Forum Moderators: phranque
One question I have is what about emails sent from my email client software?
The server is running postfix and sends out regular mails generated from php scripts such as forums, user login management etc.: mail is sent out as from admin@widgets.co.uk.
But I deal with customer requests via Thunderbird: mail is sent via info@widgets.co.uk
If I setup SPF for the server do I need to do anything with Thunderbird or is it the case that you can only setup SPF for server based emails?
[edited by: Frank_Rizzo at 9:14 pm (utc) on Sep. 26, 2006]
You can use the SPF wizard at [openspf.org...] to generate your own SPF record.
You say I can set a range so could I set something like 86-88.nnn.nnn.nnn?
BTW, is there a noddy guide to SPF? I read the guide and tried to use the wizard on the openspf.org site but it's a bit too techie to understand.
[edited by: Frank_Rizzo at 9:33 am (utc) on Sep. 27, 2006]
What it does care about is the IP address of the server where the mail originated. Note I say the SERVER where the mail originated. It doesn't care about the IP address of your workstation or of your webserver. (Caveat on the latter - unless your SMTP server is running on the same IP address.)
When you send mail from your PC, you are NOT sending it directly to the destination. You are sending it to an SMTP server typically located at your ISP. The SMTP server then delivers it on your behalf. THIS is the address that you need to list in your SPF record.
(Note that many email clients CAN bypass SMTP and deliver directly to the destination. However, this is NOT a common default set-up, and in most cases will NOT WORK because many ISPs block port 25 going anywhere but their relay server, and because broadband and dialup IP addresses are on spam blacklists.)
You'll also need to determine the IP address (or name) of the SMTP server used to send mail from your website.
You list these two addresses in your SPF record. This says these are the two legitimate places where your mail could originate. Mail from anywhere else will be discarded.
Some ISPs will discard ANY mail if there is no SPF record - which is a good reason to set-up an SPF record!
Email Client
------------
I use thunderbird to send mail for info@widgets.co.uk this mail is sent via my ISP myisp.co.uk
I have it setup that myisp allows me to send mail from widgets.co.uk (a year ago had to request this facility from myisp).
I send a test message to one of my test / free_acme accounts. Here's the header received.
--------------------------------------
Return-Path: <info@widgets.co.uk>
Received: from mwinf1111.me.free_acme.com (mwinf1111.me.free_acme.com)
by mwinb3002 (SMTP Server) with LMTP; Wed, 27 Sep 2006 20:51:57 +0200
X-Sieve: Server Sieve 2.2
Envelope-to: test@mytest.free_acme.co.uk
Received: from me-free_acme.net (localhost [127.0.0.1])
by mwinf111.me.free_acme.com (SMTP Server) with ESMTP id 456631C00BED
for <test@mytest.free_acme.co.uk>; Wed, 27 Sep 2006 20:51:57 +0200 (CEST)
Received: from abc123.myisp.com (abc123.myisp.com [194.nnn.nnn.nnn])
by mwinf111.me.free_acme.com (SMTP Server) with ESMTP id 2E53E1C00BE7
for <test@mytest.free_acme.co.uk>; Wed, 27 Sep 2006 20:51:57 +0200 (CEST)
X-ME-UUID: 20060927185157189.2E53E1C00BE7@mwinf111.me.free_acme.com
Received: from [86.nnn.nnn.nnn] (host86-nnn-nnn-nnn.range86-142.myisp.com [86.nnn.nnn.nn])
by abc123.myisp.com (MOS 3.7.4b-GA)
with ESMTP id BCX97395;
Wed, 27 Sep 2006 19:46:29 +0100 (BST)
Message-ID: <451AC855.8030702@widgers.co.uk>
Date: Wed, 27 Sep 2006 19:52:05 +0100
From: Flatstats <info@widgets.co.uk>
Reply-To: info@widgets.co.uk
Organization: widgets.co.uk
User-Agent: Thunderbird 1.5.0.4 (Windows/20060506)
MIME-Version: 1.0
To: test@mytest.free_acme.co.uk
Subject: test
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-me-spamlevel: not-spam
X-me-spamrating: 0.497187
X-Antivirus: AVG for E-mail 7.1.407 [268.12.9/457]
--------------------------------
client email (website): info@widgets.co.uk
client PC ISP: myisp
receiving ISP: free_acme
So I guess I need to add the IP of myisp to the spf record. I presume this is: abc123.myisp.com [194.nnn.nnn.nnn]. But does this IP change?
[edited by: Frank_Rizzo at 7:06 pm (utc) on Sep. 27, 2006]
-------------------------
Return-Path: <info@widgets.co.uk>
Received: from mwinf1111.me.free_acme.com (mwinf1111.me.free_acme.com)
by mwinb3002 (SMTP Server) with LMTP; Wed, 27 Sep 2006 20:53:25 +0200
X-Sieve: Server Sieve 2.2
Envelope-to: test2@mytest.free_acme.co.uk
Received: from me-free_acme.net (localhost [127.0.0.1])
by mwinf1111.me.free_acme.com (SMTP Server) with ESMTP id B9B031C00C1D
for <test2@mytest.free_acme.co.uk>; Wed, 27 Sep 2006 20:53:25 +0200 (CEST)
Received: from widgets.co.uk (unknown [85.nnn.nnn.nnn])
by mwinf1111.me.free_acme.com (SMTP Server) with ESMTP id AC13F1C00C10
for <test2@mytest.free_acme.co.uk>; Wed, 27 Sep 2006 20:53:25 +0200 (CEST)
X-ME-UUID: 20060927185325705.AC13F1C00C10@mwinf1111.me.free_acme.com
Received: by widgets.co.uk (Postfix, from userid 500)
id 11FCFA50132; Wed, 27 Sep 2006 19:53:24 +0100 (BST)
To: test2@mytest.free_acme.co.uk
Subject: test
Message-Id: <20060927185325.11FCFA50132@widgets.co.uk>
Date: Wed, 27 Sep 2006 19:53:24 +0100 (BST)
From: info@widgets.co.uk (widgets)
X-me-spamlevel: not-spam
X-me-spamrating: 53.570959
X-Antivirus: AVG for E-mail 7.1.407 [268.12.9/457]
-----------------------
This time I just add the IP of the server which the mail is running on: 85.nnn.nnn.nnn
BTW, why does it say unknown? Should that be corrected?
Received: from widgets.co.uk (unknown [85.nnn.nnn.nnn])
"v=spf1 a mx include:myisp.com ~all"
---------------
Should widgets.co.uk be in there somewhere?
On the wizard it says:
Could mail from widgets.co.uk originate through servers belonging to some other domain? If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here.
For this I entered myisp.com and not abc123myisp.com.
I also ran the Microsoft SPF wizard and it generated this:
v=spf1 a mx mx:mail.widgets.co.uk +all
[edited by: Frank_Rizzo at 11:21 am (utc) on Sep. 28, 2006]
"v=spf1 a:widgets.co.uk include:myisp.com ~all"
This says:
- You may send mail through myisp.com. The "include" directive tells SPF to look at myisp.com's SPF record for details.
- You may send mail from the server at widgets.co.uk
- You don't send mail from any other server (~all)
Many thanks for your assistance.
[edited by: Frank_Rizzo at 5:31 pm (utc) on Oct. 1, 2006]
The DNS control panel looks like this:
NAME, TYPE, CONTENT
-------------------
@ A nnn.nnn.nnn.nnn
ftp CNAME widgets.co.uk
mail A nnn.nnn.nnn.nnn
spf TXT v=spf1 a:widgets.co.uk include:myisp.com ~all
www A nnn.nnn.nnn.nnn
I try a couple of spf queery tests and get back:
"No TXT records found for your domain."
I mailed the support for the DNS site but no reply after two days.
spf TXT ... line.
Googling found a list of DNS providers which allow spf TXT features. There was a specific anomaly with my DNS provider which mean that what I needed to do was add:
@ TXT v=spf1 a:widgets.co.uk include:myisp.com -all
-------
There is still a problem with the include:myisp.com. An spf queery returns:
evaluating...
Results - PermError SPF Permanent Error: No valid SPF record for included domain: myisp.com: include:myisp.com
[edited by: Frank_Rizzo at 8:19 pm (utc) on Oct. 1, 2006]
Try with quotes:
@ TXT "v=spf1 a:widgets.co.uk include:myisp.com -all"
or alternately:
@ TXT "v=spf1 a mx include:myisp.com -all"
Jim
No valid SPF record for included domain: myisp.com: include:myisp.com
Sounds like your ISP doesn't have an SPF record. You should get on them about it, but in the mean time, you'll have to just add their SMTP server(s) explicitly, rather than relying on an include of their SPF record.
How long does the DNS system take to update?
On average, TTL/2. Maximum, TTL. TTL ("time to live") is a value that YOU set. (Unless you just let it default.) You are in complete control of "how long the DNS system takes to update".
It can be useful to make TTL smaller in advance of a known DNS change, then increase it once the change is live.
