Any downside to enabling SPF?

[MagicDude4Eva]

If you have any websites that send email directly for your domain mail (not via SMTP), you need to add those ip's as well.

So for my domains, I have my main SMTP server, my website Ip address (support emails are sent from there) and my 2 saas providers servers (alerts and notifications are sent from there)

One thing to remember is that a SPF record has a limit of 10 DNS lookups per record. This is not quite visible, but all major providers apply it. Records are resolved from left to right as well and most people follow old guidelines where they include A-/PTR- and MX- records as part of it - i.e:

"v=spf1 a ptr mx include:_spf.google.com include:sendgrid.net ip4:127.0.0.0/24 ip4:196.0.0.0/24 -all"

My suggestion is to never list A/PTR/MX records and to always list your IPs first before any other includes.

 

[Hamish McPanji]

One thing to remember is that a SPF record has a limit of 10 DNS lookups per record. This is not quite visible, but all major providers apply it. Records are resolved from left to right as well and most people follow old guidelines where they include A-/PTR- and MX- records as part of it - i.e:

"v=spf1 a ptr mx include:_spf.google.com include:sendgrid.net ip4:127.0.0.0/24 ip4:196.0.0.0/24 -all"

My suggestion is to never list A/PTR/MX records and to always list your IPs first before any other includes.

Good to know. Thanks.

There is no restrictions on Ip addresses though?

 

[MagicDude4Eva]

Good to know. Thanks.

There is no restrictions on Ip addresses though?

The restriction does apply to IPs as well - i.e. if you list 10 individual ips as ip4:xxx records. The idea with SPF is to look up the sender as quickly as possible. Remember that there will always be a reverse lookup involved from the PTR record to the matching record.

 

[Hamish McPanji]

The restriction does apply to IPs as well - i.e. if you list 10 individual ips as ip4:xxx records. The idea with SPF is to look up the sender as quickly as possible. Remember that there will always be a reverse lookup involved from the PTR record to the matching record.

Damn

/Goes off to check my spf records

 

[Jade @ Absolute Hosting]

Once you are done implementing your DMARC, SPF and DKIM then use the following to assist in resolving issues, and confirming how your mail's are ranked for spam

https://www.mail-tester.com/

 

[Thor]

Jesus.

Mail went from this is easy to fck me I'll stick to WhatsApp.

 

[Thor]

Kidding I have a fairly good idea of your talking about dkim is setup I'll read up on dmarc quickly as well.

 

[Thor]

Once you are done implementing your DMARC, SPF and DKIM then use the following to assist in resolving issues, and confirming how your mail's are ranked for spam

https://www.mail-tester.com/

Oi!!

Nifty little badboy.

Score 10/10

Yes ma'am

I need to add a dmarc record

 

[Thor]

How does rDNS work, I assume that means my reverse DNS lookup is different.

 

[Murmaider]

How does rDNS work, I assume that means my reverse DNS lookup is different.

Only the provider who owns the IP addresses can setup rdns on it.
Some providers expose this directly to customer and others add the entry on request.

 

[Thor]

That does make sense now.

 

[Thor]

Fascinating world IT is.

 

[shadow_man]

How does rDNS work, I assume that means my reverse DNS lookup is different.

As the name hints REVERSE dns.

It ties an IP to a PTR record, instead of a DNS entry to an IP.

Typically set by the host / from your panel (if allowed by the host, but with shared hosting I highly doubt it)

Hence:

$ dig mx mybroadband.co.za +short
1 mail.mybroadband.co.za.

$ ping mail.mybroadband.co.za
PING mail.mybroadband.co.za (41.203.16.67)

$ dig -x 41.203.16.67 +short
dedi67.jnb2.host-h.net.

$ ping dedi67.jnb2.host-h.net
PING dedi67.jnb2.host-h.net (41.203.16.67)

Thus the rDNS record here is:

;; ANSWER SECTION:
67.16.203.41.in-addr.arpa. 200 IN PTR dedi67.jnb2.host-h.net.

 

[ubercal]

Does anybody know if enabling SPF on your domain will cause delays in receiving mail ? Logic says no but since enabling it some emails are being delayed from a few hours to a few days.

 

[WAslayer]

Does anybody know if enabling SPF on your domain will cause delays in receiving mail ? Logic says no but since enabling it some emails are being delayed from a few hours to a few days.

HIGHLY unlikely, but only plausible if the recipient mail server is having trouble looking up the sender domain SPF record..

Look at the received email headers for the time stamps for each mail server hop.. if the delay is caused by the SPF lookup, you should see no excessive delay between send and received timestamps in the headers.. post the headers here or PM me if you are not sure what I am talking about..