mail from your domain
> 3. IP addresses of mail servers that can send mail from your domain A CIDR
> is acceptable such as 192.168.0.0/29 (just an example)
>
>
>
> --?
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
Related resources
Anonymous
May 4, 2005 6:39:08 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Frank,
Looks like you had some fun with those links I gave you! haha

Congrats on getting SPF working. Remember that there is one thing that
breaks with SPF. SPF breaks e-mail forwarding. This may or may not be a
big deal for you depending on what sort of environment you run.

"You'll have to switch from forwarding, where the envelope sender is
preserved, to remailing, where the envelope sender is changed." - your
MTA has to support this.

You can check out the following link for more info:
http://spf.pobox.com/faq.html

Glad to see other folks getting SPF up and running.

Regards,
Ed Horley
Microsoft MVP Windows Server - Networking


"Frankster" <Frank@SPAM2TRASH.com> wrote in message
news:I8adnecJm6EwjeXfRVn-sg@giganews.com...
> Thank you. Yes, I think I've got it! I finally figured out how to add a
> TXT record without removing the original A record in the process. I have
> configured all my domains (4) with appropriate SPF records. I now get a
> PASS when checking compliance at the following (GREAT!) website:
>
> http://www.dnsstuff.com/pages/spf.htm
>
> My output looks like this (with domain name and IP changed to protect the
> innocent - ME!) LOL!
>
> ----start---
> SPF lookup of sender droid@xxxxxxxxx.com from IP 6x.1xx.1xx.xx:
>
> SPF string used: v=spf1 mx ptr ~all.
> Processing SPF string: v=spf1 mx ptr ~all.
> Testing 'mx' on IP=6x.1xx.1xx.xx, target domain xxxxxxxxxx.com, CIDR 32,
> default=PASS. MATCH!
> Testing 'ptr' on IP=6x.1xx.1xx.xx, target domain xxxxxxxxxx.com, CIDR 32,
> default=PASS.
> Testing 'all' on IP=6x.1xx.1xx.xx, target domain xxxxxxxxxx.com, CIDR 32,
> default=SOFTFAIL.
>
> Result: PASS
>
>
> Possible Results:
> Pass - This IP is authorized to send E-mail from this domain.
> Fail - This IP is not authorized to send E-mail from this domain
> SoftFail - This IP probably is not authorized to send E-mail from this
> domain, but the domain owners are not certain
> Neutral - The domain does not know if the IP is allowed to send E-mail or
> not.
> TempError - A temporary error occurred. The E-mail should be retried
> later.
> PermError - A permanent error was encountered. The E-mail should be
> rejected.
> None - No SPF record was found. It cannot be determined if the IP is
> allowed to send E-mail from this domain.
> ---end---
>
> At this point in time HOTMAIL still plunks mail from my domains into
> "junk". However, I'm hoping that this is just a propagation issue (or
> caching issue) and that in a day or so HOTMAIL will accept my mail as
> fully authenticated. We'll see. At least I test good now.
>
> I've learned a lot about mail in the last 8 hours or so :) 
>
> Thanks,
>
> -Frank
>
> "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
> news:o d5fulBUFHA.2820@tk2msftngp13.phx.gbl...
>> Frankster wrote:
>>> Well, I've decided that I would like to add an SPF record to validate
>>> my mail server on the Internet.
>>>
>>> Note: At present only a few mail servers support this, but HOTMAIL is
>>> one. Without this SPF TXT record in DNS, HOTMAIL considers your
>>> incoming mail to be junk and you find it in your junk folder.
>>>
>>> Anyway,
>>>
>>> I mange my own Internet DNS using a DNS service provider (via GUI).
>>>
>>> This GUI does support SPF records and has a place to "Add an SPF
>>> record".
>>>
>>> However, I am asked to provide a hostname and I am unsure what to use
>>> for a hostname.
>>>
>>> I tried using my previously defined hostname (with A record) and when
>>> I added this SPF txt record it REPLACED my original A record.
>>> Apparently that must mean I cannot have a TXT record and an A record
>>> with the same hostname???
>>>
>>> Anyway, for those that know what an SPF record is, can you help here?
>>> I need advice on how to handle the hostname portion.
>>>
>>> Note: My mail server does have a valid hostname (FQDN), with A
>>> record, and presents that name during the mail negotiations. My
>>> hostname is present in the mail headers it creates.
>>
>> Go to spf.pobox.com and run the SPF wizard.
>> You need at least one of these:
>> 1. host names that can send mail for your Domain
>> 2. domains that have MX servers that can send mail from your domain
>> 3. IP addresses of mail servers that can send mail from your domain A
>> CIDR
>> is acceptable such as 192.168.0.0/29 (just an example)
>>
>>
>>
>> --?
>> Best regards,
>> Kevin D4 Dad Goodknecht Sr. [MVP]
>> Hope This Helps
>> ===================================
>> When responding to posts, please "Reply to Group"
>> via your newsreader so that others may learn and
>> benefit from your issue, to respond directly to
>> me remove the nospam. from my email address.
>> ===================================
>> http://www.lonestaramerica.com/
>> ===================================
>> Use Outlook Express?... Get OE_Quotefix:
>> It will strip signature out and more
>> http://home.in.tum.de/~jain/software/oe-quotefix/
>> ===================================
>> Keep a back up of your OE settings and folders
>> with OEBackup:
>> http://www.oehelp.com/OEBackup/Default.aspx
>> ===================================
>>
>>
>
>
Anonymous
May 4, 2005 6:45:23 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

"Frankster" <Frank@SPAM2TRASH.com> wrote in message
news:I8adnecJm6EwjeXfRVn-sg@giganews.com...
> Thank you. Yes, I think I've got it! I finally figured out how to add a
> TXT record without removing the original A record in the process. I have
> configured all my domains (4) with appropriate SPF records. I now get a
> PASS when checking compliance at the following (GREAT!) website:
>
> http://www.dnsstuff.com/pages/spf.htm
>
> My output looks like this (with domain name and IP changed to protect the
> innocent - ME!) LOL!


Watch out if there are ways that YOUR users can send
email that doesn't go through your "normal" or default
servers -- like a dial user who sends outbound email
through their ISP.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"Frankster" <Frank@SPAM2TRASH.com> wrote in message
news:I8adnecJm6EwjeXfRVn-sg@giganews.com...
> Thank you. Yes, I think I've got it! I finally figured out how to add a
> TXT record without removing the original A record in the process. I have
> configured all my domains (4) with appropriate SPF records. I now get a
> PASS when checking compliance at the following (GREAT!) website:
>
> http://www.dnsstuff.com/pages/spf.htm
>
> My output looks like this (with domain name and IP changed to protect the
> innocent - ME!) LOL!
>
> ----start---
> SPF lookup of sender droid@xxxxxxxxx.com from IP 6x.1xx.1xx.xx:
>
> SPF string used: v=spf1 mx ptr ~all.
> Processing SPF string: v=spf1 mx ptr ~all.
> Testing 'mx' on IP=6x.1xx.1xx.xx, target domain xxxxxxxxxx.com, CIDR 32,
> default=PASS. MATCH!
> Testing 'ptr' on IP=6x.1xx.1xx.xx, target domain xxxxxxxxxx.com, CIDR 32,
> default=PASS.
> Testing 'all' on IP=6x.1xx.1xx.xx, target domain xxxxxxxxxx.com, CIDR 32,
> default=SOFTFAIL.
>
> Result: PASS
>
>
> Possible Results:
> Pass - This IP is authorized to send E-mail from this domain.
> Fail - This IP is not authorized to send E-mail from this domain
> SoftFail - This IP probably is not authorized to send E-mail from this
> domain, but the domain owners are not certain
> Neutral - The domain does not know if the IP is allowed to send E-mail or
> not.
> TempError - A temporary error occurred. The E-mail should be retried
later.
> PermError - A permanent error was encountered. The E-mail should be
> rejected.
> None - No SPF record was found. It cannot be determined if the IP is
allowed
> to send E-mail from this domain.
> ---end---
>
> At this point in time HOTMAIL still plunks mail from my domains into
"junk".
> However, I'm hoping that this is just a propagation issue (or caching
issue)
> and that in a day or so HOTMAIL will accept my mail as fully
authenticated.
> We'll see. At least I test good now.
>
> I've learned a lot about mail in the last 8 hours or so :) 
>
> Thanks,
>
> -Frank
>
> "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
> news:o d5fulBUFHA.2820@tk2msftngp13.phx.gbl...
> > Frankster wrote:
> >> Well, I've decided that I would like to add an SPF record to validate
> >> my mail server on the Internet.
> >>
> >> Note: At present only a few mail servers support this, but HOTMAIL is
> >> one. Without this SPF TXT record in DNS, HOTMAIL considers your
> >> incoming mail to be junk and you find it in your junk folder.
> >>
> >> Anyway,
> >>
> >> I mange my own Internet DNS using a DNS service provider (via GUI).
> >>
> >> This GUI does support SPF records and has a place to "Add an SPF
> >> record".
> >>
> >> However, I am asked to provide a hostname and I am unsure what to use
> >> for a hostname.
> >>
> >> I tried using my previously defined hostname (with A record) and when
> >> I added this SPF txt record it REPLACED my original A record.
> >> Apparently that must mean I cannot have a TXT record and an A record
> >> with the same hostname???
> >>
> >> Anyway, for those that know what an SPF record is, can you help here?
> >> I need advice on how to handle the hostname portion.
> >>
> >> Note: My mail server does have a valid hostname (FQDN), with A
> >> record, and presents that name during the mail negotiations. My
> >> hostname is present in the mail headers it creates.
> >
> > Go to spf.pobox.com and run the SPF wizard.
> > You need at least one of these:
> > 1. host names that can send mail for your Domain
> > 2. domains that have MX servers that can send mail from your domain
> > 3. IP addresses of mail servers that can send mail from your domain A
CIDR
> > is acceptable such as 192.168.0.0/29 (just an example)
> >
> >
> >
> > --?
> > Best regards,
> > Kevin D4 Dad Goodknecht Sr. [MVP]
> > Hope This Helps
> > ===================================
> > When responding to posts, please "Reply to Group"
> > via your newsreader so that others may learn and
> > benefit from your issue, to respond directly to
> > me remove the nospam. from my email address.
> > ===================================
> > http://www.lonestaramerica.com/
> > ===================================
> > Use Outlook Express?... Get OE_Quotefix:
> > It will strip signature out and more
> > http://home.in.tum.de/~jain/software/oe-quotefix/
> > ===================================
> > Keep a back up of your OE settings and folders
> > with OEBackup:
> > http://www.oehelp.com/OEBackup/Default.aspx
> > ===================================
> >
> >
>
>
May 5, 2005 1:42:49 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

> Frank,
> Looks like you had some fun with those links I gave you! haha

Yeah, no kidding. Thank you. Other than the stupid bug in my providers DNS
GUI it wasn't all that tough. Just a lot of research in one day :) 

> Congrats on getting SPF working. Remember that there is one thing that
> breaks with SPF. SPF breaks e-mail forwarding. This may or may not be a
> big deal for you depending on what sort of environment you run.

Yeah, I read about that. I don't do any forwarding here and don't plan to.

> You can check out the following link for more info:
> http://spf.pobox.com/faq.html

Yeah, I 've already learned a lot from that site too. Lotta good stuff out
there if you have time to read it all.

> Glad to see other folks getting SPF up and running.

Well, yeah, I guess :)  Sometimes I start to wonder if the cure is worse
than the disease. LOL.

Again, thanks.

-Frank
!