Results 1 to 24 of 24
-
04-16-2008, 06:47 PM #1Junior Guru Wannabe
- Join Date
- Apr 2008
- Posts
- 52
SPF (Email marked as spam by hotmail, gmail...
Hi folks, I have a dedicated server in which i host 4 web sites using plesk one of them is mysite.com. That one is also set for ns1.mysite.com ns2.mysite.com.
(all domain names below are just example names)
Dns records for my apple.com orange.com and banana.com uses ns1.mysite.com and ns2.mysite.com my name server is also in the same machine.
In mysite2.com dns settings are as follows.
Code:80.111.11.11 / 24 PTR orange.com orange.com. NS ns1.mysite.com. orange.com. NS ns2.mysite.com. orange.com. A 80.111.11.11 orange.com. MX (10) mail.mysite.com. orange.com. TXT v=spf1 a mx include:gmail.com,yahoo.com,hotmail.com ~all ftp.orange.com. CNAME orange.com. mail.orange.com. A 80.111.11.11 webmail.orange.com. A 80.111.11.11 www.orange.com. CNAME orange.com.
The PROBLEM:
The thing is whenever the server sends email it is flagged spam by yahoo, hotmail etc. I have created SPF for my orange.com but it is still marked as spam...
I have checked dns report for both mysite.com and orange.com but they seem to be OK with no warnings either.
I want to create a spf record or make somthing so the emails does not marked as spam.
I would really appreciate all feedback
-
04-16-2008, 08:28 PM #2Junior Guru Wannabe
- Join Date
- Apr 2008
- Posts
- 52
please replace mysite2.com with orange.com above the "Code"
-
04-16-2008, 09:04 PM #3Web Hosting Master
- Join Date
- Apr 2002
- Posts
- 1,789
You might try using -all instead of ~all there is a lot of discussion as to what to use here. I think -all is the better solution because it basically says "Only the IPs and entities in this SPF record are allowed to send mail from this domain". Whereas ~all says "The IPs and entities listed in this SPF record are probably the only servers that will send mail from this domain". -all is just a little more strict.
You also don't need to include gmail.com, yahoo.com, and hotmail.com unless you are sending mail from orange.com from these servers.
Also how are you sending these messages? Make sure the envelope sender of these messages is using the orange.com domain. This problem is typical if you are using PHP or a CGI script to send out these messages. The envelope-sender might be set to the server's hostname.
You should also bear in mind that I don't think a lot of mail providers use SPF as the be all, end all, of determining a message's spam worth. It is just used to weigh the message. The sender server and SPF record may match, but if the message still contains a lot of spam words and spam like identifiers, it can still be flagged as spam.
-
04-16-2008, 09:07 PM #4Junior Guru Wannabe
- Join Date
- Apr 2008
- Posts
- 52
Thanks for your reply.
v=spf1 a mx -all
would this be allrigh?
-
04-16-2008, 09:11 PM #5Web Hosting Master
- Join Date
- Apr 2002
- Posts
- 1,789
If you are sending out mail from orange.com only from this specific server (i.e. your not using your ISP or any other mail server to send out mail from orange.com) then yes this should work.
Keep in mind that this is a DNS change and DNS changes may take a few hours to fully propagate, so don't expect instant changes with the spam weighing of your message. Also, the issue with your message being flagged as spam might be due to other factors other than the SPF record.
-
04-16-2008, 09:18 PM #6Junior Guru Wannabe
- Join Date
- Apr 2008
- Posts
- 52
SParked thanks for the info I have one last question
orange.com. MX (10) mail.mysite.com.
if i am using the above statement should I add the SPF record
v=spf1 a mx -all to dns setting in mysite.com or orange.com?
-
04-16-2008, 09:21 PM #7Junior Guru Wannabe
- Join Date
- Apr 2008
- Posts
- 52
or should i change orange.com. MX (10) mail.mysite.com.
TO >>> orange.com. MX (10) mail.orange.com. and edit the orange.com DNS record (adding v=spf1 a mx -all)
-
04-16-2008, 09:35 PM #8Web Hosting Master
- Join Date
- Apr 2002
- Posts
- 1,789
It all goes back to IP addresses.
v=spf1 a mx -all
Says that the only IPs that should ever send legitimate messages from orange.com are the A records for orange.com and the MX records for orange.com
In the example you give at the start of the message, you show that the A record for orange.com resolves to 80.111.11.11. The MX record for orange.com is set to mail.mysite.com. What IP address does mail.mysite.com resolve to?
-
04-16-2008, 09:38 PM #9Junior Guru Wannabe
- Join Date
- Apr 2008
- Posts
- 52
it resolves to 80.111.11.10
-
04-16-2008, 09:45 PM #10Junior Guru Wannabe
- Join Date
- Apr 2008
- Posts
- 52
i think i am starting to understand and should change to orange.com. MX (10) mail.orange.com
-
04-16-2008, 09:45 PM #11Web Hosting Master
- Join Date
- Apr 2002
- Posts
- 1,789
mail.mysite.com and orange.com are probably on the same server then. This probably doesn't really matter. It basically comes down to what the sending IP is of the server that is sending messages out from orange.com. Is one of these IPs the IP address of that server?
-
04-16-2008, 09:47 PM #12Junior Guru Wannabe
- Join Date
- Apr 2008
- Posts
- 52
yes they are on the same server. i have 80.111.11.10 80.111.11.11 80.111.11.12 80.111.11.13 all on the same server.
-
04-16-2008, 09:49 PM #13Junior Guru Wannabe
- Join Date
- Apr 2008
- Posts
- 52
The ip address of the Dedicated Server is 80.111.11.10.
80.111.11.11 is exclusive for orange.com
-
04-16-2008, 10:13 PM #14Web Hosting Master
- Join Date
- Apr 2002
- Posts
- 1,789
You probably want to leave it as is. If 80.111.11.10 is the IP address of the server, then you probably want that listed somewhere in the SPF record.
If the MX records for orange.com is set to mail.mysite.com and if mail.mysite.com resolves to 80.111.11.10, then just listing the MX record will include this.
-
04-16-2008, 10:19 PM #15Junior Guru Wannabe
- Join Date
- Apr 2008
- Posts
- 52
v=spf1 a mx ip4:80.111.11.10 -all
I think the above is correct, I should include this spf record DNS settings for duyurdum.com is that right?
-
04-17-2008, 02:25 AM #16Junior Guru
- Join Date
- Jun 2007
- Location
- UK
- Posts
- 219
If that is your domain then yes.
Don't forget to check the FAQ (http://www.openspf.org/FAQ), particularly the Common Mistakes page - if you can you'll want to add an SPF record for the HELO/EHLO string.I think the server saw what was required of it and just committed suicide instead.
-
04-17-2008, 04:29 AM #17Web Hosting Evangelist
- Join Date
- Apr 2003
- Location
- Melbourne, AU
- Posts
- 539
WK Woon
CTO | http://www.aflexi.net - A flexible Network
Building the next generation CDN platform - DEMO .... coming soon
-
04-22-2008, 04:00 PM #18Newbie
- Join Date
- Apr 2008
- Posts
- 14
I have a question regarding the "include:" hostnames, as I'm currently configuring the SPF myself.. Should it be "mail.google.com" instead of "gmail.com"?
There's even an example at the OpenSPF website using "include:gmail.com" but if you actually go to gmail.com it redirects to mail.google.com.
I guess I'll put both to be safe.
-
04-22-2008, 05:25 PM #19Web Hosting Master
- Join Date
- Apr 2002
- Posts
- 1,789
It should be just gmail.com. mail.google.com does not have a TXT record.
-
04-22-2008, 05:37 PM #20Newbie
- Join Date
- Apr 2008
- Posts
- 14
OK, then. I did see another issue with his line in the OP.. The OpenSPF wizard generates a line that uses "IN TXT" and not just "TXT" is there any difference between the two, and is that possibly why he is having issues?
It also generates the line with "" around the rest.. These aren't present in his example either.. I guess they're not necessary?
-
04-22-2008, 05:43 PM #21Web Hosting Master
- Join Date
- Apr 2002
- Posts
- 1,789
I'm not an expert on DNS, so I'm not exactly sure of what the significance of each part of a DNS record is. IN is just an identifier that is part of the DNS record. There may be other identifiers, but all the DNS that I have ever worked with have always included IN. I can tell you that it is necessary for the TXT record for SPF. I never really paid that much attention to the original poster's zone listing. This could just be a print out of what is in the DNS zone, and if it is, I wouldn't think it would be that uncommon for the keyword IN to be left out.
But yes, if you are working with BIND, the actual line that has to be entered into the DNS zone file for the domain is:
domain.com. IN TXT "v=spf1 a mx include:gmail.com -all"
of course, change the stuff that is in quotes, the actual TXT record to whatever you want.
-
04-22-2008, 06:34 PM #22Junior Guru
- Join Date
- Jun 2007
- Location
- UK
- Posts
- 219
http://www.google.com/support/a/bin/...n&answer=33786
Which says you would add include:aspmx.googlemail.com to your record. It's important to note that there is a limit of 10 DNS lookups on a record:
http://www.openspf.org/FAQ/Common_mistakes
So including the wrong record could trip you over that limit.
I'll have words with the relevant people to ensure that the example is corrected to avoid confusing anybody else in future.I think the server saw what was required of it and just committed suicide instead.
-
04-22-2008, 08:58 PM #23Web Hosting Guru
- Join Date
- Jul 2007
- Location
- Dallas, TX
- Posts
- 320
cPanel / WHM now has SPF and Domain Key generation per domain as a standard feature (not created by default, but available for each domain via the end user cPanel) because of the importance of both.
As pointed out earlier, SPF is not the be all and end all, but is a weight on your side of the scale. So are Domain Keys. php Mail Headers can be particularly helpful if someone is using your system to sned out unsolicited bulk mail, as are extened mail headers set in Exim (or your MTA). All of these things help make the decision for a major ISP to deliver your mail easier...
I believe Yahoo grey-lists everyone not using Domain Keys. Read more here:
http://domainkeys.sourceforge.net/
Good luck,
Joehttps://ServersAndHosting.com
Dedicated Servers | Guaranteed Hosting
-
05-09-2008, 09:11 PM #24Junior Guru Wannabe
- Join Date
- Apr 2008
- Posts
- 52
i have signed up for a smtp server suits better