2

I need to be able to configure SPF rule for my domain. Problem is that I can normally receive all the emails. But when I send to some recipients they receive it as spam. In the mail failure delivery I always see SPF as neutral.

How can I change this settings? I found a Microsoft tool program and I get something like this: v=spf1 a mx mx:mail.code2future.com +all Where do I insert this? I have cPanel Pro 1.0 (RC1)

Thank you

EDIT:

This is the picture:

user123_456
  • 123
  • 5

1 Answers1

7

First, that SPF line is completely useless. The +all on the end means anyone can send e-mail on behalf of your domain, and it should be considered authentic. Further, that SPF record looks wrong in all sorts of ways, though I can't be sure without knowing more about your environment.

Some servers will even hold this against you. On the servers I run, if your SPF doesn't end in "-all" then you get marked as spam because you're too lazy or ignorant to setup a SPF record correctly. Sorry for the terse language, but 2 points for honesty...

So, once you've got a reasonable SPF record, you need to create a new DNS record of the type TXT, with the contents of that SPF record. The "address" of the DNS record should be blank, default, or "@", depending on how you're system works.

Update:
A couple common configurations just to get you started:

  1. You have 1 mail server. It's configured to receive mail for your domain (including the MX record) v=spf1 mx -all
  2. You have 1 "normal" mail server, and a web server that sends e-mail too (notifications or etc) v=spf1 mx ip:1.2.3.4 -all (where the IP address is that of the web server)
  3. You have completely separate inbound and outbound servers. The outbound have A Records. v=spf1 a -all
  4. You're using a hosted e-mail solutions, such as gmail or something your hosting provides.
    v=spf1 include:get.address.from.your.host.com -all
    v=spf1 include:aspmx.googlemail.com -all (for GMail/Google Apps/etc hosted e-mail only)

The Microsoft Sender ID Framework SPF Wizard is an excellent resource for generating records. You do have to read each option carefully; garbage-in garbage-out.

Chris S
  • 77,945
  • 11
  • 124
  • 216
  • 2
    I would pay serious attention to what Chris said about using `-all`. The standard itself, at http://www.openspf.org/SPF_Record_Syntax, defines `+all` as "The domain owner thinks that SPF is useless and/or doesn't care". – MadHatter Nov 19 '12 at 17:23
  • How can I form such SPF? and where to write that? – user123_456 Nov 20 '12 at 11:33
  • See update. The record still goes in a TXT DNS entry. – Chris S Nov 20 '12 at 13:59
  • I have used this solution `v=spf1 mx ip:1.2.3.4 -all` and now it's working as it should. is this safe solution? – user123_456 Nov 27 '12 at 11:16
  • Yep, that's good. As long as you didn't literally use "1.2.3.4", and replaced it with the address of your server. – Chris S Nov 27 '12 at 14:43
  • hmm funny thing happens when I send email from ipad I get error from mail delivery failure but when I try with outlook everything is good. I'll try your first example without IP – user123_456 Nov 27 '12 at 20:38
  • this is my what I get `Received-SPF: fail (google.com: domain of x.x@x.com does not designate xx.xx.xx.xxx as permitted sender) client-ip=xx.xx.xx.xxx;` what should I do? please help – user123_456 Nov 27 '12 at 20:41
  • First, know that Google will cache your SPF record for a day or so; if you make rapid changes they're likely to not get picked up. I'm getting the feeling that you're not a system administrator... This really isn't that hard to figure out. If the mail server (xx.xx.xx.xxx) has a MX record in your domain (x.com) then use the 1st record example. If it's not an MX, but does have a forward DNS name then use the 3rd example. – Chris S Nov 28 '12 at 00:45
  • Can you please check my picture what I have uploaded and tell me what to do because nothing seems to be working with option 1 and option 2 – user123_456 Nov 29 '12 at 08:50
  • That helps a little. You don't have a MX record, so "mx" will not do anything. Not having any inbound servers you could say that inbound and outbound are completely separate, that's option #3. Also, you may want to look into CNAME records, it would simplify your configuration. – Chris S Nov 29 '12 at 14:03
  • Where can I find CNAME records? So option #3 should work in here? – user123_456 Nov 30 '12 at 07:45