1

I setup postfix and mailx (Fedora25) for sending mail through a contact form on my website, and I am looking to add SPF1 and DKIM signature for increase my validity, but I'm having a hard time sorting out how to add the SPF record to my DNS Zone file on GoDaddy.

I already had a Google verification TXT record, so I can't simply add the SPF. I found some instructions to add multiple. There are warnings about adding multiple entries, but leading research had me noting that separating them with a space encased in quotes should work, so I ended up trying:

"google-site-verification=9s8d7f6h98e5hd5rn" "v=spf1 a mx include:adammackintosh.net ~all"

I then ran an SPF checker tool and it showed the updated record but said 'no valid SPF found' (kitterman tool).

Can anyone help me add this through GoDaddy?

agm1984
  • 113
  • 4

2 Answers2

1

Define both; this is a friend's list of TXT records. His email got migrated to google just fine, and the SPF one works (both in testing, and according to one of openspf.org's recommended testing tools):

[me@risby ~]$ dig txt theonlinedoor.com
[...]
;; QUESTION SECTION:
;theonlinedoor.com.             IN      TXT

;; ANSWER SECTION:
theonlinedoor.com.      3600    IN      TXT     "v=spf1 include:_spf.google.com ?all"
theonlinedoor.com.      3600    IN      TXT     "google-site-verification=8MWNW2EeagfeQ1ea4OSG1-fq0yI9M5HGDCdH0y8aSfM"

Though I will add in passing my customary grumpy note that an SPF record that doesn't end -all is functionally useless, and you should not bother.

MadHatter
  • 78,442
  • 20
  • 178
  • 229
  • Thanks for your grumpo note. I wasn't aware on the character preceding all. Let me paste it for others in the future: + Pass = The address passed the test; accept the message. Example: "v=spf1 +all" - (Hard) Fail = The address failed the test; bounce any e-mail that does not comply. Example: "v=spf1 -all" ~ Soft Fail = The address failed the test, but the result is not definitive; accept & tag any non-compliant mail. Example: "v=spf1 ~all" ? Neutral = The address did not pass or fail the test; do whatever (probably accept the mail). Example: "v=spf1 ?all" – agm1984 Jan 05 '17 at 18:44
  • @agm1984 if this has answered your question, feel free to accept it by clicking the "tick" outline next to it. This is the local etiquette, and it drives the reputation system for us both. My apologies if you already know this. – MadHatter Jan 05 '17 at 20:34
  • It didn't directly answer it, but it helped me get it set up. I can't mark my own answer until tomorrow, so I'll just do yours :) – agm1984 Jan 05 '17 at 21:13
0

I got it figured out. This is specific to GoDaddy:

  1. Login to GoDaddy and edit your DNS Zone File for specified domain.
  2. Click 'Add Record'.
  3. Select TXT Record Type
  4. Under TXT Value, put v=spf1 -all
  5. Save

Now, if you run:

 dig txt yourhostname.com

You will see two TXT entries in the answer section. I have seen some cautions about having multiple TXT entries can cause issues at some email service providers (ESPs), so you should send some mails out to Gmail, AOL, Hotmail, Yahoo and make sure they are detecting it. Try right clicking the email and select 'view source'. Look in the headers for SPF. Gmail at least doesn't show headers. I recall Hotmail does.

v=spf1 -all is the setting if you are sending mail from your server without a subdomain, such as foo@servername.com if you are editing the TXT for servername.com.

I had an error about trivial information when I had include:servername.com added.

The other tool to check is kitterman.com (reference: http://www.kitterman.com/spf/validate.html). That is where I had the `trivial information' error bit at first.

Now, it says:

 Found v=spf1 record for adammackintosh.net: 
 v=spf1 -all 
 evaluating...
 SPF record passed validation test with pySPF (Python SPF library)!

Thanks to MadHatter for the tip about -all flag.

Next on my list anyway is to set up DKIM and then ensure my domain is at least known to all the major ESPs. I saw instant improvement when I verified my domain at http://postmaster.google.com.

I used to do a lot of affiliate email marketing, so I can tell you that your header setup is critical to deliverability potential. You should also sign up for feedback loop (FBL) on all the ESPs. We are starting to split hairs, but it's worth setting everything up so your transactional emails don't land in the spam/junk box due to small config anomaly.

When you are improving your ip/domain's reputation, keep a really close eye on 400 and 500 level smtp errors. 500 is super bad and 400 is throttling usually. Don't mess with them or you will get "black holed" as we called it. As your reputation improves, your delivery numbers will go up also. I don't ever recommend trying to blast out like 100,000 emails on fresh domain.

Hope that helps someone in the future,

Adam

agm1984
  • 113
  • 4