SPF records in DNS Manager

I've used the setup wizard located at the openspf site http://old.openspf.org/wizard.html

It gave me the following: "v=spf1 a mx ~all"
How do I put it in the DNS Manager? There are 2 fields, "name" and "value" in the TXT record screen. What should I write in those fields?

And, I intend to make only my linode's IP to be a permitted sender and reject all other IP's. Is the syntax above correct for this?

Thanks!

5 Replies

I don't know the answer to your particular question, but in July of '05, IANA designated record type 99 to SPF. So you should put SPF data in that field (as well as in TXT, for theoretically temporary backwards compatibility).

Also, SPF may not be all it's cracked up to be. You may want to read and consider:

http://www.advogato.org/article/816.html

The SPF string goes in the 'value' field. If you want it to apply to 'example.com', just leave the 'name' field blank. For 'foo.example.com', put 'foo' in the name field. And so on.

As mentioned in the comments to the article Xan posted, you probably don't want to use '-all' at the end unless you are absolutely sure mail from you never gets forwarded by another machine (mailing lists, etc.). Use '?all' instead. You could also consider adding 'ip4:111.111.111.111' (with your Linode's IP address substituted) after the 'v=spf1' - this saves the receiving mail server from having to do an additional DNS lookup.

All together, it would look like 'v=spf1 ip4:111.111.111.111 a mx ?all'.

(Oops, squinting harder, I see you had '~all', not '-all'. I'd still suggest sticking with '?all'.)

@dcelasun:

"v=spf1 a mx ~all"

The 'a' entry is what gives you the result you want (the host that example.com resolves to is allowed to send mail). The 'mx' also allows any host with an MX record for your domain to send mail. The '~all' soft fails all other hosts.

Put the SPF record in the value field.

Thanks guys! One final thing I understand the difference between "-all" and "~all", but what's the difference between "~all" and "?all"?

The '?' modifier specifies explicitly that nothing can be said about the validity of the host(s).

The '~' modifier specifies that the host(s) is/are not authorised but is/are not forbidden (supposedly a transitional state). Most systems accept the mail but mark it as suspect.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct