Thanks Darin. I thought about only specifying the IP of our mail server, but we also have some web servers that send mail using the SMTP service for certain web hits. They aren't using the mail server. So I figured if I cover our block of IPs that would be safe.
The people who were having problems were sending from one of the virtual domains. So [EMAIL PROTECTED] was sending mail using mail.nnepa.com as her SMTP server. The mail did travel through the server, but was rejected on the other end because of their SPF record (which is what was used below). When a server checks the message, do they look at Mary's domain (virtualdomain.com) or the domain of the mail server (in this case, mail.nnepa.com)? Also, if a user is at home and has to send through their home ISP's SMTP server (unless they use our alternate port), how will that effect the SPF record? Thanks! Todd -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, September 20, 2007 3:51 PM To: [email protected] Subject: Re: [IMail Forum] OT: SPF Gurus Hi Todd, You only need to specify the IPs if you send mail for the domain in question from those IPs. It sounds like you were not sending from your MX, but from another IP, so you do need to ensure that the IPs that you send from are on your SPF record. Also, to use SPF you do need an SPF record for each domain. Darin. ----- Original Message ----- From: "Todd Richards" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, September 20, 2007 2:09 PM Subject: [IMail Forum] OT: SPF Gurus Hi Everyone - I know this is a little off topic, but I discovered that some there might be some issues with our SPF record, as well as those of our clients, resulting in mail being rejected. So I'm going back to the drawing board. Overview: Our mail server has one primary domain with the rest all virtual. Up until now, our main domain (nnepa.com) was using "v=spf1 mx -all" for it's SPF record. For all the domains, they were also using the same thing. One of the clients who had messages failing to a local university started asking questions of the university admin ("why are my messages to my daughter never making it?") He explained that the SPF record on their domain was wrong, and suggested the following: "v=spf1 mx ip4:216.81.209.0/24 -all" I implemented this for them and they were able to then send email. The problem is, by my understanding, is that we do not own that entire block of IP addresses. So I was going to refine it a little and use "v=spf1 ip4:216.81.209.193/27 ~all" ,which would cover our block. The question I have is a) does anyone see any harm in doing this, and b) should this be set up for each of the domains as well? I was on OpenSPF's website, which is great. But I'd really appreciate any thoughts that you might have. Todd To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
