Hi Rick, SPF records belong in the DNS for the domain of the mail server for the domain it is working for.
For example, I run simple DNS, the procedure is to add a TXT record for the relevant domain such as: v=spf1 ip4:66.98.154.84 mx mx:84.43.72.133 ~all This SPF shows I am running Version 1 of SPF, that my mail goes out through 66.98.154.84 and that mail comes in through 84.43.72.133. The reason for this config is that my ISP can't/won't (read bunch of bozos) set up reverse dns for me. So I found an outbound SMTP service that was able to configure reverse dns for the mail server. So, to clarify your objective: you need mail you generate on behalf of client domains to get to the recipients. For SPF you need to ask your clients to add your mail server to their DNS SPF record as an outbound server. For Reverse DNS the IP of the outbound mail server needs to have an IP record pointing back to the domain. This can only be done by the owner of the IP address. In my case Onetel, my ISP, owns the IP address and there is nothing I can do to configure the reverse DNS on the IP address I borrow from them - that's down to them to do. The only reliable way to guarantee mail you generate from CF is going to get to recipients is to ask your clients to set up authenticated SMTP sessions. This makes the mail delivery their responsibility, as it should be - their internal IT guys should be onto this. (My background includes 20 years in IT Management, infrastructure, et al.) <cfmail type ="html" from ="[EMAIL PROTECTED]" to = "[EMAIL PROTECTED]" server="mail.fasttrackonline.co.uk" username="[EMAIL PROTECTED]" password="mypassword" subject="FAST TRACK - CONTACT US"> This example of the CFmail tag shows how the mail is pointed at a server with authenticated SMTP. When configuring mail server applications many have the option to ask for an authenticated POP session prior to allowing SMTP which is how most get around requiring full SMTP authentication. However, in your instance there will be no POP session so it has to be full authentication. If you take the route of adding other domains to your mail server they will not have a valid reverse dns pointer and the mail will bounce from many receiving mail servers. If you ask clients only to whitelist mail sesssions from your domain when receiving their email the email will still be seen to have originated on your mail server. If you are dealing with clients who do not host their own mail servers then it is the responsibility of who ever does host it to get this set up properly. If they are hosting a mail server with a provider who does not configure reverse DNS and SPF it's time they changed! Don't get confused with the reverse DNS record for the domain DNS server. Hope this helps, Jenny -----Original Message----- From: Rick Faircloth [mailto:[EMAIL PROTECTED] Sent: 06 January 2006 01:59 To: CF-Talk Subject: RE: How to send email using CF for clients without an open relay... Thanks for the input and advice, Jenny... I'm trying to get all this sorted out, but unfortunately, it seems I'm only able to take baby steps at any one time. One thing I can't sort out is where the SPF and reverse-DNS stuff should go...my ISP, whose domain is tagged onto the end of my static IP according to records, or GoDaddy.com where I manually handle my DNS, MX, TXT, and SPF records or on my own server, which I don't use to handle any of this...it pretty confusing. I guess it would be GoDaddy, since through their interface I can setup DSN, MX, TXT, and SPF records... I think I need to hire the head IT guy I spoke with a while back over at an International company and just get him to look at my exact situation and tell me how to handle it... Rick > -----Original Message----- > From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 05, 2006 7:02 PM > To: CF-Talk > Subject: RE: How to send email using CF for clients without an open > relay... > > > Hi Rick, > > This would mean the mails will be originating from a server that isn't > included in the domain spf records and it will get scored as spam by the > receiving server. Naturally, the reverse dns for the domain > won't match up > to the sending server and you will find mail is rejected by some servers. > Keep an eye on your bounces and run lots of tests to various > domains to see > your emails are getting out. > > As mentioned before, we send out some 8000 emails a week to our > dating site > members and I'm all too aware of the problems spf and reverse dns cause - > although I have to say I'm totally in favour of it as it's anto spam. It > just makes it very hard sometimes when we are trying to run on a shoe > string. > > Best of luck, > > Jenny > > > -----Original Message----- > From: Rick Faircloth [mailto:[EMAIL PROTECTED] > Sent: 05 January 2006 20:43 > To: CF-Talk > Subject: RE: How to send email using CF for clients without an open > relay... > > > Hi, Jenny... > > I found a solution by using ArgoSoft's Email Server Plus, > which works with multiple domains. I just had to enter > the domains for which I would relay mail and that solved > the problem. > > It would have been a lot of trouble to ask the admins of the > servers to setup authentication...just easier if I could handle > it in-house. > > Also, some of my client's don't have mail servers, so I would > have to have a solution for them, as well....and this works for everyone. > > I appreciate your help...so far things are looking good, except for > the stragne occurence of getting an email in my inbox that my wife > sent to someone else through the mail server. I'm getting some > repetitious emails when I do a group mailing through Outlook, too. > > Not big problems, but I hope get *everything* running smoothly > so I can turn my attention back to the websites that need building! > > Thanks, again... > > Rick > > > > -----Original Message----- > > From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] > > Sent: Thursday, January 05, 2006 2:59 PM > > To: CF-Talk > > Subject: RE: How to send email using CF for clients without an open > > relay... > > > > > > Hi Rick, > > > > That's not what I suggested, I said that's one way to do it and it's > > definitely not recommended. > > > > If you ask your client to set up authenticated access to their > server that > > is not open relay and it will fix your problem. > > > > The cfmail tag allows you to specify the server and user/password for > > authentication. > > > > Hope that helps, > > > > Jenny > > > > > > -----Original Message----- > > From: Rick Faircloth [mailto:[EMAIL PROTECTED] > > Sent: 04 January 2006 20:30 > > To: CF-Talk > > Subject: How to send email using CF for clients without an open relay... > > > > > > Hi, guys and gals.... > > > > I'm running into issues trying to send email generated > > by CF through my mail server, SmarterMail (Free Edition). > > > > It's working fine, except that to send email from my clients' > > domains, I've had to setup everything so that I'm an open relay. > > > > This is getting me blacklisted... > > > > It's been suggested that the only thing I can do is > > setup an SPF and get the IP and domain for every client I have and > > put it in the SPF. > > > > Is this the best way to handle this? > > > > Thanks, > > > > Rick > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228618 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
