Forum Moderators: phranque
So, I say, you mean I will have to change from the registrar I've used for years or go without SPF? That doesn't seem to make sense, don't you want my business? whine, whine, whimper ....
They say, yes, we want your business, but our programmers are still working on SPF and we don't have an ETA, probably not by 10/1 anyway. Then they say - A@L and other mail sources will fully support SPF records in October, not necessarily require it. (Well, yeah, but as I understand it, if they do require it and I don't have an SPF record, my mail won't get to their users).
So, next I go off to find out if my current registrar does this. Found a listing of registrars implementing SPF and mine is listed as a "NO". Can't find anything on registrar's site that says anything about SPF. I could change to my hosting service as the registrar for more $'s but, I think if I understood the SPF.pobox.com wizard that wouldn't be necessary, maybe.
So, I go off, one more time, to see if I can figure out [spf.pobox.com ]. I read and read, click on links back and forth and end up being just as confused as I was before I woke up this morning... especially after visiting the AOL postmaster site.
I just can't seem to get my head around this. So, I've entered the wizard's questions below, with my questions about - the questions. I will be very, very grateful if someone can answer my questions - or - send me to a site that tutors SPF & email dummies. I did spend most of the day reading and searching before coming here to throw myself on the mercy of WebmasterWorld and admit to being completely SPF challenged.
These are the questions the spf.pobox.com wizard asks:
1.
mydomain.com's IP address is 123.456.78.912.Yes or No
Does that server send mail from mydomain.com?
Not now, I use my ISP with a reply to address at my domain. But, I might want to use my hosts SMTP server some day soon. If I say no now, can I change it later?
2.
mydomain.com has one MX server, name.host.com.Yes or No
It receives mail for mydomain.com.
Does it also send mail from mydomain.com?
Does the question I asked in #1. actually apply here, instead? I know what an IP address is, but not how it is different from an MX server.
3.
Do you want to just approve any hostYes or No
whose name ends in mydomain.com?
Dumbfounded... not a clue what this question means or refers to?
4.
Do any other servers send mail from mydomain.com?You can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. To keep the wizard short we left out ptr: but it works the same way.
duh? If I understood why "other servers' might need to send mail from mydomain.com I think I could figure out what the responses should be.
5.
IP networks can be entered using CIDR notation, eg. 192.0.2.0/24
again, duh? Is this for something like an intranet which doesn't apply to me as the only sender of mail from my domain.
6.
Could mail from mydomain.com originate through servers belonging to some other domain?
If you send mail through your ISP's servers, name the ISP here.
This is one of the few questions, I think, I understand and assume I just enter "myisp.com"
7.
Do the above lines describe all the hosts that send mail from mydomain.com?Yes or No
Would this be something like using a third party mailer?
8.
mydomain.com. IN TXT
"v=spf1"
The "v=spfl" is the default entry, what should I investigate to know that's what I should use?
Before plowing into this, I did go to the dnsreport site and my domain passes everything except for warnings about no SPF, not accepting domain literals and having only a single MX record - I do understand these though.
My email requirements are simple, I only send out a newsletter a couple times a year to about 2000 opt-in requests. All other email is in response to individual inquiries because 50% of my customer communication is via phone. I do want to use my domain addresses as the from and reply to addresses even though I use my ISP SMTP server.
The purpose of the SPF generator tool you found is to make a line of text that needs to be added to your DNS zone file. You'll need to find out how to do that. This is the same file that is now used to "map" your domain name(s) to your server's IP address, assign your mail server, etc. Some hosting companies have a control panel tool that can be used to edit this file, expecially if they are also the domain registrar. Either way, the key question is "How do I edit or change my zone file?"
I'm in the dark as well as everyone else as to what AOL and the others are actually going to do on Oct 1st. For lack of any better info, I'm assuming that they won't accept e-mail sent from an ISP and claiming to be from another (your) domain. Also, since there will be a discrepancy between the "From" and "Reply To" headers in this case, your message will accrue additional "points" in score-based spam-detection algorithms, which is bad.
So, I believe that listing your ISP as an approved mail sender is a bad idea, especially if that ISP offers free e-mail (such as Yahoo). In addition, the SPF record in your DNS zone file is open to public view, so anyone else using the same ISP could possibly send mail spoofing your domain.
At this time, I'm recommending that clients use the mail-sending capabilities of their hosting account to send mail directly from their domain's server only, and disallow any other domains. I hope that's good advice.
I guess we'll see in two weeks...
Jim
As to the rest- you can update your SPF records as often as you need to. If you're using your ISP's servers to send all outbound mail for your domain, then the only host you need to enter into your SPF record is their smtp server. (i.e. question 6)
nancyb wrote:
If I understood why "other servers' might need to send mail from mydomain.com I think I could figure out what the responses should be.
You might have a script on your web site that sends email. Or you might work with some 3rd party emailer that would send your newsletters. Or maybe you bring your laptop to the coffee shop sometimes and email using a smtp server on their wireless network.
jdMorgan wrote:
So, I believe that listing your ISP as an approved mail sender is a bad idea, especially if that ISP offers free e-mail (such as Yahoo). In addition, the SPF record in your DNS zone file is open to public view, so anyone else using the same ISP could possibly send mail spoofing your domain.
The SPF record is intended to formally describe how you send mail. If you relay email through your ISP's smtp server, then the ISP's server must be a part of the SPF record- there is no choice. Also, SPF reduces spoofing, it is not a 100% cure. If you're worried that some fellow ISP customer is going to notice that you're SPF'd on a smtp server he has access to, you can always run your own private smtp server.
Yes, I think it's going to be more difficult to get mail through in the future using an ISP account, rather than your domain's own SMTP. So that's the choice I was addressing, if not clearly.
Jim
If AOL et al turn on strict SPF enforcement, anybody setup like this should be in the clear, unless for some reason AOL decides to ignore the SPF instructions and blacklist that ISP's SMTP server in particular. I'm not deep in the spam/joe job trenches, but this seems unlikely- to me it seems that the problem isn't the ISP's official SMTP servers, it's all the ISP customer's zombie PCs acting as rogue SMTP servers.
Tomorrow, I'll tackle my hosting service again. Doesn't make sense that they can't help with the TXT record just because they aren't my registrar when they are one of the services that have implemented SPF - although I was talking with a supervisor.
Some days I just can't believe how much fun this web stuff is ....
Also, I'll revist the A@L postmaster site again, it makes more sense since your posts ;)
Thanks again, nite all
