• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

SPF = Sender Policy Framework

P

Pallieter

Guest
We have the latest Plesk running on a Fedore Core 2 server that maintains its own DNS (ns1.machine + ns2.machine) and want to setup SPF records (see: http://spf.pobox.com/ ) for all our domains. Our domains are on the same shared IP address and each use their own pop.domain and smtp.domain to receive/send their email.
 
If you are running Plesk 7.5.3 or 7.5.4 you can add a TXT record to the domain's DNS in the Plesk Control Panel.

First go to pobox.com and use their wizard to get the record contents as you wish them to be.

Then use that when creating the TXT record for the domain.
 
The wizard is too complex?

I will send in some suggestions to POBox to improve the wizard - but in the mean time: for the above situation, what would the SPF record be?
 
Alex from SPF.POBox.com said this:

> Can you add some sample SPF records
> and add an image with text that
> explains the SPF record?

No pictures, sorry.

First of all: your probably mean ZONEs where you wrote DOMAINs.
Example: mail.domain.org is a domain. domain.org is a domain.
www.domain.org is a domain.
Only domain.org is a zone. This zone contains all these domains (and possibly more).

You want to protect domains, not zones.

domains are used in:
MAIL FROM
HELO or EHLO

Your mailserver will announce its name on outbound connections. It MUST use its fully qualified domain name (FQDN) when doing so. This name you want to protect, so you're going to have an SPF record for it.

Then, for each different domain:
Your mailserver will say "MAIL FROM:<...@....>". The domain name, behind the @, you also want to protect.

Every domain that has a CNAME record associated with it must NOT have an SPF record. That's something technical, just don't do it. The place where the CNAME record is pointing to does need a record. Example:
www.domain.org CNAME domain.org. so you do NOT have an SPF record for www.domain.org. and you DO have a record for domain.org.

So far:

pop.domain.org. TXT v=spf1 ip4:1.2.3.4 -all
smtp.domain.org. TXT v=spf1 ip4:1.2.3.4 -all
domain.org. TXT v=spf1 ip4:1.2.3.4 -all
etc.
(of course: use your IP address)

Most if not all of your records are going to be the same. When the ip address changes, you'd need to alter all records. There's a better solution:

domain.org. TXT v=spf1 ip4:1.2.3.4 -all
pop.domain.org. TXT v=spf1 redirect:domain.org
smtp.domain.org. TXT v=spf1 redirect:domain.org
mail.other.... TXT v=spf1 redirect:domain.org
etc.

now you need to change only one record and others are changed automatically.

This should give you an idea. Make sure you understand what you are doing. Do not stop at reading http://spf.pobox.com/ but also read http://spf.pobox.com/mechanisms.html and other useful information on that site.
 
You must log in or register to reply here.

Similar threads

carlsson
Resolved Outgoing administrator mail not authorized [missing SPF record in sender domain]
Replies
11
Views
975
rkbonatto
rkbonatto
C
Issue DKIM and SPF do not align with RFC5322. Then DMARC result is fail.
Replies
2
Views
698
cmartinez127
C
A
Issue DKIM and DMARC issue, emails not sending
Replies
4
Views
377
danami
danami
Ehud
Question PTR value part of email SPF configuration
Replies
5
Views
1K
Kaspar
K
A
Issue Avoid email spoof from my own domain
Replies
0
Views
824
agaitan
A
Back
Top