Results 1 to 24 of 24
  1. #1
    Join Date
    Apr 2008
    Posts
    52

    * SPF (Email marked as spam by hotmail, gmail...

    Hi folks, I have a dedicated server in which i host 4 web sites using plesk one of them is mysite.com. That one is also set for ns1.mysite.com ns2.mysite.com.

    (all domain names below are just example names)

    Dns records for my apple.com orange.com and banana.com uses ns1.mysite.com and ns2.mysite.com my name server is also in the same machine.

    In mysite2.com dns settings are as follows.

    Code:
    	80.111.11.11 / 24	PTR	orange.com
    	orange.com.	NS	ns1.mysite.com.
    	orange.com.	NS	ns2.mysite.com.
    	orange.com.	A	80.111.11.11
    	orange.com.	MX (10)	mail.mysite.com.
    	orange.com.	TXT	v=spf1 a mx include:gmail.com,yahoo.com,hotmail.com ~all
    	ftp.orange.com.	CNAME	orange.com.
    	mail.orange.com.	A	80.111.11.11
    	webmail.orange.com.	A	80.111.11.11
    	www.orange.com.	CNAME	orange.com.
    80.111.11.11 is dedicated ip for orange.com.

    The PROBLEM:

    The thing is whenever the server sends email it is flagged spam by yahoo, hotmail etc. I have created SPF for my orange.com but it is still marked as spam...

    I have checked dns report for both mysite.com and orange.com but they seem to be OK with no warnings either.

    I want to create a spf record or make somthing so the emails does not marked as spam.

    I would really appreciate all feedback

  2. #2
    Join Date
    Apr 2008
    Posts
    52
    please replace mysite2.com with orange.com above the "Code"

  3. #3
    Join Date
    Apr 2002
    Posts
    1,789
    You might try using -all instead of ~all there is a lot of discussion as to what to use here. I think -all is the better solution because it basically says "Only the IPs and entities in this SPF record are allowed to send mail from this domain". Whereas ~all says "The IPs and entities listed in this SPF record are probably the only servers that will send mail from this domain". -all is just a little more strict.

    You also don't need to include gmail.com, yahoo.com, and hotmail.com unless you are sending mail from orange.com from these servers.

    Also how are you sending these messages? Make sure the envelope sender of these messages is using the orange.com domain. This problem is typical if you are using PHP or a CGI script to send out these messages. The envelope-sender might be set to the server's hostname.

    You should also bear in mind that I don't think a lot of mail providers use SPF as the be all, end all, of determining a message's spam worth. It is just used to weigh the message. The sender server and SPF record may match, but if the message still contains a lot of spam words and spam like identifiers, it can still be flagged as spam.

  4. #4
    Join Date
    Apr 2008
    Posts
    52
    Thanks for your reply.
    v=spf1 a mx -all
    would this be allrigh?

  5. #5
    Join Date
    Apr 2002
    Posts
    1,789
    If you are sending out mail from orange.com only from this specific server (i.e. your not using your ISP or any other mail server to send out mail from orange.com) then yes this should work.

    Keep in mind that this is a DNS change and DNS changes may take a few hours to fully propagate, so don't expect instant changes with the spam weighing of your message. Also, the issue with your message being flagged as spam might be due to other factors other than the SPF record.

  6. #6
    Join Date
    Apr 2008
    Posts
    52
    SParked thanks for the info I have one last question

    orange.com. MX (10) mail.mysite.com.

    if i am using the above statement should I add the SPF record
    v=spf1 a mx -all to dns setting in mysite.com or orange.com?

  7. #7
    Join Date
    Apr 2008
    Posts
    52
    or should i change orange.com. MX (10) mail.mysite.com.
    TO >>> orange.com. MX (10) mail.orange.com. and edit the orange.com DNS record (adding v=spf1 a mx -all)

  8. #8
    Join Date
    Apr 2002
    Posts
    1,789
    It all goes back to IP addresses.

    v=spf1 a mx -all

    Says that the only IPs that should ever send legitimate messages from orange.com are the A records for orange.com and the MX records for orange.com

    In the example you give at the start of the message, you show that the A record for orange.com resolves to 80.111.11.11. The MX record for orange.com is set to mail.mysite.com. What IP address does mail.mysite.com resolve to?

  9. #9
    Join Date
    Apr 2008
    Posts
    52
    it resolves to 80.111.11.10

  10. #10
    Join Date
    Apr 2008
    Posts
    52
    i think i am starting to understand and should change to orange.com. MX (10) mail.orange.com

  11. #11
    Join Date
    Apr 2002
    Posts
    1,789
    mail.mysite.com and orange.com are probably on the same server then. This probably doesn't really matter. It basically comes down to what the sending IP is of the server that is sending messages out from orange.com. Is one of these IPs the IP address of that server?

  12. #12
    Join Date
    Apr 2008
    Posts
    52
    yes they are on the same server. i have 80.111.11.10 80.111.11.11 80.111.11.12 80.111.11.13 all on the same server.

  13. #13
    Join Date
    Apr 2008
    Posts
    52
    The ip address of the Dedicated Server is 80.111.11.10.
    80.111.11.11 is exclusive for orange.com

  14. #14
    Join Date
    Apr 2002
    Posts
    1,789
    You probably want to leave it as is. If 80.111.11.10 is the IP address of the server, then you probably want that listed somewhere in the SPF record.

    If the MX records for orange.com is set to mail.mysite.com and if mail.mysite.com resolves to 80.111.11.10, then just listing the MX record will include this.

  15. #15
    Join Date
    Apr 2008
    Posts
    52
    v=spf1 a mx ip4:80.111.11.10 -all
    I think the above is correct, I should include this spf record DNS settings for duyurdum.com is that right?

  16. #16
    Join Date
    Jun 2007
    Location
    UK
    Posts
    219
    If that is your domain then yes.

    Don't forget to check the FAQ (http://www.openspf.org/FAQ), particularly the Common Mistakes page - if you can you'll want to add an SPF record for the HELO/EHLO string.
    I think the server saw what was required of it and just committed suicide instead.

  17. #17
    Join Date
    Apr 2003
    Location
    Melbourne, AU
    Posts
    539
    Quote Originally Posted by werushka View Post
    The thing is whenever the server sends email it is flagged spam by yahoo, hotmail etc. I have created SPF for my orange.com but it is still marked as spam...
    How long have you been sending mails from this server? Days? Weeks? Months?
    WK Woon
    CTO | http://www.aflexi.net - A flexible Network
    Building the next generation CDN platform - DEMO .... coming soon

  18. #18
    I have a question regarding the "include:" hostnames, as I'm currently configuring the SPF myself.. Should it be "mail.google.com" instead of "gmail.com"?

    There's even an example at the OpenSPF website using "include:gmail.com" but if you actually go to gmail.com it redirects to mail.google.com.

    I guess I'll put both to be safe.

  19. #19
    Join Date
    Apr 2002
    Posts
    1,789
    It should be just gmail.com. mail.google.com does not have a TXT record.

  20. #20
    OK, then. I did see another issue with his line in the OP.. The OpenSPF wizard generates a line that uses "IN TXT" and not just "TXT" is there any difference between the two, and is that possibly why he is having issues?

    It also generates the line with "" around the rest.. These aren't present in his example either.. I guess they're not necessary?

  21. #21
    Join Date
    Apr 2002
    Posts
    1,789
    I'm not an expert on DNS, so I'm not exactly sure of what the significance of each part of a DNS record is. IN is just an identifier that is part of the DNS record. There may be other identifiers, but all the DNS that I have ever worked with have always included IN. I can tell you that it is necessary for the TXT record for SPF. I never really paid that much attention to the original poster's zone listing. This could just be a print out of what is in the DNS zone, and if it is, I wouldn't think it would be that uncommon for the keyword IN to be left out.

    But yes, if you are working with BIND, the actual line that has to be entered into the DNS zone file for the domain is:

    domain.com. IN TXT "v=spf1 a mx include:gmail.com -all"

    of course, change the stuff that is in quotes, the actual TXT record to whatever you want.

  22. #22
    Join Date
    Jun 2007
    Location
    UK
    Posts
    219
    http://www.google.com/support/a/bin/...n&answer=33786

    Which says you would add include:aspmx.googlemail.com to your record. It's important to note that there is a limit of 10 DNS lookups on a record:

    http://www.openspf.org/FAQ/Common_mistakes

    So including the wrong record could trip you over that limit.

    I'll have words with the relevant people to ensure that the example is corrected to avoid confusing anybody else in future.
    I think the server saw what was required of it and just committed suicide instead.

  23. #23
    Join Date
    Jul 2007
    Location
    Dallas, TX
    Posts
    320
    cPanel / WHM now has SPF and Domain Key generation per domain as a standard feature (not created by default, but available for each domain via the end user cPanel) because of the importance of both.

    As pointed out earlier, SPF is not the be all and end all, but is a weight on your side of the scale. So are Domain Keys. php Mail Headers can be particularly helpful if someone is using your system to sned out unsolicited bulk mail, as are extened mail headers set in Exim (or your MTA). All of these things help make the decision for a major ISP to deliver your mail easier...

    I believe Yahoo grey-lists everyone not using Domain Keys. Read more here:

    http://domainkeys.sourceforge.net/

    Good luck,
    Joe
    https://ServersAndHosting.com
    Dedicated Servers | Guaranteed Hosting

  24. #24
    Join Date
    Apr 2008
    Posts
    52
    i have signed up for a smtp server suits better

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •