Re: Email notifications and SPF

[Gunnar Hjalmarsson]

Richard Lowe wrote:

My SPF entry in each of my zone files looks like thus:

v=spf1 ip4:10.10.10.10 a mx a:mail.spamcop.net a:smtp.everyone.net
include:smtp.sbcglobal.yahoo.com -all

(10.10.10.10 is my IP address, I've modified it here).

This says for the zone (say ringlink.com) allow sending from
the specified IP and the specified domains. The "include" says
smtp.sbcglobal.yahoo.com is a server farm and the IP might not always
be the same.

I too have now started to experiment with SPF records, and I must say that it's not that easy to understand.

One thing I've noticed is that the include "mechanism" you are using above, Richard, does probably not do what you think. It looks for SPF records in the zone for yahoo.com, and since no such records exist, it fails.

My current (at this very minute) theory is that the following record might do it for my own domain gunnar.cc:

    v=spf1 a ptr:skanova.net -all

The 'a' allows me to send from gunnar.cc's IP, i.e. my virtual server.

The 'ptr:skanova.net' is for allowing me to send via my ISP. An attempt to explain that: When I send via my ISP (which I normally do), the IP address is not always the same, but a reverse DNS lookup always results in a host name that ends with skanova.net. So, an SPF supporting receiving mail server would take the IP address, find that the matching host name ends with skanova.net, and accept the message since it also finds skanova.net in an SPF record in the gunnar.cc zone.

I have a feeling that 'a:skanova.net' would not have worked, since I found this statement at http://spf.pobox.com/mechanisms.html :
"The A records have to match the client IP exactly ..."

Well, ask me tomorrow and I may present a completely different theory. ;-)

Btw, I found this page useful for testing various combinations:
http://www.dnsstuff.com/pages/spf.htm

/ Gunnar