spf interview questions
Top spf frequently asked interview questions
I do not find any guidelines regarding how to configure multiple IPs into an SPF record.
So far I used (for example):
v=spf1 ip4:180.72.100.0/24 a mx ?all
But now I should add another range of IPs that are allowed, e.g.
v=spf1 ip4:180.72.100.0/24 ip4:180.20.111.0/24 a mx ?all
Is the second syntax correct?
Thanks.
Source: (StackOverflow)
I am using google apps, and google is handling my email.
I have created the SPF record mention in the help forum in google, but the SPF record did not pass, verified by using check-auth@verifier.port25.com and spf-test@openspf.org.
After searching a bit I found that the SPF mentioned in google
v=spf1 include:aspmx.googlemail.com ~all
is wrong and buggy, after consulting a hardcore programmer, we created an SPF record as
v=spf1 a mx include:_netblocks.google.com include:aspmx.googlemail.com include:_spf.google.com ~all
This passed the test using both the method mentioned above.
However when I send an email to a###l@ind###########cer.org it shows delivery failed with the following message
Delivery to the following recipient failed permanently:
a###l@ind##########cer.org
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 The sender did not meet Sender Policy Framework rules. Please see http://spf.pobox.com (state 18).
However if I send mail from Yahoo or Gmail it gets delivered successfully, can anyone help me out?
Source: (StackOverflow)
I am planing to use both Mandrill and MailChimp for my website, and I`m trying to set up the crazy SPF DKIM for both of them. At same time still keep my own email flowing In and Out :)
My current plan is :
SPF TXT Record
yourdomain.com
v=spf1 include:spf.mandrillapp.com include:servers.mcsv.net ?all
1 hour
And a DKIM Record (for only Mandrill)
mandrill._domainkey.yourdomain.com
k=rsa; p=*****
1 hour
Can anyone see any missing characters? And is MailChimp Domain still Valid?
Thanks for any help :)
Source: (StackOverflow)
We uses both Mailgun and Google App engine mail services to send transaction emails from our products. Both needs DKIM
and SPF
text record in the DNS server. Is it possible to set multiple DKIM
and SPF
record in DNS
configuration? Will it work?
Source: (StackOverflow)
Right now I have SPF IP4 and IP6 as two separate records, but IPv6 is not being recognized by Gmail. Should I merge them? It looks like this currently. How should it really be?
GMail:
Received-SPF: softfail (google.com: domain of transitioning info@dadilja.rs does not designate 2a01:4f8:d16:1355::2 as permitted sender) client-ip=2a01:4f8:d16:1355::2;
Source: (StackOverflow)
Mail chimp offers three levels of authentication when doing email campaigns.
- Manual Authentication
- No Authentication
- Auto Authentication
From what I understand Manual Authentication is when you set up your own SPF/DKIM records on your DNS.
No Authentication is when no body sets up anything, and I'm pretty sure deliverability goes way down.
The Auto Authentication is what I am curious about. All they do is require the person sending the email to approve that their email address is ok to send from with a validation email. I'm done research, and I can't figure out how mail chimp and other people do this auto-authentication.
Is there any service out there, or would we have to set up our own email servers to accomplish something like this.
Also what kind of effect on deliverability is the "auto" authentication.
Source: (StackOverflow)
Issue: my SPF Record (TXT)
can not be retrieved from the DNS entry of the domain zwischengas.com
In my DNS entry I have one line for the SPF Record (as TXT entry):
@ IN TXT "v=spf1 ip4:188.a.b.c ip4:xyz/22
ip4:xyz/24 ip4:xyz/21 ip4:xyz/24 ip4:xyz/24" "ip4:xyz ip4:xyz/22
ip4:xyz ip4:xyz/29 ip4:xyz/29 ip4:xyz/28" "ip4:xyz/24 ip4:xyz/24 a mx
?all"
I have the problem, that this SPF Record can not be found and I have no clue why.
According to the RFC splitting up a very long line into multiple strings is recommended in order to keep all substrings smaller than 255 characters.
My domain is zwischengas.com , the Mail Server's IP is 188.a.b.c, anybody a clue?
I tried these tests without success:
host -t txt zwischengas.com
spfquery -ip-address 188.a.b.c -m test@zwischengas.com -h zwischengas.com
Also the tests with online tools are without success:
Also Google Mail (gmail.com) can not retrieve my SPF record (according to the original mail header section):
Received-SPF: neutral (google.com: 188.a.b.c is neither permitted
nor denied by best guess record for domain of
noreply1@zwischengas.com) client-ip=188.a.b.c;
Source: (StackOverflow)
Trying to combing two spfs into one? Any thoughts? Thanks!
SPF A:
v=spf1 include:_spf.google.com ~all
SPF B:
v=spf1 mx include:cmail1.com ~all
What is A + B ?
Source: (StackOverflow)
I'm using Amazon SES and Route53 and confused how I specify the TXT value to include the proper SPF config. Amazon gave me a SES TXT name/value pair which looks something like this:
Name: "_amazonses.xxx.com"
Value: "bInxJfnRbxxxxx9uFXgmxxxxxQHd08UxxxxxxsG+k="
I plugged this into my Route53 Record Set (same as "Zone file" on Godaddy). Sure enough after adding my SMTP credentials to my app and having Amazon verify my account ("grant production access"), it works and I can send email from my site to a variety of accounts (Gmail, Yahoo, Hotmail, my .edu university account).
I know nothing about SPF but hear it is good include in one's email server configuration. By googling about Amazon SES, I keep seeing to include the flowing snippets:
"v=spf1 include:amazonses.com ~all"
"spf2.0/pra include:amazonses.com ~all"
Currently, these 2 snippets are included in the same TXT value field as that big, ugly value above("bInxJfnRb...") and my emails still get sent ok.
Two related questions:
- Whether putting all 3 of the snippets in a single TXT value field is the right place for these snippets?
- What are the circumstances under which "v=spf1 include:amazonses.com ~all" and "spf2..." come into play? Basically, how do I know if they are doing anything?
Source: (StackOverflow)
I have SPF and TXT record configured. When i check the SPF record syntax. It says PermError SPF Permanent Error: Too many DNS lookup.
v=spf1 include:_spf.google.com include:netcore.co.in ~all
And my emails are landed in SPAM as well.
1) I am on shared hosting, I dont have dedicated IP and DKIM configured. Actually I dont send emails with spam triggering words. Since I am on shared hosting. Is there any possibility of other's on the shared hosting sending the emails which resulted in my emails to land in SPAM.
2) I am using the netcore.co.in to send the mass mails. and google.com to send the mails from gmail.
And I have properly configured MX records as well. I have mentioned google MX records But not netcore.net MX records.
I am using sendgrid's free smtp server to send the emails from my java web app. which i am not mentioned in spf record.
Is SPF record causing the spam issues.
Source: (StackOverflow)
SPF is a powerful method to avoid blocking the emails as spam. However, setup of SPF is normally for the main domain, and I was unable to find setting for subdomain, and I am not sure if it is effective at all. I want to setup my email server on mail.domain.com
on a separate server. The SPF for the main domain is
@ v=spf1 mx include:domain.com ~all
@ v=spf1 a mx ptr ip4:0.0.0.0 ~all
And for mail server (subdomain)
mail.domain.com v=spf1 mx include:mail.domain.com ~all
mail.domain.com v=spf1 a mx ptr ip4:1.1.1.1 ~all
where 0.0.0.0 is the main server IP and 1.1.1.1 is the mail server IP. Will this setting work to successfully use mail.domain.com for emails (e.g. name@mail.domain.com)?
What other considerations can help to avoid labeling the emails sent from subdomain as spam?
Source: (StackOverflow)
When sending emails from Amazon SES, gmail shows "sent via amazonses.com". How do I remove this?
According to Google,
I'm a sender and I don't want my recipients to see the "via" link. What can I do?
Gmail checks whether emails are correctly authenticated. If your messages are sent by a bulk mailing vendor or by third-party affiliates, please publish an SPF record2 that includes the IPs of the vendor or affiliates which send your messages and sign your messages with a DKIM3 signature that is associated with your domain.
I have added both SPF and DKIM records. When looking at the original email, it shows both passed.
Received-SPF: pass
Authentication-Results: mx.google.com; spf=pass ...; dkim=pass ...
Any ideas?
Answer:
Great step by step answer posted here Remove via from SES emails
Source: (StackOverflow)
What would be the correct SPF record to use for both Amazon SES and Google Apps together:
Google Apps says they want you to have the tilde "~" in it: http://support.google.com/a/bin/answer.py?hl=en&answer=178723, but most other examples have a dash "-" instead.
Amazon wants: "v=spf1 include:amazonses.com -all"
Google wants: "v=spf1 include:_spf.google.com ~all"
We currently have this, combining both together:
TXT "v=spf1 include:amazonses.com include:_spf.google.com ~all"
SPF "v=spf1 include:amazonses.com include:_spf.google.com ~all"
1) Is this the correct SPF record?
2) Are we missing anything, should this record be the exact same for both TXT & SPF DNS records? That is all we have, we don't have anything else.
We only send email from Google Apps and Amazon SES, nothing else.
Source: (StackOverflow)
Whenever I use PHP to send emails to members of my site, the email ends up in the spam folder for most email providers like Gmail and Hotmail.
When I check the original source in Gmail, I see the following:
Delivered-To: mypersonalmail@gmail.com
Received: by 10.236.41.34 with SMTP id g22cs272510yhb;
Wed, 1 Jun 2011 05:38:27 -0700 (PDT)
Received: by 10.236.77.102 with SMTP id c66mr7228248yhe.303.1306931907131;
Wed, 01 Jun 2011 05:38:27 -0700 (PDT)
Received-SPF: softfail (google.com: best guess record for domain of transitioning info@mywebserver.com does not designate as permitted sender)
Received: by 10.190.5.195 with POP3 id 3mf1156376yxt.72;
Wed, 01 Jun 2011 05:38:27 -0700 (PDT)
X-Gmail-Fetch-Info: info@mywebserver.com 14 mail.mywebserver.com 110 info@mywebserver.com
Return-path:
Envelope-to: info@mywebserver.com
Received: from mybestsh by s01.next-web.nl with local (Exim 4.69)
(envelope-from )
id 1QRkgT-0000BF-3v
for info@mywebserver.com; Wed, 01 Jun 2011 14:38:01 +0200
To: info@mywebserver.com
Subject: Your new password
MIME-Version: 1.0
From: MyServer
Reply-To: MyServer
X-Sender: MyServer
I have set up my SPF records as follows:
v=spf1 a mx ip4:xxx.xxx.xx.xx-all
I am wondering what causes the softfail. Any ideas?
Best regards,
Rick
Source: (StackOverflow)