I have tried to set up SPF for my domain hosted at discountasp, but I can't seem to find the right settings. Has anyone successfully set up SPF for their domain?
I set up a TXT record (for SPF) in my DNS manager for my domain:
v=spf1 a mx ~all
This is based on information at http://www.openspf.org/ and http://old.openspf.org/wizard.html.
Later, I also tried:
v=spf1 a mx mx:internetmailserver.net ~all
and
v=spf1 a mx a:internetmailserver.net mx:internetmailserver.net ~all
In each case, I waited some time (an hour or more) to allow the DNS change to propagate.

However, this setup (any of the variations above) seems to generate "softfail" errors with any system that checks the SPF record.

(1) Using the openspf test page at http://www.openspf.org/Why and entering my domain and the IP address for my domain's SMTP name returns the following error:
An SPF-enabled mail server rejected a message that claimed an envelope sender address of [my domain].
An SPF-enabled mail server received a message from sm01.internetmailserver.net (64.79.170.131) that claimed an envelope sender address of [my domain].
The domain [my domain] has authorized sm01.internetmailserver.net (64.79.170.131) to send mail on its behalf, so the message should have been accepted. It is impossible for us to say why it was rejected.

(2) Sending an email to "check-auth@verifier.port25.com" (as mentioned at http://www.openspf.org/Tools) returns the following error:
HELO hostname: smg02.internetmailserver.net
Source IP: 216.32.60.11
mail-from: [my email address]
----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: softfail (SPF-Result: SoftFail)
ID(s) verified: smtp.mail=[my email address]
DNS record(s):
[my domain]. 3600 IN TXT "v=spf1 a mx ~all"
[my domain]. 3600 IN A [my IP address]
[my domain]. 3600 IN MX 10 sm01.internetmailserver.net.
sm01.internetmailserver.net. 3600 IN A 64.79.170.131

PhillipD,

I think the record you are looking for is this:

v=spf1 ip4:64.79.170.131,64.79.170.132 include:internetmailserver.net ~all

Paste that in your DNS tesxt in the DASP control panel. This should work.
If you continue to have any problems with this, please email support.
Thanks.

Javier
Systems Administrator

Thanks for the suggestion. I tried this, got some errors, and tried some other variations, and I think I may have arrived at a solution.

I entered the SPF string in the previous reply that included:
include:internetmailserver.net
Testing this SPF recordreturned this error:
No valid SPF record for included domain: internetmailserver.net: include:internetmailserver.net

When I included the IP4 addresses as shown:
ip4:64.79.170.131,64.79.170.132
I got this error:
Invalid IP4 address: ip4:64.79.170.131,64.79.170.132

I found that the valid syntax for multiple IP4 addresses is:
ip4:64.79.170.131 ip4:64.79.170.132

However, when I entered this format, I still got the "SPF:softfail" error - apparently because the email is actually sent from smg01.internetmailserver.net (216.32.60.10) or smg02.internetmailserver.net (216.32.60.11), not from sm01. or sm02.internetmailserver.net.

When I added the IP addresses for the smg01/smg02 servers, then the SPF test started working (that is, returning a "pass" result instead of "softfail").

The final version of the SPF record that I ended up with is:
v=spf1 ip4:216.32.60.10 ip4:216.32.60.11 ip4:64.79.170.131 ip4:64.79.170.132 a mx ~all

Note, the IP addresses here are for these systems:
smg01.internetmailserver.net
smg02.internetmailserver.net
sm01.internetmailserver.net
sm02.internetmailserver.net

I think the second 2 IP addresses in this SPF record are unnecessary, because they are implied by including the "mx" option (which for my domain is "sm01.internetmailserver.net"). Also, it appears that the sm01/sm02 servers are used for receiving email, and the smg01/smg02 servers are used for sending emails, so the sm01/sm02 servers are not needed in the SPF record at all.I haven't testedmy SPF recordwithout these second 2 IP addresses, and I will probably leave them in.

Would anyone from discountasp.net like to provide any additional explanation, or comment on whether my empirical results are correct?

It would be nice if Discountasp would chime in on this. I had set up a SPF record as follows:
v=spf1 a mx ip4:71.33.9.238 ip4:64.79.170.116 ip4:64.79.170.114 ip4:64.79.170.115 -all

While I've had it in place for a couple of months I had a email bounce back today with:
Reason: Remote host said: 550 See http://spf.pobox.com/why.html?sender=gilnelson%40nssdd.com&ip=64.79.170.151&receiver=mailrly06.isp.novis.pt (#5.7.1)

According to the web site above it says my TXT record should be:
v=spf1 a mx ip4:71.33.9.238 ip4:64.79.170.116 ip4:64.79.170.114 ip4:64.79.170.115 a:smg01.internetmailserver.net -all

In this thread I see different ways of entering it. Can discountASP please provide the TXT record necessary? I have also been told my email ends up in the SPAM folder. Perhaps it is due to the same reason that this TXT is not correct.

If I cannot resolve it I may have to remove the SPF record which leads me to the next question. I tried to clear the text but it would not save. What default info is needed to clear this SPF record.

Thanks,

Gil

Ignore the second question. Once I got out and back in I found the delete. I have deleted it for the time being. I was in the SPF Wizard program. I see your knowledge base you do not provide the SPF information. Can you provide the details of what can be entered in the wizard. For instance I use my smpt server with Discountasp to send email. When the wizard started it had my qwest.net since I'm on qwest. Since I'm using my smtp server with discountasp I would enter web site correct? Also it creates text for for this but also for BIND and tinydns (djbdns). Which text should I use?

Thanks for any help it would be appreciated.

Gil

PhillipD,

You're right, only 216.32.60.10 & 216.32.60.11 are needed. Those are our gateway servers (SMTP)
Initially I read your first post and saw the error in the SPF syntax, I didn't realize it was pointing to our POP/IMAP servers.
You don't need the other 2 IP addresses, so if you wish to take them out you can.

Javier O.

Sometime after I initially set this up, it seems that the IP addresses for the smg01/smg02 mail servers changed, and I needed to update the SPF record that I had entered. The new IP addresses are now 64.79.170.150 and 64.79.170.151.

Yes. The are many outbound IPs on the server and it can change.

I recommend adding

216.32.60.0/24
64.209.134.0/24

64.209.135.0/24
64.79.170.0/24

It's a lot of IPs but this will ensure your SPF will continue to work even when we switch IP.

Ok.

My domain is richardgeary.com. It appears my mx record is sm10.internetmailserver.net

Can someone please clarify what my spf record needs to look like, or at least which options I need to check in the wizard?



(Note, I also need to be able to send email from my website, I have a contact form that when the user submits it on the page it creates an email and sends it to me. If I use localhost as the SMTP server or smtp.richardgeary.com, do I need to worry about this at all for the spf record?)


Post Edited (rgeary) : 4/29/2008 3:27:16 PM GMT

Also, curious if anyone else sends domain email from a blackberry phone, and what is needed in the SPF to ensure that is allowed.

I would add


64.79.170.0/24
64.209.135.0/24


As for blackberry, you'll need to check w/ them for the list of outbound IP for SMTP servers.

You'll have to specify the IPs. I don't have the complete list handy but you can create a support ticket.

Hi chaps

Just reading the thread, have you got an example of the final version of the SPF record?

I've got some ASP code that sends email from discountasp, but I also use Google mail.

According to google mail faq:
http://www.google.com/support/a/bin/answer.py?answer=33786&topic=9196

I need to use:
v=spf1 include:aspmx.googlemail.com ~all

But just wanted to know what to include for discountasp?

Cheers

Russ

Thanks for the reply Bruce - I did create a support ticket - the staff are normally extremely helpful, but couldn't help on this occasion:

discountasp said...
Dear Russ,

It is beyond the scope of our service to provide guidelines in inputting and creating spf records for our customers. This issue can be complicated depending on the depth of records you are trying to create the spf for. For issues such as these it is best to consult with a certified network/email administrator.

Please also refer to this kb article for policy in publishing SPF records. http://kb.discountasp.net/article.aspx?id=10386

Thank you

can you PM the ticket number to me? I'll forward it to our support mgr.

actually there's a KB article regarding this.

http://kb.discountasp.net/article.aspx?id=10522

Fantastic!! and it was updated last week.

Thank you for your help

Cheers

Russ

our kB has so many articles.. i didn't even remember we have this article.

actually there's a KB article regarding this.

http://kb.discountasp.net/article.aspx?id=10522Bruce or anyone else,
Can you provide a new URL which this pertains too? It goes to a general area now.

The URL that the support gave me was this: http://support.discountasp.net/KB/a300/does-discountaspnet-support-publishing-spf-sender-policy.aspx But this doesnt help me much.

I went to the SPF wizard but I am at lost on what to fill in.

My webmail.gvnwlnp.com, smtp.gvnwlnp.com, pop3.gvnwlnp.com point to 64.79.170.142 and my MX Record Manager says sm12.internetmailserver.net , which I think is the same IP address that I stated.

I only use discountasp email server to send my mails from my domain gvnwlnp.com.

My rough go at it looks like this:
v=spf1 ip4:64.79.170.142 mx:64.79.170.142 ~all"

Thoughts?

http://support.discountasp.net/KB/a300/does-discountaspnet-support-publishing-spf-sender-policy.aspx