Welcome to WebmasterWorld Guest from 54.225.31.78

Forum Moderators: phranque

Message Too Old, No Replies

SPF record: -all or ~all

     
8:36 pm on Jul 11, 2010 (gmt 0)

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I'm trying to improve delivery of automated emails from a phpBB forum. I've set up a SPF record in the DNS which looks like this:

v=spf1 include:_spf.google.com include:example.com ~all


(Google Apps is for regular email, and example.com refers to the hosting company's SPF records for the automated emails.)

Google recommends [google.com] using
~all
instead of
-all
to avoid "delivery problems", but doesn't go into details. In my case, I know that the only servers that will be used are the Google ones or my server - I don't have any users for this domain.

So should I use
-all
instead? In anyone's experience, is it better to FAIL or SOFTFAIL when using SPF records?
1:24 am on Jul 12, 2010 (gmt 0)

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I use -all on some domains, but not on all. The problem is that you don't always know which server will send legitimate emails with your email address as source address.

A number of online systems like forums, webshops, mailinglists etc send notification emails where the address you used to sign up is used as the From: address. Those emails may get lost if you use the -all setting because they are sent from servers whose IP address is not in your SPF record. If you are never using a domain to sign up to sites which send messages on your behalf, it is safe to use -all in the SPF record of that domain.
12:51 am on Jul 13, 2010 (gmt 0)

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Thanks for the reply lammert - it sounds as if using
-all
will be safe in my situation, as apart from the automated emails, the domain's email addresses are mostly used for receiving and not sending.

I have a supplementary question specifically relating to Hotmail delivery - what's the current situation with Sender ID? Would it be a good idea to create a dedicated TXT record in the Sender ID format for Hotmail, or should the SPF record suffice?
3:36 am on Jul 19, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



There has been no harm in doing both IMHO. My testing (RedHat Linux w cPanel) has shown it helps delivery to AOL where the client IP (mail client) is in a portable (aka dial-up) range.

Add the true IP of that the email server is bound to as cPanel grabs the IP4 A record of the webserver. Listed as 'Additional Ip blocks for your domains (IP4)'.

The best of the online SPF record checkers is [kitterman.com ] There are others but they give confusing results (IMHO) and/or false errors. openspf.org has lots of backing docs if you are curious.
4:45 am on Jul 19, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



In above #4172607 both = SenderID/Domain Keys and SPF.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month