dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
862
share rss forum feed


DC DSL
There's a reason I'm Command.
Premium
join:2000-07-30
Washington, DC
kudos:2

SPF Confusion

Dumb question about SPF records. We have a site for broadcasting incident alerts to subscribers. Call it "www.thedomain.com." The mail server that does the broadcasting is called "mail.thedomain.com." Adding to the mix, the customer requires that the message be addressed from "someaddy@corporateparent.org" which is a completely different domain. We're confused about how to publish the SPF records so that "thedomain" and "mail.thedomain" are both recognized. Publishing it for "thedomain" shows up when you query the domain; however, when mail is sent, the headers come up as "not allowed or denied." The SPF record looks like this:

v=spf1 ip4:xx.xx.xx.xx mx:mail.thedomain.com ~all

What do we need to add to this one, plus the one for corporateparent.org?
--
"Dance like the photo isn't being tagged; love like you've never been unfriended; and tweet like nobody is following."

H_T_R_N
Premium
join:2011-12-06
Valencia, PA
kudos:1
Reviews:
·voip.ms
You only need the SPF to state that email from corporateparent.org is permitted to be sent from mail.thedomain.com so

v=spf1 a include:mail.thedomain.com -all

added to the DNS of corporateparent.org

When an SPF record is checked it will look to the DNS of the purported senders domain, not the domain it came from, in this case corporateparent.org. There it will find that mail from corporateparent.org is allowed to be sent from mail.thedomain.com I like the - and not a ~ unless you don't know all the servers that might send email from that domain.


kontos
xyzzy

join:2001-10-04
West Henrietta, NY
reply to DC DSL
SPF records are around to provide a list of address from which it expected mail for the parent domain will be originated.

So if the sender domain is going to be corporateparent.org, the SPF records in that domain's DNS need to list the servers that will be sending mail on their behalf.

If effect they need to list all of there 'normal' mail servers, plus the ones that will be used by third-party services (such as your emergency alert system).