I just tested my domain name at dnsreport.com ( the website that someone here posted recently).

There were a couple of warnings. One of which was that my domain did not have a SPF record.

How do I go about setting up one?

I sometimes use the webmail for my website usually when I am at work, and I sometimes use my Pegasus Mail with SMTP authentication when I am at home.

Thanks in advance for any assistance. :)

Basically unless you have a reseller account with the ability to modify DNS records you can't set these up and your host will have to do it. :)

Originally posted by LP-Trel
Basically unless you have a reseller account with the ability to modify DNS records you can't set these up and your host will have to do it. :)
I'm guessing you are talking about Cpanel, you do realise that just because 1 control panel doesn't let you do something doesn't mean no panel does? There are panels that allow end-users to modify their zone files.

Originally posted by ieee488

How do I go about setting up one?

Go to http://spf.pobox.com/ and there is a wizard that helps you create it, then you need to add what it gives you into a TXT record in your DNS zone.

Be very careful however, as you could end up preventing your mail from reaching a lot of servers if you do this incorrectly.

If your registrar / host does not offer TXT records (SPF is a TXT reecord in your DNS) as a standard part of their control panel, try to email them asking to publish it for you. If they are unable to do it, you can do it using a DNS hosting service like Zoneedit (free up to 5 sites).

But before you do that, I recommend you are 100% sure of your record. The best would be to join the SPF-help list (see http://spf.pobox.com/mailinglist.html ) ; or you can read all past threads at http://www.gossamer-threads.com/lists/spf/ . It took me 2-3 months to figure out the whole thing, so good luck!

SPF is probably useful.

Is SPF really useful? From what I read , it would limit a domain sending out to certain SMTP, what if I am outside using a foreign webmail. Or what if my client happens not to be using the SMTP provided by us, but by his ISP?

Correct me if I am wrong or misunderstood SPF, still trying to grasp the concept of SPF.

Originally posted by boonchuan
Is SPF really useful? From what I read , it would limit a domain sending out to certain SMTP, what if I am outside using a foreign webmail. Or what if my client happens not to be using the SMTP provided by us, but by his ISP?

Correct me if I am wrong or misunderstood SPF, still trying to grasp the concept of SPF.

It depends on how you setup the SPF record. If you told it that only x server sent out mail for your domain then it would cause problems if you used your ISP, however if you added your ISP to the SPF record (include:isp-domain.com) then the SPF record would also pass if mail was sent from their servers.

The foreign webmail would cause a problem, but what webmail would you be using that allowed you to fully relay any mail from their servers? The point of webmail is that you can access it from anywhere, so you just use the webmail you/your host provides.

Thanks for the explanation, my anticipated problem is the setup for clients, each client may have different ISPs. And some do uses their ISPs SMTP to send rather than through us.

You can setup for 1 or 2, but definitely not for say 10-20k clients each having their own setting and ISP. Thats my main headache when figuring out how to implement SPF.

Originally posted by boonchuan
Thanks for the explanation, my anticipated problem is the setup for clients, each client may have different ISPs. And some do uses their ISPs SMTP to send rather than through us.

You can setup for 1 or 2, but definitely not for say 10-20k clients each having their own setting and ISP. Thats my main headache when figuring out how to implement SPF.

As tempting as it is, don't go an automatic setup route because it will cause problems.

What we did a while back was sent a mailing out to all clients explaining what an SPF record was, that it could cause problems if they didn't add it and also gave a link to an article that explianed it in more detail. We then explained that if they wished to set one up, they could either do so from their control panel or they could contact us and we could do it for them.

Our servers use SPF weights as one of the checks to determine if a mail is spam or not, however at the present time it is not widely adopted enough to filter heavily on that, but over time it likely be become more strict and people will have problems sending mail if they don't have any SPF record setup.

From a host's perspective, it is better for you if your clients are using SPF because it can seriously cut down on the impact of joe-jobs and any bounces associated with it. As SPF is more widely accepted, it will also cut down on the amount of support requests you have to deal with because server x won't accept your client's mail.

Thanks Wullie for all your valuable posts, really clear a lot of doubts in my mind over SPF

No problem.

One thing I forgot to mention. On the host's side when receiving mail, SPF checks are becoming required more and more so if your mail server doesn't support SPF checking, it can cause serious problems.

When an autoresponder or a bounce message is triggered, it should only be sent out if there is an SPF match, otherwise you could end up with the autoreponders/bounces getting your server blacklisted for spam.

http://www.spamcop.net/fom-serve/cache/329.html#bounceexplain

Also check out Domain Keys which is a similar concept to SPF:

http://antispam.yahoo.com/domainkeys

One question about this:

Does a SPF record have to be set up for each and every domain on that host or can one be set up for the hostname of the server and have all mail relayed through it use the same SPF?

Originally posted by uneedawebsit
One question about this:

Does a SPF record have to be set up for each and every domain on that host or can one be set up for the hostname of the server and have all mail relayed through it use the same SPF?

SPF records are setup at the domain level. Basically, when the server receives a message from example.com, it does a DNS lookup for a SPF record in that domain's zone file.

When the SPF record is returned, it will say that server x,y,z are allowed to relay mail for example.com and then the receiving server will check the IP that connected to it. (It's more complex than that, but that's the overall outcome)

You can't set it up globally for the server, it needs to be in each and every DNS zone.

Originally posted by Wullie
You can't set it up globally for the server, it needs to be in each and every DNS zone.

What a colossal pain in the butt!

Thanks for the explanation.

Found this little gem which might help...

Supposedly it'll create the SPF records for all your websites on a RaQ4

http://www.pfinders.com/createspf/