-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
On 28/5/23 5:29 pm, Tony White via luv-main wrote:
> Hi Andrew, Login to your Registrar site ie Melbourne IT and look for Manage
> your Domain. Open this and look for CPanel
> Console. Once there find Zone Manager, Zone Records or Zone Editor.
>
> Add a new record to your Zone. Look for TXT record. Leave the domain empty
> select TXT from the drop down list. In the
> filed to its right insert the value
>
> -- snip --- v=spf1 ip4:203.170.84.161 ~all -- end snip --
NOOOOOO!
Please be sure about what the rule should be a dn do a hard fail if it isn't
met correctly with "-all" at the end of the
TXT record.
It sure seems that SPF, DKIM and DMARC have become necessary because of all the
bad actors around these days.
Running mail servers today means dealing with a significant amount of rubbish
and mostly because the "world" isn't using
SPF definitions properly and respecting the rules set. My servers strike hard
on email that fails SPF, now, at long last,
Google is finally doing that.
It is very sad that we need these "extras", but they are there for good reason;
work with them and you'll have much better
ability for delivery of emails -- fail to work with them and more will fail to
deliver.
One thing I hate about DKIM though, is that it only applies to emails leaving a
server, destined for a different server;
that is, same server to same server emails don't get signed :(
- I wonder if that is the case with Google mail server to Google mail server
too; I don't know.
> change the TTL value to 3600 then save.
Why so short for TTL? If you are confident that you have the settings correct
after testing, then the TTL should be at
least 86400 (a day).
> The DNS will be updated in an hour or so.
Seems to be quick these days, but delays can still occur.
> To check it is done use the following command in the cli.
>
> dig TXT algphoto.com.au (press enter)
>
> you should see something like this...
>
> algphoto.com.au 3400 IN TXT "v=spf1 ip4:203.170.84.161 ~all"
>
> If little of this makes sense I apologise. I can help you remotely if you
> would like.
When you think you have the settings right, send an email to the following
address to get a report:
check-a...@verifier.port25.com
Have a short TTL (600 perhaps, 10 minutes), until you are sure you have
everything setup correctly.
btw SPF is most often broken with the mass mailers and those responsible for
the domain name can't get the simple things
right. Stop using big tech, or, at the very least, use it properly. Avoiding
SPAM and other rubbish from Google, Outlook
and AmazonSES is neigh on impossible as the bad guys often do a better job of
setting up SPF, DKIM and DMARC than the vast
majority of domain administrators! I could go on about service providers, so
many allow so much rubbish to traverse their
networks, it is a real problem.
> regards Anthony White
Cheers
AndrewM
-----BEGIN PGP SIGNATURE-----
iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCZHMXmAAKCRCoFmvLt+/i
+8JSAQCESm6roGxuVeTFFYokjPDS9kGDdBnvCmk/SW9n8HIDIgD/ZmY2f/tGPKoc
jn+Do9vZZ2VNsEg2hZIkLzmrpVq5IXQ=
=IzaR
-----END PGP SIGNATURE-----
_______________________________________________
luv-main mailing list -- luv-main@luv.asn.au
To unsubscribe send an email to luv-main-le...@luv.asn.au
