| SPF record: -all or ~all
|
encyclo
msg:4168166 | 8:36 pm on Jul 11, 2010 (gmt 0) |
I'm trying to improve delivery of automated emails from a phpBB forum. I've set up a SPF record in the DNS which looks like this:
v=spf1 include:_spf.google.com include:example.com ~all
(Google Apps is for regular email, and example.com refers to the hosting company's SPF records for the automated emails.)
Google recommends [google.com] using ~all instead of -all to avoid "delivery problems", but doesn't go into details. In my case, I know that the only servers that will be used are the Google ones or my server - I don't have any users for this domain.
So should I use -all instead? In anyone's experience, is it better to FAIL or SOFTFAIL when using SPF records?
|
lammert
msg:4168226 | 1:24 am on Jul 12, 2010 (gmt 0) |
I use -all on some domains, but not on all. The problem is that you don't always know which server will send legitimate emails with your email address as source address.
A number of online systems like forums, webshops, mailinglists etc send notification emails where the address you used to sign up is used as the From: address. Those emails may get lost if you use the -all setting because they are sent from servers whose IP address is not in your SPF record. If you are never using a domain to sign up to sites which send messages on your behalf, it is safe to use -all in the SPF record of that domain.
|
encyclo
msg:4168864 | 12:51 am on Jul 13, 2010 (gmt 0) |
Thanks for the reply lammert - it sounds as if using -all will be safe in my situation, as apart from the automated emails, the domain's email addresses are mostly used for receiving and not sending.
I have a supplementary question specifically relating to Hotmail delivery - what's the current situation with Sender ID? Would it be a good idea to create a dedicated TXT record in the Sender ID format for Hotmail, or should the SPF record suffice?
|
Hoople
msg:4172607 | 3:36 am on Jul 19, 2010 (gmt 0) |
There has been no harm in doing both IMHO. My testing (RedHat Linux w cPanel) has shown it helps delivery to AOL where the client IP (mail client) is in a portable (aka dial-up) range.
Add the true IP of that the email server is bound to as cPanel grabs the IP4 A record of the webserver. Listed as 'Additional Ip blocks for your domains (IP4)'.
The best of the online SPF record checkers is [kitterman.com ] There are others but they give confusing results (IMHO) and/or false errors. openspf.org has lots of backing docs if you are curious.
|
Hoople
msg:4172622 | 4:45 am on Jul 19, 2010 (gmt 0) |
In above #4172607 both = SenderID/Domain Keys and SPF.
|
|
|
