Hi Kevin, This doesn't have anything to do with incoming mail servers, only outgoing. Also, there should be just one SPF record per domain.
So assuming you send mail for myriadnetwork.com as well, and either domain can send outbound mail through any of the servers listed in the MX records for both domains, then you would want exactly two SPF DNS TXT records: SPF record for rogersbenefit.com rogersbenefit.com. IN TXT "v=spf1 mx:rogersbenefit.com mx:myriadnetwork.com ~all" SPF record for myriadnetwork.com myriadnetwork.com. IN TXT "v=spf1 mx:rogersbenefit.com mx:myriadnetwork.com ~all" Note that if your outbound mail servers are different from your MX records, then the above records are incorrect. You can restrict this further if you have only one server that sends outbound mail, as you mentioned, but this gives you the flexibility to use any of the servers listed as the MX for outbound mail for the two domains. Note that the SPF records are specified as soft fail. If you are certain that no other server will send mail for those domains, then you can change soft fail (~all) to hard fail (-all). Hope this helps, Darin. ----- Original Message ----- From: "Kevin Rogers" <[EMAIL PROTECTED]> To: <declude.junkmail@declude.com> Sent: Thursday, April 03, 2008 8:51 PM Subject: Re: [Declude.JunkMail] Forged-Spam Backscatter I'm looking for a little help creating SPF records. I'm trying to use the tools at openspf.org. We only have one server that sends out mail for our domain. We have a secondary server that accepts email sent to our domain if our primary server is down (myriadnetwork.com). After going through the creation tool, it generated: To be put in our zone file: rogersbenefit.com. IN TXT "v=spf1 a mx mx:rogersbenefit.com ~all" To be put in our DNS records: mail.rogersbenefit.com. IN TXT "v=spf1 a -all" mx2.myriadnetwork.com. IN TXT "v=spf1 a -all" We host our DNS records at Network Solutions. If anyone else uses NetSol for the DNS records, how do we go about adding these lines to our DNS records? And also, is it recommended to use the "all" modifier or not? Kevin Jim Comerford wrote: > > ... but I noticed the domains that we were seeing this with did not > have any SPF records in place. So when I saw this sudden increase > come through, I added a strict SPF policy for that domain. The > backscatter for that domain all but stopped. ... > > > > Good thing to check... the latest domain to get hit did NOT have an > SPF record (and this seems to have been the worst so far)... BUT MOST > of the ones that did get hit - did have an SPF record and we still get > backscatter. > > > > We typically add SPF on all domains.. but in reviewing we had missed a > couple of them. > > > > Hopefully the Filter that David is referring to will help. > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
