Hi Tony
Reading the conversation with Andrew McGlashan, I logged in again and
made the change. Buoyed by earlier success I ran the dig command but the
change has not yet been performed. The TXT entry is accurate, however.
On 28/5/23 19:34, Tony White via luv-main wrote:
Hi Andrew,
Correct, the spf record should have a hard fail not the soft fail. So
change
the ~all to -all. I missed it, my bad.
The short TTL is, just that, short to ensure we can catch errors. They do
happen. When they are all set correctly update the TTL to another value.
Thank you for noticing the soft fail.
regards
Anthony White
On 28/5/23 18:58, Andrew McGlashan via luv-main wrote:
Hi,
On 28/5/23 5:29 pm, Tony White via luv-main wrote:
> Hi Andrew, Login to your Registrar site ie Melbourne IT and look
for Manage your Domain. Open this and look for CPanel
> Console. Once there find Zone Manager, Zone Records or Zone Editor.
> Add a new record to your Zone. Look for TXT record. Leave the
domain empty select TXT from the drop down list. In the
> filed to its right insert the value
> -- snip --- v=spf1 ip4:203.170.84.161 ~all -- end snip --
NOOOOOO!
Please be sure about what the rule should be a dn do a hard fail if
it isn't met correctly with "-all" at the end of the
TXT record.
It sure seems that SPF, DKIM and DMARC have become necessary because
of all the bad actors around these days.
Running mail servers today means dealing with a significant amount of
rubbish and mostly because the "world" isn't using
SPF definitions properly and respecting the rules set. My servers
strike hard on email that fails SPF, now, at long last,
Google is finally doing that.
It is very sad that we need these "extras", but they are there for
good reason; work with them and you'll have much better
ability for delivery of emails -- fail to work with them and more
will fail to deliver.
One thing I hate about DKIM though, is that it only applies to emails
leaving a server, destined for a different server;
that is, same server to same server emails don't get signed :(
- I wonder if that is the case with Google mail server to Google
mail server too; I don't know.
> change the TTL value to 3600 then save.
Why so short for TTL? If you are confident that you have the
settings correct after testing, then the TTL should be at
least 86400 (a day).
> The DNS will be updated in an hour or so.
Seems to be quick these days, but delays can still occur.
> To check it is done use the following command in the cli.
> dig TXT algphoto.com.au (press enter)
> you should see something like this...
> algphoto.com.au 3400 IN TXT "v=spf1 ip4:203.170.84.161 ~all"
> If little of this makes sense I apologise. I can help you remotely
if you would like.
When you think you have the settings right, send an email to the
following address to get a report:
[email protected]
Have a short TTL (600 perhaps, 10 minutes), until you are sure you
have everything setup correctly.
btw SPF is most often broken with the mass mailers and those
responsible for the domain name can't get the simple things
right. Stop using big tech, or, at the very least, use it properly.
Avoiding SPAM and other rubbish from Google, Outlook
and AmazonSES is neigh on impossible as the bad guys often do a
better job of setting up SPF, DKIM and DMARC than the vast
majority of domain administrators! I could go on about service
providers, so many allow so much rubbish to traverse their
networks, it is a real problem.
> regards Anthony White
Cheers
AndrewM
> _______________________________________________ > luv-main mailing list -- [email protected] > To unsubscribe send
an email to [email protected]
_______________________________________________
luv-main mailing list [email protected]
To unsubscribe send an email [email protected]
_______________________________________________
luv-main mailing list -- [email protected]
To unsubscribe send an email to [email protected]
