SPF records

Hi all users of Linode.

I have an email system now running on my Linode.

The domain for witch I am attempting to configure SPF for is keithnet.us (an Internet domain wich I registered back in May of 2009 for use with Linode.com's services.

Currently-due to money constraints I do not have a secondary Linode for me to worant running DNS.

The problem I'm having is that although I've added txt records for my domain into Linode's DNS manager (and even) have done so using the SPF wizard, I cannot, get SPF working at all no matter what I try to do!

Sure. I could let Google handel all my mail. But that would take the fun out of learning!

Is there any way to get SPF working, and could Linode.com add support to the DNS manager system for SPF records?

Or, is there a way to do this effectively via TXT records, wich Linode's DNS servers support?

I am a blind computer user, and am no programmer; I cannot add new functionality to the Linode API, even if I wished to. I can work with pre-existing technologey, like HTML and such if I know it.

Thanks for your help.

Just to demonstrate that SPF is not working, I am going to paste a header from GMail's mail server, when I sent an email from one of my mail systems to it.

This header should demonstrate, amungst other things, that the system wich sent the email to GMail, (my Linode) doesn't have working SPF.

What I hope to do is change it so that SPF does work.

Thanks!

The header is displayed below.

Delivered-To: keithint1234@gmail.com

Received: by 10.224.60.69 with SMTP id o5cs268603qah;

Mon, 2 Nov 2009 09:50:05 -0800 (PST)

Received: by 10.231.4.149 with SMTP id 21mr590538ibr.26.1257184204973;

Mon, 02 Nov 2009 09:50:04 -0800 (PST)

Return-Path: <admin@keithnet.us>

Received: from keithnet.us (keithnet.us [69.164.193.236])

by mx.google.com with ESMTP id 2si19050227iwn.73.2009.11.02.09.50.04;

Mon, 02 Nov 2009 09:50:04 -0800 (PST)

Received-SPF: pass (google.com: best guess record for domain of admin@keithnet.us designates 69.164.193.236 as permitted sender) client-ip=69.164.193.236;

Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of admin@keithnet.us designates 69.164.193.236 as permitted sender)

smtp.mail=admin@keithnet.us

Return-Path: admin@KeithNet.US

To: <Keithint1234@GMail.com>

Date: Mon, 02 Nov 2009 12:49:43 -0500

Subject: RE: An issue with the KeithNet server system!

Envelope-To: Keithint1234@GMail.com

References: <4af646bf0910301342v51ef6a08tda0f16aed971b9cc@mail.gmail.com> <41BEC532FBF44B78B1F12576A01153BA@coloradob16c10> <4af646bf0911020947y4ff63fe4j72360ac9f4100aa1@mail.gmail.com>

Message-ID: <3B846F1110A942D48ED51CA4A5342A4E@coloradob16c10>

From: "admin" <admin@KeithNet.US>

Organization: KeithNet

Received: from coloradob16c10 (c-75-70-191-0.hsd1.co.comcast.net [75.70.191.0])

by keithnet.us; Mon, 02 Nov 2009 12:49:49 -0500

MIME-Version: 1.0

Content-Type: text/plain;

charset="us-ascii"

Content-Transfer-Encoding: 7bit

X-Mailer: Microsoft Office Outlook 11

Thread-Index: Acpb5JTDOnigC3a+TiyzwWQrEY+SgwAADa0g

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579

Notice how it says "Best Guess record"?

Thanks.

9 Replies

It looks like your domain doesn't have SPF set up at all; you have no SPF or TXT records on any of your domains.

You also have three MX records with equal weight all pointed to the same IP for some reason.

@Keith-BlindUser:

Is there any way to get SPF working, and could Linode.com add support to the DNS manager system for SPF records? Or, is there a way to do this effectively via TXT records, wich Linode's DNS servers support?
Just to address this one point - an SPF entry in DNS is a TXT record. There is also a separate SPF DNS record type, but as a later addition to DNS it is still not necessarily supported everywhere - if both are present the two entries must match. In the TXT case, what makes a particular TXT record in DNS serve as an SPF entry is having the "v=spf1" string in the TXT record. So the current Linode Manager DNS support for TXT should be fine.

And at the moment, as Guspaz pointed out, you don't seem to have any TXT records at all (SPF or otherwise) associated with your domain.

– David

(Edit: Corrected erroneous comments related to the SPF record type)

That is incorrect. Placing SPF in TXT records is deprecated. Bind supports SPF records as of almost three years ago (Feb 2007), though many distros still have ancient versions of Bind.

http://www.gossamer-threads.com/lists/s … ment/30942">http://www.gossamer-threads.com/lists/spf/deployment/30942

In practice, if your DNS server supports SPF records, you should include your SPF data in both TXT and SPF for backwards compatibility.

@BarkerJr:

That is incorrect. Placing SPF in TXT records is deprecated. Bind supports SPF records as of almost three years ago (Feb 2007), though many distros still have ancient versions of Bind.
Whoops, I stand corrected. Thanks.

Supporting the SPF type seems to have a very poor uptake (if at all) though, even after all this time. openspf.org barely seems to mention them (found one reference on a page last touched in 2007), and a quick check of some larger players (google.com, hotmail.com, aol.com) all only seem to just have the TXT version. Looks like a transition that may never take place.

So it would seem that doing it via TXT is still more than sufficient, in practice.

– David

@db3l:

So it would seem that doing it via TXT is still more than sufficient, in practice.
I agree. The SPF resource record type is still considered experimental, (see section 3.1.1) although it's being supported by more name servers now.

@Vance:

I agree. The SPF resource record type is still considered experimental, (see section 3.1.1) although it's being supported by more name servers now.
Although, to be fair, I think the same experimental status holds for the TXT record, described in the same RFC, not to mention the entire series of RFCs for the whole SPF/Sender-ID framework.

– David

Agents are supposed to check SPF first, then TXT if that fails. So, you should do both, to save time for servers that do understand SPF.

Ugh, replied too briefly. What I meant was that I can't fault the Linode DNS manager for not supporting SPF resource record types, as they are still experimental. The generic TXT resource record is standard, although using it for storing SPF info is experimental.

So if you're using Linode's DNS and want to publish an SPF string, use TXT and be done with it. Otherwise, use both TXT and SPF if they are available to you.

(Hmm, looks like while we were splitting hairs, Keith has taken care of business. :)

;; QUESTION SECTION:
;keithnet.us.            IN  TXT

;; ANSWER SECTION:
keithnet.us.        14387   IN  TXT "v=spf1 a mx ~all"

@Vance:

Hmm, looks like while we were splitting hairs, Keith has taken care of business. :)

Isn't that what we do best?

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct