|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
18 Feb 2007, 10:16 PM | #1 |
Essential Contributor
Join Date: Dec 2006
Location: UK
Posts: 392
|
SPF records
I'm trying to set up an SPF record for my domain. Now this is very new to me, I just want to make sure I'm doing things properly.
First off, the domain is registered by Heart Internet in UK. The MX records are with Fastmail, all the other settings are at Heart default. Now I only send email thru' either Fastmail web interface or via email client at home using only FM's secure smtp. I do not intend on using even my ISP's smtp (never have, never need to). Where I'm confused, do I input FM's servers AND Heart Internet servers in the spf record? My thought is to not use Heart servers as I don't send email from there, only as a back up to recieve mail if FM goes bad (i.e. I use the supplied mail forwarder at Heart only) I used the online spf creator at opensf, and this is what I came up with: v=spf1 mx ~all This according to opensf will allow all 3 MX servers (2 FM's and 1 Heart Internet). Thanks in advance! |
19 Feb 2007, 01:36 AM | #2 |
Moderator
Join Date: Dec 2002
Location: USA
Posts: 8,687
|
[Moderator:]
I have moved your thread from The Technical Zone to the "Fastmail.FM Help and Current Issues" forum. |
19 Feb 2007, 02:30 AM | #3 | |
Essential Contributor
Join Date: Dec 2006
Location: UK
Posts: 392
|
Quote:
Follow up...I think the spf I created is wrong as out1,2,3 and 4 are not being reconized as valid. So heres what I did: v=spf1 ip4:66.111.4.28, ip4:66.111.4.25, ip4:66.111.4.26, ip4:66.111.4.27 mx -all Rob M, does this look right to you? Last edited by walesrob : 19 Feb 2007 at 02:40 AM. |
|
19 Feb 2007, 04:40 AM | #4 |
The "e" in e-mail
Join Date: May 2002
Posts: 2,804
|
As I've said before, even if Fastmail don't want to use SPF, they should still create an SPF record on a domain that isn't used for email, so people can include it.
|
19 Feb 2007, 04:47 AM | #5 | |
Essential Contributor
Join Date: Dec 2006
Location: UK
Posts: 392
|
Quote:
Of course, I like to mess with things, and I went ahead anyway and tried the v=spf1 ip4:66.111.4.28, ip4:66.111.4.25, ip4:66.111.4.26, ip4:66.111.4.27 mx -all combination, but this only confused gmail and tuffmail who both returned unknown format in the SPF in the headers? |
|
19 Feb 2007, 05:16 AM | #6 |
Cornerstone of the Community
Join Date: Jun 2004
Posts: 743
|
Try removing the commas.
|
19 Feb 2007, 10:05 AM | #7 |
Essential Contributor
Join Date: Sep 2006
Location: Ellicott City, MD, USA
Posts: 206
Representative of:
ControlledMail.com |
Yes. Definitely remove the commas.
Additionally, while SPF is certainly not ideal, I don't think there is a better alternative available now. |
19 Feb 2007, 05:31 PM | #8 | |
Essential Contributor
Join Date: Dec 2006
Location: UK
Posts: 392
|
Quote:
|
|
20 Feb 2007, 08:12 AM | #9 |
Intergalactic Postmaster
Join Date: Oct 2001
Location: Melbourne, Australia
Posts: 6,102
Representative of:
Fastmail.FM |
SPF supports an "include" option. I've created a ticket for Bron to add spf.messagingengine.com so people can "include" that in case we change in the future. It should be an easy change, so I'll bump him again to do that.
Rob |
2 Mar 2007, 02:38 AM | #10 |
Essential Contributor
Join Date: Mar 2003
Location: Boston, MA
Posts: 271
|
|
2 Mar 2007, 01:42 PM | #11 |
Intergalactic Postmaster
Join Date: Oct 2001
Location: Melbourne, Australia
Posts: 6,102
Representative of:
Fastmail.FM |
Ok, i nagged Bron enough and it's done now.
$ dig +short txt spf.messagingengine.com "v=spf1 ip4:66.111.4.0/24 -all" $ dig +short a spf.messagingengine.com 66.11.4.27 66.11.4.25 66.11.4.28 66.11.4.29 66.11.4.26 So you can use it one of two ways. 1. Add an include SPF record for your domain from spf.messagingengine.com "v=spf1 include:spf.messagingengine.com -all" 2. Add an a SPF record for your domain to spf.messagingengine.com "v=spf1 a:spf.messagingengine.com -all" I haven't actually tested these yet, and they're obviously not being applied to any of our domains directly, these are for users to add to their domains if they control the DNS for their own domains. At some stage, we may add an "SPF?" column to the Virtual Domains screen, or more likely a DNS management screen for domains that would add this as an option. Rob |
3 Mar 2007, 04:52 PM | #12 |
Essential Contributor
Join Date: Mar 2003
Location: Boston, MA
Posts: 271
|
2 comments...
1) What about ip 66.139.75.100? 2) You've added a "-all" in the TXT record. That's a bit strict, but more to the point, an include record shouldn't add any type of "all" suffix, that's up to the domain owner who will be using the include record. I know I can't use the record since I don't exclusively use FM's smtp servers. So maybe something like this instead? "v=spf1 ip4:66.111.4.0/24 ip4:66.139.75.100" That way my domain can have a txt record like: "v=spf1 include:spf.messagingengine.com include:customer-spf.mxes.net include:gmail.com ~all" ...including Fastmail, Tuffmail, & Gmail and still keeping it slightly open in case one of my family members decides to use the ISP smtp server. |
5 Mar 2007, 06:49 AM | #13 | |
Intergalactic Postmaster
Join Date: Oct 2001
Location: Melbourne, Australia
Posts: 6,102
Representative of:
Fastmail.FM |
Re: 1) What about ip 66.139.75.100?
I'll add it in shortly. Re: 2) You've added a "-all" in the TXT record. That's a bit strict, but more to the point, an include record shouldn't add any type of "all" suffix, that's up to the domain owner who will be using the include record. I know I can't use the record since I don't exclusively use FM's smtp servers. This is fine. From the docs... http://www.openspf.org/SPF_Record_Syntax#include Quote:
|
|
5 Mar 2007, 08:36 AM | #14 | |
Essential Contributor
Join Date: Mar 2003
Location: Boston, MA
Posts: 271
|
Quote:
Also, I did a quick TXT lookup on spf.messagingengine.com, it looks like the record has some invalid characters. Copy paste from DNS Stuff: Code:
Searching for spf.messagingengine.com TXT record at ns1.messagingengine.com. [66.111.4.2]: Reports "v=spf1 ip4:66.111.4.0/24 ip4:" "6.139.75.100 -allÀ" [took 7 ms] Response: Invalid DNS packet: DNS packet out-of-bounds |
|
6 Mar 2007, 07:59 AM | #15 |
Intergalactic Postmaster
Join Date: Oct 2001
Location: Melbourne, Australia
Posts: 6,102
Representative of:
Fastmail.FM |
My fault, I buggered up the record. Should be fixed now.
$ dig +short @ns1.messagingengine.com spf.messagingengine.com txt "v=spf1 ip4:66.111.4.0/24 ip4:66.139.75.100 -all" Rob |