Posted on

Email SPF examples

$dig txt i88.ca

“v=spf1 a mx ip4:8.8.8.8 ip4:8.8.8.88 -all”

The “a” and “mx” specify the systems permitted to send messages for the given domain.

To add ip of datawiki.biz to the SPF so that datawiki.biz can send email for i88.ca

$dig datawiki.biz

get ip of datawiki.biz:

9.9.9.9

Then change the SPF into

“v=spf1 a mx ip4:8.8.8.8 ip4:8.8.8.88 ip4:9.9.9.9 -all”

v=spf1 SPF version 1


mx the incoming mail servers (MXes) of the domain are authorized to also send mail for it.i88.ca

The “ip4” mechanism

ip4:
ip4:/

The argument to the “ip4:” mechanism is an IPv4 network range. If no prefix-length is given, /32 is assumed (singling out an individual host address).
Examples:

“v=spf1 ip4:192.168.0.1/16 -all”

Allow any IP address between 192.168.0.1 and 192.168.255.255.


-all all other machines are not authorized

You can use dig -x ip_address to reverse lookup the ip address.

Testing tools of SPF
http://www.kitterman.com/spf/validate.html
www.openspf.org/Tools
http://tools.bevhost.com/spf/
If you are using Amazon Simple Email Service:

If you are already publishing SPF or Sender ID records to your Domain Name Service (DNS), recipients might not receive your email. To ensure delivery, add the following to any such records:
include:amazonses.com include:sendgrid.net include:i88.ca

If you use gmail API to send your email,

include:_spf.google.com ~all

Publishing an SPF record that uses -all instead of ~all may result in delivery problems.

Sender ID Introduction and Resources

Test emails sent to the Port25 email verifier

Port25 offers a really nifty public service — you can send email to [email protected] and it will reply to the from: address with an extensive diagnostic. Here’s an example summary result

from a test email:

SPF check: pass

DomainKeys check: fail

DKIM check: pass

Sender-ID check: pass

SpamAssassin check: ham

Leave a Reply

Your email address will not be published. Required fields are marked *