SPF records and how to set them up

Root > 3. Customisation

 

 

    Follow WiredContact on Twitter
 

Before reading all of this
If you want to send emails from WiredContact through your own mail server please provide us with an SMTP account, it's what most companies do. It is a requirement of the email account you provide that it should be enabled to relay for the specific account only and then only from our IP address or domain only. Once these restrictions are in place it's not a problem.

General SPF Info

In Summary a Mail server checks to see if the incoming Email has originated from a location authorised by the domain owner to handle its email. If the SPF record does not contain the approval for the originating email then the email may be rejected 
 

A good starting point for SPF info and syntax is: http://www.openspf.org

 

Create your own SPF or TXT record here http://www.spfwizard.net/

 

You can check how your emails are handled using many tools online such as http://www.kitterman.com/spf/validate.html 

 

*******************************************

 

Spf.messagelabs.com (the database which this script relies on for approved IPs and domains) is dynamically updated by messagelabs and any changes they make will then propagate to customers systems.

 

Also for your information the spf record of spf.messagelabs.com is “exists:%{ir}.nets.messagelabs.com”, this gets the sender to perform a lookup on {reverse of the ip address}.nets.messagelabs.com if it returns a match it is allowed, if not it fails. (see screenshot below for further information)

 

In addition to the above you will also need to have any interim relaying Exchange servers in there, in case any mail is routed out directly to the internet from your systems, so in total it will be;

 

v=spf1 ip4:217.28.130.38 include:spf.messagelabs.com ~all <<< THIS EXAMPLE TEXT ONLY BUT INDICATES WHAT WILL NEED TO BE ADDED TO A TXT RECORD FOR YOUR DOMAIN

 

This record is set up as a txt record in DNS, to give you an idea what the above parts mean;

 

V=spf1 identifies the record as an SPF record.

IP4: identifies an IPv4 ip address that can send mail from the domain.

Include: tells the server querying the domain to include and spf records set up on another domain (in this case spf.messagelabs.com).

 

~all means they are fairly certain that that is a complete list of all sending servers for that domain.  This can be replaced with –all for reject any messages from anywhere else, or ?all for there may be other legitimate servers.

 

You can query an spf record by going into NSLOOKUP, setting the query type to txt and querying the domain.

On your local machine goto start then RUN then type nslookup

Regional details are also available at
http://www.wiredcontact.co.uk

 

Add Feedback