Doesn't SPF fail under a few circumstances? 1. When forwarding mail, such as with imail aliases. The from address would be from some other domain.tld (not local), passing through your mail server, delivered to a third party domain.tld (such as AOL). Since your server is not listed in SPF for the other domain.tld (not local), it will fail SPF.
2. Roaming or remote users who must use their ISP's mail server to send mail because their ISP blocks port 25 (like Earthlink or Cox). If we have a local domain with a remote user on Earthlink who sends mail from [EMAIL PROTECTED] but sends it through the Earthlink mail servers, delivered to a third party domain.tld (such as AOL) it will fail SPF since the Earthlink mail server is not listed in our local SPF record. It seems to me that wide adoption of SPF will require one of the following. 1. the elimination of port 25 blocking. 2. Resetting all of those mail clients that are currently sending through their local ISP (because of port 25 blocking) to send through an alternate port. ----- Original Message ----- From: "Travis Rabe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 24, 2004 11:33 AM Subject: RE: [IMail Forum] OT: SPF > Excellent - that makes total sense. I will configure davdgrp.com > correctly...then simple add the easy one liner to the other domains. > > Thanks A Bunch! > > Travis > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Dave Heritage > Sent: Thursday, June 24, 2004 8:26 AM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] OT: SPF > > > ditd.org. IN TXT "v=spf1 ip4:207.228.46.66 ip4:207.228.46.92 > a:mail.davdgrp.com a:navsmtp.davdgrp.com mx:mail.davdgrp.com > mx:navsmtp.davdgrp.com include:davdgrp.com -all" > > **This is a little complicate because..... > > 1. my sending mail server is not an MX for this domain 2. either > 207.228.46.66, mail.davdgrp.com OR 207.228.46.92, navmstp.davdgrp.com > are not in the ditd.org namespace. > 3. hmmm....since 207.228.46.66 is not an MX for ditd.org should I > remove that above? I send mail, but is not an MX. > 4. Should I remove the include:davdgrp.com line to tighten it up a bit? > Or do I need it since servers from davdgrp.com send mail for ditd.org? > > >> the include portion would assume that that davdgrp.com is set up like > you want (and it handles the ditd.org email as well. For instance, lets > say that the mx and outbound for davdgrp.com is mail.davdgrp.com then > the spf for davdgrp.com would be (at its most basic) > > "v=spf1 mx -all" and you are done. Now, for ditd.org, if the only > servers that would ever send for it are the mx's for davdgrp.com, then > "v=spf1 include:davdgrp.com -all" would make you be done. > > That said, more info is usually better info, so directly listing Ips is > a great idea, as long as you remember to change it if you mx info > changes, etc. > > >> > > > Dave > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
