The Proper Entry For an Sender Policy Framework TXT Record

[Midimistro]

I am looking to add an SPF entry into our TXT record to ensure that our emails don't end up in spam since we are transitioning from AT&T/Yahoo mail, to Bluehost/Horde.
As of right now, the email sends out just fine from both sources, however Google and Yahoo complain that it may not have come from our domain if the email is sent by Bluehost, and this could be a problem with stricter systems that our customers may have. According to the searches I've done, this can be rectified by creating the proper SPF TXT entry in our DNS provider, which would be ZoneEdit.

v=spf1 a mx ptr include:bluehost.com ?all

The above is what Bluehost provides me, however this throws errors in the ZoneEdit TXT editor (I already know part of that is because the use of ptr is discouraged). Just to add to the complication, I need to also be able to send out via AT&T, so that also needs to be added to the SPF entry until the transition is complete.

This is the closest I can come up with, but I don't want to commit till its right, otherwise we may loose emails:

v=spf1 a mx ip4:<OurBluehostServerIP> include:att.net ?all

Can anyone verify this or correct it?

 

[Chris Cherry]

Hello Midimistro,

If you don't mind, would you be able to provide your domain name so we can run some SPF checks? The SMTP server needs to be listed in the SPF record on your domain in some fashion, but as to what SPF mechanism you use is unknown until we understand whether your SMTP host uses multiple IP addresses or has an "include" that you can use in your record.

 

[Chris Cherry]

BTW, using "include:att.net" will likely result in errors as well since the root domain "att.net" has NO SPF record information set up. The "ptr" mechanism is simply not recommended and likely shouldn't be used unless you specifically need it.

;; QUESTION SECTION:
;att.net. IN TXT

;; AUTHORITY SECTION:

att.net. 573 IN SOA wycu.wy.br.np.els-gms.att.net. rm-hostmaster.ems.att.com. 1291 86400 10000 604800 900


Also, you're right, don't use include:bluehost.com as their own SPF record is exceeding the 10 DNS Lookup limit (essentially causing delivery issues on their own). If you use their include, you're shooting yourself in the foot.

 

[Midimistro]

That only partially answers my question. What is the correct way to write the TXT entry so that the bluehost server I'm using and our AT&T mail can both send/receive mail? I'd imagine using the ip4 entry I provided earlier is correct, but I'm not clear on how to add the AT&T side.

 

[Chris Cherry]

That's the problem, you need to know the specifications from the email host as to what SPF mechanism you need to use. We don't know this information as it's not our email system you're using. I did some Google searches and found "include:_spf.mail.yahoo.com" which MIGHT be what you can use, but I can't guarantee that is correct.

Let's pretend your IP address for your website is 18.221.126.228 (which is actually what bluehost.com resolves to). For example, if that is the server which sends the emails for your domain, and if the SPF record I Googled for att/yahoo is correct, then your SPF record would be:

v=spf1 ip4:18.221.126.228 include:_spf.mail.yahoo.com ?all

or, if the DNS has your root record pointing to 18.221.126.228 and that is also the SMTP server, then you can use something as simple as:

v=spf1 a include:_spf.mail.yahoo.com ?all

- That way, if Bluehost was to switch you to a different server with a new IP address, you wouldn't have to change the SPF record as you would with my first example.