Step 5: Create and Test the SPF Record

 
 
By Michael Smith  |  Posted 2008-03-27 Email Print this article Print
 
 
 
 
 
 
 


The fifth step is to create and test the SPF record. This part is fun. The Sender Policy Framework Project offers many tools on its Web site to help you with this. Start with the wizard to build your SPF record. You can enter my domain, montner.com, to see how the wizard looks at mine, for example.

The wizard looks at your current DNS records, and then you need to answer the following questions. Here they are, along with the answers that worked for me:

1. montner.com's IP address is 207.217.125.50 (It looks that up for you).

2. Does that server send e-mail from montner.com? (No).

3. This wizard found two names for the MX servers for montner.com:

mx01-dom.earthlink.net and mx00-dom.earthlink.net. MX servers receive mail for montner.com. 

Do they also send mail from montner.com? (No).

4. Do you want to just approve any host whose name ends in montner.com? (No, since this is expensive, unreliable, and not recommended. Besides, saying "yes" would defeat the purpose of sender ID authentication).

5. Do any other servers send e-mail from montner.com? (No. For me this was simple, because I only have one domain. If you have multiple domains/subdomains from which you're sending, you need to look into this).

Getting the Results

The result for me is this SPF record:

v=spf1 ip4:207.217.0.1/16 ip4:209.86.0.1/16 ip4:216.9.240.1/20 ip4:167.206.0.0/16 ~all

So, for me, the main things I wanted was the information in the last two boxes:

1. IP networks can be entered using CIDR notation (i.e., 192.0.2.0/24). Enter your IP ranges here, like this: 207.217.0.1/16 - without using Enter or commas. The wizard inserts the IPv4 command.

2. Could e-mail from montner.com originate through servers belonging to some other domain? (If you send mail through your ISP's servers, and the ISP has published an SPF record, name the ISP here. This creates the Include command - do not use because your ISP probably does not publish an SPF Record so your e-mail would get "permanent error.")

3. Do the above lines describe all the hosts that send e-mail from montner.com? (No. This adds Softfail command if you say no).

Here's the cool part: Press continue and you will see your SPF record and its clear interpretation. Keep working with the wizard until you think you are done.

Then test (and re-test) the SPF record at this link. First test the syntax, then test all the different IP addresses from which you will send. This really is a great tool.



 
 
 
 
Michael Smith is a partner in Montner & Associates, a public relations firm focused on business-to business technology clients. He co-founded the firm in 1998 with his wife and partner, Deb Montner. Previously, he worked in electronics manufacturing and software, serving as a general manager and director of product marketing during his 18 years at Schlumberger, a Fortune Global 500 technology services company. He can be reached at msmith@montner.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel