SPF records
I have an email system now running on my Linode.
The domain for witch I am attempting to configure SPF for is keithnet.us (an Internet domain wich I registered back in May of 2009 for use with Linode.com's services.
Currently-due to money constraints I do not have a secondary Linode for me to worant running DNS.
The problem I'm having is that although I've added txt records for my domain into Linode's DNS manager (and even) have done so using the SPF wizard, I cannot, get SPF working at all no matter what I try to do!
Sure. I could let Google handel all my mail. But that would take the fun out of learning!
Is there any way to get SPF working, and could Linode.com add support to the DNS manager system for SPF records?
Or, is there a way to do this effectively via TXT records, wich Linode's DNS servers support?
I am a blind computer user, and am no programmer; I cannot add new functionality to the Linode API, even if I wished to. I can work with pre-existing technologey, like HTML and such if I know it.
Thanks for your help.
Just to demonstrate that SPF is not working, I am going to paste a header from GMail's mail server, when I sent an email from one of my mail systems to it.
This header should demonstrate, amungst other things, that the system wich sent the email to GMail, (my Linode) doesn't have working SPF.
What I hope to do is change it so that SPF does work.
Thanks!
The header is displayed below.
Delivered-To:
Received: by 10.224.60.69 with SMTP id o5cs268603qah;
Mon, 2 Nov 2009 09:50:05 -0800 (PST)
Received: by 10.231.4.149 with SMTP id 21mr590538ibr.26.1257184204973;
Mon, 02 Nov 2009 09:50:04 -0800 (PST)
Return-Path: <
Received: from keithnet.us (keithnet.us [69.164.193.236])
by mx.google.com with ESMTP id 2si19050227iwn.73.2009.11.02.09.50.04;
Mon, 02 Nov 2009 09:50:04 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of
smtp.mail=
Return-Path:
To: <
Date: Mon, 02 Nov 2009 12:49:43 -0500
Subject: RE: An issue with the KeithNet server system!
Envelope-To:
References: <
Message-ID: <3B846F1110A942D48ED51CA4A5342A4E@coloradob16c10>
From: "admin" <
Organization: KeithNet
Received: from coloradob16c10 (c-75-70-191-0.hsd1.co.comcast.net [75.70.191.0])
by keithnet.us; Mon, 02 Nov 2009 12:49:49 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Acpb5JTDOnigC3a+TiyzwWQrEY+SgwAADa0g
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
Notice how it says "Best Guess record"?
Thanks.
9 Replies
You also have three MX records with equal weight all pointed to the same IP for some reason.
@Keith-BlindUser:
Is there any way to get SPF working, and could Linode.com add support to the DNS manager system for SPF records? Or, is there a way to do this effectively via TXT records, wich Linode's DNS servers support?
Just to address this one point - an SPF entry in DNS is a TXT record. There is also a separate SPF DNS record type, but as a later addition to DNS it is still not necessarily supported everywhere - if both are present the two entries must match. In the TXT case, what makes a particular TXT record in DNS serve as an SPF entry is having the "v=spf1" string in the TXT record. So the current Linode Manager DNS support for TXT should be fine.
And at the moment, as Guspaz pointed out, you don't seem to have any TXT records at all (SPF or otherwise) associated with your domain.
– David
(Edit: Corrected erroneous comments related to the SPF record type)
In practice, if your DNS server supports SPF records, you should include your SPF data in both TXT and SPF for backwards compatibility.
@BarkerJr:
That is incorrect. Placing SPF in TXT records is deprecated. Bind supports SPF records as of almost three years ago (Feb 2007), though many distros still have ancient versions of Bind.
Whoops, I stand corrected. Thanks.
Supporting the SPF type seems to have a very poor uptake (if at all) though, even after all this time. openspf.org barely seems to mention them (found one reference on a page last touched in 2007), and a quick check of some larger players (google.com, hotmail.com, aol.com) all only seem to just have the TXT version. Looks like a transition that may never take place.
So it would seem that doing it via TXT is still more than sufficient, in practice.
– David
@db3l:
So it would seem that doing it via TXT is still more than sufficient, in practice.
I agree. The SPF resource record type is still considered, (see section 3.1.1) although it's being supported by more name servers now. experimental
@Vance:
I agree. The SPF resource record type is still considered
, (see section 3.1.1) although it's being supported by more name servers now. experimental
Although, to be fair, I think the same experimental status holds for the TXT record, described in the same RFC, not to mention the entire series of RFCs for the whole SPF/Sender-ID framework.
– David
standard
So if you're using Linode's DNS and want to publish an SPF string, use TXT and be done with it. Otherwise, use both TXT and SPF if they are available to you.
(Hmm, looks like while we were splitting hairs, Keith has taken care of business. :)
;; QUESTION SECTION:
;keithnet.us. IN TXT
;; ANSWER SECTION:
keithnet.us. 14387 IN TXT "v=spf1 a mx ~all"
@Vance:
Hmm, looks like while we were splitting hairs, Keith has taken care of business.
:)
Isn't that what we do best?