• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

SPF = Sender Policy Framework

P

Pallieter

Guest
We have the latest Plesk running on a Fedore Core 2 server that maintains its own DNS (ns1.machine + ns2.machine) and want to setup SPF records (see: http://spf.pobox.com/ ) for all our domains. Our domains are on the same shared IP address and each use their own pop.domain and smtp.domain to receive/send their email.
 
If you are running Plesk 7.5.3 or 7.5.4 you can add a TXT record to the domain's DNS in the Plesk Control Panel.

First go to pobox.com and use their wizard to get the record contents as you wish them to be.

Then use that when creating the TXT record for the domain.
 
The wizard is too complex?

I will send in some suggestions to POBox to improve the wizard - but in the mean time: for the above situation, what would the SPF record be?
 
Alex from SPF.POBox.com said this:

> Can you add some sample SPF records
> and add an image with text that
> explains the SPF record?

No pictures, sorry.

First of all: your probably mean ZONEs where you wrote DOMAINs.
Example: mail.domain.org is a domain. domain.org is a domain.
www.domain.org is a domain.
Only domain.org is a zone. This zone contains all these domains (and possibly more).

You want to protect domains, not zones.

domains are used in:
MAIL FROM
HELO or EHLO

Your mailserver will announce its name on outbound connections. It MUST use its fully qualified domain name (FQDN) when doing so. This name you want to protect, so you're going to have an SPF record for it.

Then, for each different domain:
Your mailserver will say "MAIL FROM:<...@....>". The domain name, behind the @, you also want to protect.

Every domain that has a CNAME record associated with it must NOT have an SPF record. That's something technical, just don't do it. The place where the CNAME record is pointing to does need a record. Example:
www.domain.org CNAME domain.org. so you do NOT have an SPF record for www.domain.org. and you DO have a record for domain.org.

So far:

pop.domain.org. TXT v=spf1 ip4:1.2.3.4 -all
smtp.domain.org. TXT v=spf1 ip4:1.2.3.4 -all
domain.org. TXT v=spf1 ip4:1.2.3.4 -all
etc.
(of course: use your IP address)

Most if not all of your records are going to be the same. When the ip address changes, you'd need to alter all records. There's a better solution:

domain.org. TXT v=spf1 ip4:1.2.3.4 -all
pop.domain.org. TXT v=spf1 redirect:domain.org
smtp.domain.org. TXT v=spf1 redirect:domain.org
mail.other.... TXT v=spf1 redirect:domain.org
etc.

now you need to change only one record and others are changed automatically.

This should give you an idea. Make sure you understand what you are doing. Do not stop at reading http://spf.pobox.com/ but also read http://spf.pobox.com/mechanisms.html and other useful information on that site.
 
You must log in or register to reply here.

Similar threads

F
Issue OpenDNS problem ?
Replies
1
Views
219
Kaspar@Plesk
Kaspar@Plesk
J
Resolved Unable to send & receive emails after Dist Upgrade & DNS changes
Replies
2
Views
589
Johnny9977
J
L
Question Plesk server in a cPanel farm
Replies
5
Views
567
Kaspar@Plesk
Kaspar@Plesk
C
Question Analysing Sender IP in Mail Headers
Replies
0
Views
543
Change Maker
C
E
Issue Several understanding errors in my postfix
Replies
4
Views
5K
estanis
E
Back
Top