SPF Record

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
abrodski
New user
New user
Posts: 11
Joined: 2009-06-27 08:01

SPF Record

Post by abrodski » 2009-07-05 01:53

How critical is adding SPF Record to my DNS Records?

User avatar
pepsi
Senior user
Senior user
Posts: 419
Joined: 2008-08-21 20:58
Location: Netherlands

Re: SPF Record

Post by pepsi » 2009-07-05 07:59

non.

Make sure you make a list of all ip/a/mx records before adding.
set time to live of the record first to 1 hour
and for the save side first use ~all before you are gone use -all

and check http://www.openspf.org

mrgigo
New user
New user
Posts: 15
Joined: 2009-07-04 23:07

Re: SPF Record

Post by mrgigo » 2009-07-06 02:18

Hi Abrodski,

The www.openspf.org web site, as mentioned above,
will answer all of your questions, and help you build
the records for your zone file. It's really easy. Since
more and more mail server admins are using the record
to help score messages for spam consideration, I'd say
it's not critical, but logical.

As mentioned, set the TTL to 3600. Also, if you are
using DNSSEC, and I hope you are, generate new keys,
and resign your zone file.

Cheers,
-Mr.GiGo

plobby
Normal user
Normal user
Posts: 115
Joined: 2008-01-29 07:04

Re: SPF Record

Post by plobby » 2009-07-06 02:49

What is the purpose of putting the first record with a TTL of an hour? Rather than a day/week especially if the IP address is not changing.

User avatar
pepsi
Senior user
Senior user
Posts: 419
Joined: 2008-08-21 20:58
Location: Netherlands

Re: SPF Record

Post by pepsi » 2009-07-06 10:32

if you have made a mistake. or forgot to put in a additional server that is sending mail from your domain. It would not take a week before the other DNS update to the new record.

for example:
hMailserver at home ip1.
webserver hosted in a datacentre ip2.
both send using domain.tld domain name

spf record for domain.tld only contains ip1 ttl 1 week

from the moment you send a message (ip1) to a external domain. there DNS server will cache te record for 1 week.
form that moment when you figured out you forgot to at ip2 to the spf record. when you update the spf record in your DNS the record is still in the DNS server on the internet. and it will take a week before they will notice the updated record.


when after 2weeks or so no problem accurs update the ttl from 1 hour to 1 day or 1 week

Post Reply