Setting up SPF Record

myuption

myuption

New Member
I was wondering if adding an SPF record is important, if so, is it a unique record?

Do i need to add all the domains an account might use sending email, or it is enough with the IP address of the VPS?

This, because once migrated I have several domains under the same account, and a couple of them run mailing lists.

So far this is what i get

Code: 
v=spf1 a mx ip4:XXX.X.XX.XXX a:mail.firstdomain.com mx:mail.externalservice.net -all

Now, should I try adding also:
a: mail.seconddomain.com

Or the SPF record will work well without it?

Thanks :p
 
Hello Myuption,

I am not clear on what you mean about all the domains an account might use sending email. Email users set up on a domain should only be sending mail from that domain and typically an SPF record is only for that domain as well.

I'd be happy to help once we figure out where we're going :)
 
Hello Dan, sorry for the delay, finally I'm setting up my mailing lists.

What i mean is that i have an account in my VPS that handles several domains, before, I asked my previous webhost to add SPF and they were supposed to do it for each domain. But now in cpanel i see this option to setup SPF myself.

The question is... i must add every domain that sends email in the SPF record for that account?
 
Hi myuption,

Well to answer your original questions:

Is SPF important: not it's not really important. But it does help to keep emails sent from your server out of the Junk Mail folders of the recipients.

Is it a unique record: the text string itself is not unique. Odds are you will be able to use the same string for all of your domains.

It sounds like you are using Addon Domains. I only have one account using an Addon Domain and they do not email from the Addon but here is my best guess.

SPF is done per domain so you would need to add an SPF txt value for each domain that sends email.

Here is a very handy SPF wizard that you can use to come up with your SPF txt string. You should come up with something similar to "v=spf1 a mx ~all" or "v=spf1 a mx -all".

The difference between the two there is the ~ or the -. If the ~ is used then the hosting server (yours) is approved (gets an SPF Pass) but there might be others that send email too (gets an SPF Neutral or Softfail). If the - is used then only the hosting server (yours) is the approved one (gets an SPF Pass).

So in the DNS Zone Editor of WHM you would put:
domainname.com. 14400 IN TXT "v=spf1 a mx ~all"

Of course replacing your domain's name for 'domainname.com". And yes you do need the period after the domain name. Repeat that for each domain that you are adding SPF for.

Hope that helps!
 
OH, that solves my issue, it seems i need it, cause somebody is sending emails using an old webmaster account pretending they come from one of my websites. Thank you Dan!
 
I wish I had found this yesterday! I was looking but for some reason never saw this post. I ended up having support set one up for me and they put in "v=spf1 -all" and this morning seemed like everything i tried to send out came right back as DENIED!

This was very helpful. Thank you Dan!

CJ

Dan said:
You should come up with something similar to "v=spf1 a mx ~all" or "v=spf1 a mx -all".

The difference between the two there is the ~ or the -. If the ~ is used then the hosting server (yours) is approved (gets an SPF Pass) but there might be others that send email too (gets an SPF Neutral or Softfail). If the - is used then only the hosting server (yours) is the approved one (gets an SPF Pass).

So in the DNS Zone Editor of WHM you would put:
domainname.com. 14400 IN TXT "v=spf1 a mx ~all"

Of course replacing your domain's name for 'domainname.com". And yes you do need the period after the domain name. Repeat that for each domain that you are adding SPF for.

Hope that helps!
Click to expand...
 
Calico - could you please PM or post your ticket number so I can find out why this was done? "v=spf1 -all" tells to deny all email for the domain, no matter where it originates from and, I bet, this wasn't something that was desired and as such would like to find out why this was done and by who.

Regards,
Paul
 
Hello Paul - doesn't look like I have permission to post on your personal area as I don't have enough post. As requested for the SPF record: 181566. You might take a look at 181143 too as the same name appears didn't noticed until looking up the ticket number for you just now... my pw has change since those so if you need access I'll have to update it on a ticket.
KH-Paul said:
Calico - could you please PM or post your ticket number so I can find out why this was done? "v=spf1 -all" tells to deny all email for the domain, no matter where it originates from and, I bet, this wasn't something that was desired and as such would like to find out why this was done and by who.

Regards,
Paul
Click to expand...
 
You must log in or register to reply here.
Top