On 1/30/2014 8:59 AM, J Franz wrote:
Our parent corp email admin sent us this note, and we are wondering
what it means for our Power i servers that spit out many emails from
apps using a vendor tool (rjs smtp). Have read the wiki on SPF but
not sure what if anything we need to do. All our DNS is handled by
the Parent Corp group.
I have your request to add an SPF record for xyz.com Before I make
any changes here its important to note that once SPF has been added
to your domain, any smtp servers that send mail on behalf of xyz will
start to fail for any servers that require SPF record.
Implementing SPF (Sender Permitted From or Sender Policy Framework) means that you are publishing, in your domains DNS records, a list of the mail servers that are allowed to send mail on behalf of your domain.
It's entirely mail server independent.
midrange.com primarily sends mail from a single server ... it's IP is 220.127.116.11.
I have a TXT record in the DNS that indicates that the mail only comes from that IP. Any other address should be considered suspect.
If mail from your domain is sent from any machines other than your IBM i, you need to list the IP's for those machines also. You can also indicate that another domain's SPF records can be included by reference.
If you look at the TXT record in midrange.com's DNS, you'll see:
v=spf1 ip4:18.104.22.168 include:convio.net ~all
The first part (v=spf1) is just an indication of the version of SPF I've implemented.
The 2nd part (ipv4:) indicates that mail from my midrange.com comes from IP 22.214.171.124.
The 3rd part (include:) indicates that mail could also be sent from covino.net and that that domain's SPF records should also be considered (that's for my Tour de Cure fundraising stuff, see my sig).
The last part (~all) indicates that mail sent from any other domain shouldn't be considered too harshly.
Check out http://www.spfwizard.net/
for a good way to build SPF records for your DNS.