Vance wrote:
Hmm, looks like while we were splitting hairs, Keith has taken care of business. 
Isn't that what we do best?
| Linode Forum https://forum.linode.com/ |
|
| SPF records https://forum.linode.com/viewtopic.php?f=11&t=4790 |
Page 1 of 1 |
| Author: | Keith-BlindUser [ Mon Nov 02, 2009 2:54 pm ] |
| Post subject: | SPF records |
Hi all users of Linode. I have an email system now running on my Linode. The domain for witch I am attempting to configure SPF for is keithnet.us (an Internet domain wich I registered back in May of 2009 for use with Linode.com's services. Currently-due to money constraints I do not have a secondary Linode for me to worant running DNS. The problem I'm having is that although I've added txt records for my domain into Linode's DNS manager (and even) have done so using the SPF wizard, I cannot, get SPF working at all no matter what I try to do! Sure. I could let Google handel all my mail. But that would take the fun out of learning! Is there any way to get SPF working, and could Linode.com add support to the DNS manager system for SPF records? Or, is there a way to do this effectively via TXT records, wich Linode's DNS servers support? I am a blind computer user, and am no programmer; I cannot add new functionality to the Linode API, even if I wished to. I can work with pre-existing technologey, like HTML and such if I know it. Thanks for your help. Just to demonstrate that SPF is not working, I am going to paste a header from GMail's mail server, when I sent an email from one of my mail systems to it. This header should demonstrate, amungst other things, that the system wich sent the email to GMail, (my Linode) doesn't have working SPF. What I hope to do is change it so that SPF does work. Thanks! The header is displayed below. Delivered-To: keithint1234@gmail.com Received: by 10.224.60.69 with SMTP id o5cs268603qah; Mon, 2 Nov 2009 09:50:05 -0800 (PST) Received: by 10.231.4.149 with SMTP id 21mr590538ibr.26.1257184204973; Mon, 02 Nov 2009 09:50:04 -0800 (PST) Return-Path: <admin@keithnet.us> Received: from keithnet.us (keithnet.us [69.164.193.236]) by mx.google.com with ESMTP id 2si19050227iwn.73.2009.11.02.09.50.04; Mon, 02 Nov 2009 09:50:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of admin@keithnet.us designates 69.164.193.236 as permitted sender) client-ip=69.164.193.236; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of admin@keithnet.us designates 69.164.193.236 as permitted sender) smtp.mail=admin@keithnet.us Return-Path: admin@KeithNet.US To: <Keithint1234@GMail.com> Date: Mon, 02 Nov 2009 12:49:43 -0500 Subject: RE: An issue with the KeithNet server system! Envelope-To: Keithint1234@GMail.com References: <4af646bf0910301342v51ef6a08tda0f16aed971b9cc@mail.gmail.com> <41BEC532FBF44B78B1F12576A01153BA@coloradob16c10> <4af646bf0911020947y4ff63fe4j72360ac9f4100aa1@mail.gmail.com> Message-ID: <3B846F1110A942D48ED51CA4A5342A4E@coloradob16c10> From: "admin" <admin@KeithNet.US> Organization: KeithNet Received: from coloradob16c10 (c-75-70-191-0.hsd1.co.comcast.net [75.70.191.0]) by keithnet.us; Mon, 02 Nov 2009 12:49:49 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: Acpb5JTDOnigC3a+TiyzwWQrEY+SgwAADa0g X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579 Notice how it says "Best Guess record"? Thanks. |
|
| Author: | Guspaz [ Mon Nov 02, 2009 4:54 pm ] |
| Post subject: | |
It looks like your domain doesn't have SPF set up at all; you have no SPF or TXT records on any of your domains. You also have three MX records with equal weight all pointed to the same IP for some reason. |
|
| Author: | db3l [ Mon Nov 02, 2009 5:42 pm ] |
| Post subject: | Re: SPF records |
Keith-BlindUser wrote: Is there any way to get SPF working, and could Linode.com add support to the DNS manager system for SPF records? Or, is there a way to do this effectively via TXT records, wich Linode's DNS servers support?
Just to address this one point - an SPF entry in DNS is a TXT record. There is also a separate SPF DNS record type, but as a later addition to DNS it is still not necessarily supported everywhere - if both are present the two entries must match. In the TXT case, what makes a particular TXT record in DNS serve as an SPF entry is having the "v=spf1" string in the TXT record. So the current Linode Manager DNS support for TXT should be fine. And at the moment, as Guspaz pointed out, you don't seem to have any TXT records at all (SPF or otherwise) associated with your domain. -- David (Edit: Corrected erroneous comments related to the SPF record type) |
|
| Author: | BarkerJr [ Mon Nov 02, 2009 6:19 pm ] |
| Post subject: | |
That is incorrect. Placing SPF in TXT records is deprecated. Bind supports SPF records as of almost three years ago (Feb 2007), though many distros still have ancient versions of Bind. http://www.gossamer-threads.com/lists/s ... ment/30942 In practice, if your DNS server supports SPF records, you should include your SPF data in both TXT and SPF for backwards compatibility. |
|
| Author: | db3l [ Mon Nov 02, 2009 6:34 pm ] |
| Post subject: | |
BarkerJr wrote: That is incorrect. Placing SPF in TXT records is deprecated. Bind supports SPF records as of almost three years ago (Feb 2007), though many distros still have ancient versions of Bind.
Whoops, I stand corrected. Thanks. Supporting the SPF type seems to have a very poor uptake (if at all) though, even after all this time. openspf.org barely seems to mention them (found one reference on a page last touched in 2007), and a quick check of some larger players (google.com, hotmail.com, aol.com) all only seem to just have the TXT version. Looks like a transition that may never take place. So it would seem that doing it via TXT is still more than sufficient, in practice. -- David |
|
| Author: | Vance [ Wed Nov 04, 2009 12:01 am ] |
| Post subject: | |
db3l wrote: So it would seem that doing it via TXT is still more than sufficient, in practice.
I agree. The SPF resource record type is still considered experimental, (see section 3.1.1) although it's being supported by more name servers now. |
|
| Author: | db3l [ Wed Nov 04, 2009 12:54 am ] |
| Post subject: | |
Vance wrote: I agree. The SPF resource record type is still considered experimental, (see section 3.1.1) although it's being supported by more name servers now.
Although, to be fair, I think the same experimental status holds for the TXT record, described in the same RFC, not to mention the entire series of RFCs for the whole SPF/Sender-ID framework. -- David |
|
| Author: | BarkerJr [ Wed Nov 04, 2009 8:53 am ] |
| Post subject: | |
Agents are supposed to check SPF first, then TXT if that fails. So, you should do both, to save time for servers that do understand SPF. |
|
| Author: | Vance [ Wed Nov 04, 2009 1:35 pm ] |
| Post subject: | |
Ugh, replied too briefly. What I meant was that I can't fault the Linode DNS manager for not supporting SPF resource record types, as they are still experimental. The generic TXT resource record is standard, although using it for storing SPF info is experimental. So if you're using Linode's DNS and want to publish an SPF string, use TXT and be done with it. Otherwise, use both TXT and SPF if they are available to you. (Hmm, looks like while we were splitting hairs, Keith has taken care of business. :) Code: ;; QUESTION SECTION: |
|
| Author: | mwalling [ Wed Nov 04, 2009 6:46 pm ] |
| Post subject: | |
Vance wrote: Hmm, looks like while we were splitting hairs, Keith has taken care of business.
Isn't that what we do best? |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|