What's the best way to utilize SPF if you're a hosting provider? Currently mine looks like:
v=spf1 mx a ptr ~all
should I list all of the domains that point to the IP that is the mailserver? Or should each domain get their own SPF record? Just thought I'd ask since I'm not sure what the best way to approach this is.
Full Version: Valid SPF Entry?
I would suggest you check out http://spf.pobox.com/ They should be able to answer any of your questions
Each domain would get its own SPF - that would point to the common mailserver. When the receiving mailserver goes to check spf - it will look to the domain the email says its from.. to make sure its coming from a server setup to send mail for that domain. So the domain in question has to have a SPF entry for it to work.
edit:
Explain how SPF works in 1 minute.
Domains use public records (DNS) to direct requests for different services (web, email, etc.) to the machines that perform those services.All domains already publish email (MX) records to tell the world what machines receive mail for the domain.
SPF works by domains publishing "reverse MX" records to tell the world what machines send mail from the domain. When receiving a message from a domain, the recipient can check those records to make sure mail is coming from where it should be coming from.
With SPF, those "reverse MX" records are easy to publish: one line in DNS is all it takes.
Do I have to publish spf for each of my smtp servers?
No. You should publish spf records for each and every domain you wish to protect from being used by spammers/virusses. If, for example, your domain is somedomain.tld and you furthermore have a subdomain www.somedomain.tld registered, you would publish for both somedomain.tld and www.subdomain.tld (the latter probably being set to "v=spf1 -all"). Note that you will have to publish for each and every A record, including any wildcard (*) or @ entries in your dns.
Each domain would get its own SPF - that would point to the common mailserver. When the receiving mailserver goes to check spf - it will look to the domain the email says its from.. to make sure its coming from a server setup to send mail for that domain. So the domain in question has to have a SPF entry for it to work.
edit:
Explain how SPF works in 1 minute.
Domains use public records (DNS) to direct requests for different services (web, email, etc.) to the machines that perform those services.All domains already publish email (MX) records to tell the world what machines receive mail for the domain.
SPF works by domains publishing "reverse MX" records to tell the world what machines send mail from the domain. When receiving a message from a domain, the recipient can check those records to make sure mail is coming from where it should be coming from.
With SPF, those "reverse MX" records are easy to publish: one line in DNS is all it takes.
Do I have to publish spf for each of my smtp servers?
No. You should publish spf records for each and every domain you wish to protect from being used by spammers/virusses. If, for example, your domain is somedomain.tld and you furthermore have a subdomain www.somedomain.tld registered, you would publish for both somedomain.tld and www.subdomain.tld (the latter probably being set to "v=spf1 -all"). Note that you will have to publish for each and every A record, including any wildcard (*) or @ entries in your dns.
Yes I found that site after I asked the question. I came to the same conclusion that every domain in DNS needs it's own entry. Thanks BudMan!!! 
Your explanation is just affirmation that I correctly interpreted what I ready. Many Thanks!!!
Your explanation is just affirmation that I correctly interpreted what I ready. Many Thanks!!!
Glad I could be of help - nice to see even the "little" hosts joining in with SPF.. It can be another very "effective" tool against the never ending battle against spam
I've been "trying it out" for the past 3 mos and have decided that it's a real assett... so I wanna start putting it in full force for all the domains I manage. I understand that SPF's fallback is that in order for it to work it's best everybody has to use it, but for how well this works, if you're NOT using it, you're an idiot.
It's more than proven itself to me
It's more than proven itself to me
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.