SPF on Domains

[duguk]

I've been trying to add an SPF record ("v=spf1 a mx ~all") to all my domains on the F2s domain page, but I constantly get the error:

The Maps to value you have typed in is not in the correct format ie. xyz.domainname.co.uk.

There has been a problem - Please see the error message above, click back to correct the problem and then try again

Is there some way of adding SPF records, or is this currently impossible? The reason I ask is I've had at least 5 emails today of people forging my email address, and I'm a bit fed up of it

Is there something better than SPF I can use to stop this?

Thanks in advance,

Dug Stokes

[Karl Prince]

The SPF record looks OK, though without knowing your domain, and which email servers you are sending from it difficult to be sure, probably could be smaller (by dropping the A or MX).

From your description looks like you may be trying to enter the txt into the domain name field.

You need to create an SPF record to cover every A record and MX record in your domain to be fully protected.

SPF won't stop people forging your email address, particularly when you don't put -all in the string to force rejection by mail systems that do use it.

When you say you have had 5 emails today of people forging your email address, do you mean spam bounces coming back to you, virus's or what?

[duguk]

Wow! Thanks for answering my call so quickly!

Basically I have many domains, but the main one I'm having problems with is frag.co.uk. As you can probably see from the record, I've got one IP for the A records, and the other two IPs for F2s's mail servers. Mail for frag.co.uk I guess could be sent from any one of these IPs.

My other domains use my own mail server hosted at home (the same IP as the A records for frag.co.uk), and obviously I guess I can drop the 'mx' from the SPF records for these as they are only sent from my mail server.

Hopefully this means I've got my SPF records correct, I'd already put the ~all in the SPF record as you'd said, so would an SPF record of ("v=spf1 a mx ~all") for frag.co.uk be correct?

As you say, I am adding it on the F2s Members Area => Edit DNS Entries page [at https :// secure freedom2surf net / service2 / domainname / dns.php? domainname = frag.co.uk]
I'm entering:

Entry: frag.co.uk
Record Type: mx
Maps to: "v=spf1 a mx ~all"
Weight: [blank]

Then clicking the Add button. With or without quotes seems to make no difference.
Is this correct? Or do I enter it somewhere else? If so where!!?

I was a bit confused at the error message as this appears right to me - it is an txt record to use for SPF records isn't it? Or do I have to do something complicated? I've been tempted to run my own DNS server but didn't like to because F2S seem to do it so well!

The mails are being forged to come from my email address, uh, e.g (ip&emails dotted to protect the innocent );

Received: from (213 dot 217 dot 205 dot 54) by (some server) with SMTP; 4 Sep 2005 03:30:09 -0000
From: Natasha <dug at frag dot co dot uk>
To: <dug at frag dot co dot uk)

etc... I think its a JPEG image exploit of some kind. I'm not too bothered really - it was sitting in my Junk Mail and I only noticed because someone's whitelist was questioning me. Its probably because my email address is on webpages and the like, but it would be nice to have an SPF record, just so I'm doing as much as I can.

Thanks again for your help! I'm so impressed with this site and F2S! Upgrading my broadband to 2mb from an online form in less than 12 hours was just amazing, and if you guys - especially you Karl - [I'm amazed you'll answer stuff like this on a Sunday!] can fix this then I'll be so pleased... I'll.. I'll... I really don't know what I'll do apart from be impressed and extremely happy!

Thanks again for your help!

Dug Stokes

[Karl Prince]

Quote:

Originally Posted by duguk

Wow! Thanks for answering my call so quickly!

Just luck of the draw. this one would have been quicker if my RedHat box hadn't crashed (note to self, push power plugs into drives all the way in future, especially if you move the box whilst writing something l.o.n.g)

Quote:

Originally Posted by duguk

Basically I have many domains, but the main one I'm having problems with is frag.co.uk. As you can probably see from the record, I've got one IP for the A records, and the other two IPs for F2s's mail servers. Mail for frag.co.uk I guess could be sent from any one of these IPs.

The record is accurate if you send mail from either your own (ADSL hosted) server or the F2S MX servers, however this it probably not what you actually want, the the F2S MX servers are not necessarily the outbound servers for email, the record you actually want is "v=spf1 a include:f2s.net -all", this will include the f2s.net record as part of your record. What this actually means is that your IP and the IP addresses of the F2S server networks are trusted, though a F2S user could forge email that passes the test by forwarding through the F2S mail servers, this is always a (small) risk with shared mail servers

Quote:

Originally Posted by duguk

My other domains use my own mail server hosted at home (the same IP as the A records for frag.co.uk), and obviously I guess I can drop the 'mx' from the SPF records for these as they are only sent from my mail server.

Yep

Quote:

Originally Posted by duguk

Hopefully this means I've got my SPF records correct, I'd already put the ~all in the SPF record as you'd said, so would an SPF record of ("v=spf1 a mx ~all") for frag.co.uk be correct?

The ~all (tilda) denotes softfail, mail servers are not allowed to reject based on this alone, only use it to score spammyness of the sender. Use of -all (minus) denotes fail, very black and white. I don't want to get drawn into why the current wizards default to tilda, which won't actually get forgeries blocked, but the general premise is to help reduce false positives whilst some problematic mail forwarders (and ebay), get their act together

Quote:

Originally Posted by duguk

As you say, I am adding it on the F2s Members Area => Edit DNS Entries page [at https :// secure freedom2surf net / service2 / domainname / dns.php? domainname = frag.co.uk]
I'm entering:

Entry: frag.co.uk
Record Type: mx
Maps to: "v=spf1 a mx ~all"
Weight: [blank]

Then clicking the Add button. With or without quotes seems to make no difference.
Is this correct? Or do I enter it somewhere else? If so where!!?

I was a bit confused at the error message as this appears right to me - it is an txt record to use for SPF records isn't it? Or do I have to do something complicated? I've been tempted to run my own DNS server but didn't like to because F2S seem to do it so well!

Close, but no cigar The record type is "TXT", not "MX". I use F2S for my .co.uk records without any problems

Quote:

Originally Posted by duguk

The mails are being forged to come from my email address, uh, e.g (ip&emails dotted to protect the innocent );

Received: from (213 dot 217 dot 205 dot 54) by (some server) with SMTP; 4 Sep 2005 03:30:09 -0000
From: Natasha <dug at frag dot co dot uk>
To: <dug at frag dot co dot uk)

etc... I think its a JPEG image exploit of some kind. I'm not too bothered really - it was sitting in my Junk Mail and I only noticed because someone's whitelist was questioning me. Its probably because my email address is on webpages and the like, but it would be nice to have an SPF record, just so I'm doing as much as I can.

Congratulations on being on a spammer CDROM (I'm on loads of them), so you will get loads of spam, and nowadays attempts to get your PC 0wned as well

Quote:

Originally Posted by duguk

Thanks again for your help! I'm so impressed with this site and F2S! Upgrading my broadband to 2mb from an online form in less than 12 hours was just amazing, and if you guys - especially you Karl - [I'm amazed you'll answer stuff like this on a Sunday!] can fix this then I'll be so pleased... I'll.. I'll... I really don't know what I'll do apart from be impressed and extremely happy!

Please note that this is an unofficial support site, run by members for members, though we a pleased that F2S staff actively participate in the forums. This is why you get out of hours support from the members, though many of os have to earn our ADSL connection fee during normal business hours

You will also need to consider any other A records you have (e.g. www.*), they could also be used for forgery (any domain that has either an MX or A record will survive the basic checks for domain validity on most mail servers). For all A records which are not intended to be used for email you need a record of "v-spf1 -all". www.frag.co.uk is an example of this type of domain

I would however recommend avoid overuse of A records, there are many arguments about this, but I feel that one A record per IP, with a matching PTR record is optimum. if a web server is at the same IP address as a mail server, a CNAME record will work fine, and will save you having to add an extra SPF record, e.g. CNAME www.frag.co.uk => frag.co.uk.

Have fun

[duguk]

Hey hey! Thanks for your help Karl! Sorry to hear about your RedHat box :S Dunno if it may help you, but I remember reading something about copying and grepping /proc/kcore for lost text during a reboot, as sometimes you can recover stuff - Keep meaning to try it out, but things never break when you want them too HTH!

I've got the SPF record in there now finally!

Oops! Yeah, it was obviously late and I typed in MX by accident! Once changing the ~ to a - and using TXT the record when in fine.

The reason it wouldn't add is the page errors if I use the tilde (~all) system, I guess this is a reserved character - and it isn't part of a domain name anyway. I guess its some omission from F2S's 'update-dns-script.php' script I guess, but I dont want a soft failure so this is great!

I'll definately get onto the CNAME problem, I am definately using way too many A records! I was going to be running a multitude of Virtual Hosts but now realised I could still use CNAMEs anyway [they're all the same IP], and just am using them as one site so I'll get onto this soon. - Many thanks for the advise.

Thanks again for your help, and spending so much time answering my questions! I'm so glad I'm finally doing something about these forged emails! I think I'll spend some more time around these forums - I'd really like to give something back to F2S and the support team after you've been so helpful to me!

Thanks again Karl,

Dug Stokes

[andrew]

altogether now, aaaaaaarrrrrrrrrr - wouldn't it be nice if the whole world was like this?

[donegal]

Quote:

Originally Posted by andrew

altogether now, aaaaaaarrrrrrrrrr - wouldn't it be nice if the whole world was like this?

There'd be pink wallpaper everywhere

Seriously tho.... I never understood hardly a word of the prob, and even less of the solution. I am most impressed with Karl's handle on the subject, even when I don't what the subject is!!