SPF question

Soldato
Joined
18 Oct 2002
Posts
7,139
Location
Ironing
I'm just setting up SPF on my dns server, and I had a question. Does SPF restrict right down to the ip address of the machine where the email originates from?

For example, I can have an SPF policy for a domain that limits mail originating from a single mailserver only. Am I right in thinking that if I compose an email in, say, thunderbird on my laptop and connect to that server to send the mail, the SPF check by the receiving mailserver will fail, because the email originated on my laptop and not the server? This seems to be the case testing against hotmail (they junk anything that fails spf).

If this is the case, is it common to have SPF include ip classes such as 192.168.0.0/24 so that clients on an internal network can send mail through that server on that domain as well? What about a person who is roaming about wireless hotspots and can be at any ip address?
 
SPF restricts down to the originating mail server(s).
You specify your list in the TXT record, and then if the receiving mail server is setup to check for SPF records it will do a lookup to see if the sending server's public IP address is in the SPF list for the domain that the e-mail claims to be sent from.

It's more advanced than just simply looking for a PTR record.
If you're composing mail in Thunderbird or any other non MAPI client then I'm guessing you're not connecting to an Exchange server and are just sending out via SMTP?
Either way, you should be sending your mail out via the server specified in the SPF record.

If a roaming user is just sending via their ISP's server then yes it will fail if the receiving system is checking SPF, but this won't be a problem if you set up Thunderbird to send out via your mail server.

You just need to give relay permissions to the user accounts who need it, and then specifiy outgoing SMTP authentication on the client. Then they should be ableto send out via your mail server wherever they are.
 
I am in the process of trying to set this up myself.

I only ever send email for my domain from my laptop, which is set up to use my ISPs SMTP server (smtp.dsl.pipex.com).

What would I need to do to configure SPF in my domain? (it is hosted by 123-reg).

According to THIS site, 123-reg support SPF,but require a different format??

I assume this only affects outgoing mail? I ask because I currently have 123-reg configured to forward mail for my domain to my ISP email accounts.

Thanks in advance
Chez
 
Back
Top Bottom