SPF Record Query

Discussion in 'General' started by zimele, Dec 9, 2006.

  1. zimele

    zimele New Member

    Hi All

    I was wondering how to configure an SPF Record


    what values to include on all the different fields i'm using the ISPConfig DNS Manager

    Hostname:

    Are emails sent
    from A Record?: NoYes

    Are emails sen
    from MX Record?: NoYes

    Are emails sent
    from all servers of
    this domain?: NoYes

    Are emails sent
    from other A Records?:

    Are emails sent
    from other MX Records?:

    Are emails sent
    from other IP addresses?:
    Inherit SPF Record
    from this zone?:

    Do the above entries
    contain all hosts
    allowed to send emails
    for this domain?:

    Basically all i need really is a breakdown on what to include...
     
    Last edited: Dec 9, 2006
  2. edge

    edge Active Member Moderator HowtoForge Supporter

    Basically it's what it is saying..
    ie: If you are using an A record to send email set it to yes. If not, set it to no
    It's the same for all the other option..
    (it's all about how you have set up your DNS)

    A nice way to see if the SPF record is okay, is by sending an email to a gmail account.

    Looking at the headers of the email you will see:

    a good SPF record example: Received-SPF: pass (google.com: domain of your@emailaddress.tld designates ip_from_your_server as permitted sender)

    a bad SPF record example: Received-SPF: pass (google.com: best guess record for domain of your@emailaddress.tld designates ip_from_your_server as permitted sender)
    (note the: "best guess record for" part!)
     
    Last edited: Dec 9, 2006
  3. zimele

    zimele New Member

    More Help Please?

    Thanks edge for the speedy response

    Okay help me understand when you say sending mail from an A record meaning ?

    cause i have not configured a seperate A record that will host my mail (so i take it its a no Right?

    This is where i really get lost...

    Are emails sent
    from other A Records?:

    Are emails sent
    from other MX Records?:

    Are emails sent
    from other IP addresses?:
    Inherit SPF Record
    from this zone?:

    Do the above entries
    contain all hosts
    allowed to send emails
    for this domain?:


    Could you please better describe this...

    and another thing does that mean that every domain that i create i have to include a SPF record?
     
  4. edge

    edge Active Member Moderator HowtoForge Supporter

    Are you using the DNS server of the domain registrar, or are you using your own DNS server?
    (it does help if you post the domainname here, so we can have a look)
     
  5. zimele

    zimele New Member

    Still not 100%

    i'm running on my own DNS servers

    i did create my own SPF rcord this is what it looks like
    "v=spf1 ip4:196.211.246.10 a mx ptr a:mail.ulwazint.co.za mx:ns2.ulwaziweb.co.za ~all"

    does this look correct?

    my domain is ulwazint.co.za

    any reason why my mail still gets delivered to the BULK folder
     
  6. edge

    edge Active Member Moderator HowtoForge Supporter

    your SPF looks okay,

    The "bulk" problem could be
    (1) Your reverse DNS is still not set correct.
    (2) You will need to email the webmasters of Hotmail and Yahoo.
    See this article about the Bulk mail problem with hotmail (msn)
     
  7. zimele

    zimele New Member

    Reverese Dns

    Is my reverse dns not automatically created within ispconfig when i do create a zone file?
     
  8. sgrayban

    sgrayban New Member

    BULK and dns aren't the same. Hotmail likes to put a lot of my mail into bulk & junk when its not. I think they use *sstupid* filters on there end.

    So having a SPF record and the issues with mcrosoft are separate issues.
     
  9. zimele

    zimele New Member

    Could this be an answer

    through further research today i found that if i send mail through Squirrelmail and not UebiMiau! my email gets delivered properly to the Inbox (yahoo and Hotmail)

    this is through a domain with A SPF record and a domain without one still under the same ISPConfig server

    now my question is what is an alternative to UebiMiau or better yet how would i also go by adding that email frontend to a .pkg cause i know that i'll get it probably in a .tar.gz file and also because squirrelmail is too basic and requires alot of tweaking

    if this is the case that should mean that my email is not being taken as SPAM or junk mail on other email clients like (yahoo and Hotmail) right? :eek:

    Oh ran further tests and this was the outcome

    the scenario

    2 Email Accounts 1 from a domain with a SPF Record another from a Domain without An SPF Record
    3 Testing grounds (Outlook, Squirrelmail and Ueibmaiu)
    2 Mail Accounts Yahoo and Hotmail

    sent from domain 1 (without SPF record) and domain 2 (with SPF Record)
    delivered to Inbox Correctly

    via outlook
    Both Domains
    Yahoo= Delivered Properly
    Hotmail= Delivered Properly

    via Squirrelmail
    domain 1 (without SPF record)
    yahoo= Delivered to Inbox
    hotmail= delivered to junk mail folder

    domain 2 with SPF record
    yahoo= Delivered to Bulk mail
    hotmail= Delivered to junk mail

    What to do??
     
    Last edited: Dec 11, 2006
  10. sgrayban

    sgrayban New Member

    I'm not getting that result here. What are the domain names so I can look at the SPF records.
     
  11. edge

    edge Active Member Moderator HowtoForge Supporter

    One more thing.

    When I was talking (email) to one of the Hotmail admins some time ago, he told me NOT to use any words with TEST in the email, as it would also set some "flags"

    small quote from the email:

     
  12. zimele

    zimele New Member

    Frustrated!!!

    Hi guys

    This was my discovery that if i send mail through UebiMiau, squirrelmail and outlook express it is receieved as spam or junk mail on the repeient and thats using a domain that has a SPF record and a reverse PTR record as well...

    but if i use another domain that has no SPF record though UebiMiau and squirrelmail not outlook express it is recieved as a normal email and goes into the inbox and this is sometimes as well

    now my question is what do i need to do so that my mail is delivered properly to the inbox on both yahoo and hotmail... and for the record does it mean that i will have to go through the same process everytime i configure a new domain?
     
  13. sgrayban

    sgrayban New Member

    Could you paste just the _headers_ from any of those emails that get tagged as bulk and junk ? I don't need to see the email address or content.

    I would need to see both to figure out why you're getting this issue.
     
  14. zimele

    zimele New Member

    Hope this helps!!

    X-Apparently-To: (myaddy)@yahoo.com via 209.191.68.173; Wed, 13 Dec 2006 08:53:15 -0800
    X-YahooFilteredBulk: IP address of server
    X-Originating-IP: Ipadress of ISPConfig
    Return-Path: <domain off ispconfig>
    Authentication-Results: mta565.mail.mud.yahoo.com from=domain off ispconfig; domainkeys=neutral (no sig)
    Received: from IP of the server (EHLO nameof machine) Ip of the server by mta565.mail.mud.yahoo.com with SMTP; Wed, 13 Dec 2006 08:53:15 -0800
    Received: from A Record Address (localhost.localdomain [127.0.0.1]) by name of machine (Postfix) with ESMTP id 8C9391B778B for <(myaddy)@yahoo.com>; Wed, 13 Dec 2006 16:35:09 +0200 (SAST)
    Received: from 192.68.1.87 (SquirrelMail authenticated user web2_mailadmin) by A record of the ISPCONFIG server where squirrelmail is running with HTTP; Wed, 13 Dec 2006 16:35:09 +0200 (SAST)
    Message-ID: <4100.192.68.1.87.1166020509.squirrel@domain of ispconfig>
    In-Reply-To: <101815.91519.qm@web34809.mail.mud.yahoo.com>
    References: <101815.91519.qm@web34809.mail.mud.yahoo.com>
    Date: Wed, 13 Dec 2006 16:35:09 +0200 (SAST)
    Subject: Re: Running at ya!!
    From: Mail from ISPCOFIG Add to Address Book Add Mobile Alert
    To: <(myaddy)@yahoo.com>
    Reply-to: domain off ispconfig
    User-Agent: SquirrelMail/1.4.8
    MIME-Version: 1.0
    Content-Type: text/plain;charset=iso-8859-1
    Content-Transfer-Encoding: 8bit
    X-Priority: 3 (Normal)
    Importance: Normal
    Content-Length: 147
     
  15. sgrayban

    sgrayban New Member

    2 things I see that yahoo thinks its junk.

    1) X-YahooFilteredBulk: IP address of server
    2) Authentication-Results: mta565.mail.mud.yahoo.com from=domain off ispconfig; domainkeys=neutral (no sig)


    For problem 1, I wouldn't know why unless you gave your IP out. Its no big secret since you are emailing from it.

    For problem 2, This is because Yahhoo refusees to use SPF records because they sponsor the rival of SPF which is DomanKeys. DomainKeys is known to be buggy and fail when it shouldn't whereas SPF never fails unless its 'admin error'.

    My best guess is that your IP block has been tagged for spamming... That doesn't mean YOUR ip is but rather the WHOLE ip block. EG; a /16 or /24 class
     
  16. sgrayban

    sgrayban New Member

    BTW good luck with ISPConfig... I went to Virtualmin Pro which is alot more friendly to systems then this program was. ISPConfig ate my websites up after a upgrade to the dev version and if its going to do that then its a waste of time for me.
     
  17. edge

    edge Active Member Moderator HowtoForge Supporter

    Maybe the reason of the upgrade going wrong was that you used a dev (development (unstable)) version?

    I've tested Virtualmin Pro, and I think that for me it was a waste of time, as I did allready have a good working system.
     
    Last edited: Dec 19, 2006
  18. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    The ISPConfig installer and updater does not contain any code that can change your websites, so you will have to search the problem somewhere else. The installer modifies only files in /root/ispconfig, /home/admispconfig and in the ISPConfig mysql database and I guess you do not host sites in one of these directories.
     
  19. zimele

    zimele New Member

    X-YahooFilteredBulk: 196.211.246.13


    My best guess is that your IP block has been tagged for spamming... That doesn't mean YOUR ip is but rather the WHOLE ip block. EG; a /16 or /24 class

    wouldn't that mean that every single mail sent from this IP block will be recognized as spam but the thing is some other mail is recognized as Normal mail like if i send mail through Microsoft Outlook??

    What would cause that?
     
  20. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Yes.

    If the mail is sent through a mail server in that subnet, it would still be tagged as spam.
     

Share This Page