Koozali.org: home of the SME Server

SPF records

Offline ReetP

  • *
  • 3,722
  • +5/-0
SPF records
« on: October 05, 2018, 03:12:45 PM »
Hmmmm, had a bit of bovver with my SPF records allegedly not being right. In a discussion with the hosting provider over this and wanted to check my facts.....

[root@test ~]# dig -t txt impamark.co.uk

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> -t txt impamark.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39272
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;impamark.co.uk.         IN   TXT

;; ANSWER SECTION:
impamark.co.uk.      2709   IN   TXT   "v=spf1 mx a -all"

;; Query time: 0 msec
;; SERVER: 192.168.97.1#53(192.168.97.1)
;; WHEN: Fri Oct  5 15:03:12 2018
;; MSG SIZE  rcvd: 61


As far as I am aware that is correct?

When I test with mxtoolbox.com It all seems OK apart from one bit

Prefix Type    Value    PrefixDesc    Description
v     version    spf1       The SPF record version
+     mx       Pass       Match if IP is one of the MX hosts for given domain name
+     a       Pass       Match if IP has a DNS 'A' record in given domain
-     all       Fail       Always matches. It goes at the end of your record.

Any ideas why it shows Fail on -all ? Is that just due tio the way it 'processes' the rules, so anything after -all that hasn't matched is classed as a Fail?

All the tests below it show green ticks.

SPF Contains characters after ALL    No items after 'ALL'.
SPF Syntax Check             The record is valid

Any thoughts appreciated. I'm pretty sure my hosting provider has suffered a network block due to some spammer on my IP range but just wanted to be sure of my facts first.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: SPF records
« Reply #1 on: October 06, 2018, 04:39:15 PM »
The "-all" indicates that email from any other host not previously specified gets an SPF 'Fail' result.  In your case - if the system trying to deliver any email from "impamark.co.uk" is not in your MX or A records, the SPF result is "Fail".

I see no problems with  your SPF, PTR, or MX settings -- as long as
* your system is sending your email directly and is not relaying it through a smarthost somewhere
* you don't have any web systems running off-site trying to send email directly using your domain


Testing impamark.co.uk at https://www.kitterman.com/spf/validate.html shows that it should be OK.

mxtoolbox says your MX record is OK:
https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a212.83.143.44&run=toolpage

Same for your A record:
https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a212.83.143.44&run=toolpage#

Your PTR record looks OK:
Code: [Select]
nslookup -type=ptr 44.143.83.212.in-addr.arpa
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
44.143.83.212.in-addr.arpa name = mail.impamark.co.uk.

The A record for mail.impamark.co.uk looks OK:
Code: [Select]
nslookup mail.impamark.co.uk
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: mail.impamark.co.uk
Address: 212.83.143.44

'firehol' lists one of the IPs on your classC in one of their blocklists:
https://github.com/firehol/blocklist-ipsets/search?q=%22212.83.143%22&unscoped_q=%22212.83.143%22

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: SPF records
« Reply #2 on: October 06, 2018, 04:52:49 PM »
Thanks for all that.

I realise I could specify the IP in the TXT record as well I guess - eg add 'ip:212.83.143.44' to the TXT record

I thought it seemed OK but the bloody hosting provider seems to get some of its network blocks blacklisted sometimes.

Just wanted to make sure it wasn't me making a cockup !

I can go back and tell them to sharpen up their act ;-)

Thanks
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
Re: SPF records
« Reply #3 on: October 08, 2018, 09:19:19 PM »
Just make sure you use ip4: and not just ip:

If you are running behind a static IP address I would recommend to specify that rather than "a" or "mx".

"v=spf1 ip4:212.83.143.44 -all"


Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: SPF records
« Reply #4 on: October 08, 2018, 09:20:56 PM »
Perfect !!
Thanks for the tips.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
Re: SPF records
« Reply #5 on: October 08, 2018, 10:47:52 PM »
And when you are done use https://www.mail-tester.com/ to see whether you did everything right. If you have SPF and DKIM right you ought to get 10/10 score :-)

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: SPF records
« Reply #6 on: October 08, 2018, 11:01:29 PM »
Great tip.

Will do :-)

Thanks
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline david000

  • ****
  • 196
  • +0/-0
Re: SPF records
« Reply #7 on: January 03, 2019, 03:59:09 PM »
I think this relates to the issue I'm trying to solve here:

https://forums.contribs.org/index.php/topic,53848.0.html

I'm seeing increasing numbers of undelivered email with
Code: [Select]
<xxxx.xxxxx@telford.gov.uk>:
Connected to 212.159.9.107 but sender was rejected.
Remote host said: 550 <info@mediacopy.co.uk.co.uk> sender rejected - invalid domain (no MX or A record)

plus I clients and contacts are telling me email is going straight to their spam folder.

I don't know much about SPF records, but I assume I'm trying to align my outgoing ISPs mail server with my hosted domain ?

Presumably my dynamic IP through which SME connects to the ISPs mail server is not an issue.

Unless there is a better solution than connecting to the ISPs mail server ?

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
Re: SPF records
« Reply #8 on: February 11, 2019, 10:46:05 PM »
Im having a similar issue. Ive used the above link but cant get anything above 8 / 10
static ip
I dont know about dkim etc but have added it via cname
Any guidance from you gurus would be appreciated.
James

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
Re: SPF records
« Reply #9 on: February 11, 2019, 10:49:36 PM »
If you share a mail-tester link, then we can see where the problem lies.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: SPF records
« Reply #10 on: February 12, 2019, 11:48:11 AM »
Im having a similar issue. Ive used the above link but cant get anything above 8 / 10
static ip
I dont know about dkim etc but have added it via cname
Any guidance from you gurus would be appreciated.
James

One thing - I don't think you should use CNAME records for mail servers - you should have an A record for the server and then a MX record for it.

Then you can set up your DKIM with a TXT record.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
Re: SPF records
« Reply #11 on: February 12, 2019, 06:10:13 PM »
If you share a mail-tester link, then we can see where the problem lies.
I have attached this

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
Re: SPF records
« Reply #12 on: February 12, 2019, 07:10:57 PM »
Well, then it is clear that you do not send with DKIM enabled.  Have you created and published the DKIM keys (in DNS)?

https://wiki.contribs.org/Email#DKIM_Setup_-_qpsmtpd_version_.3E.3D_0.96

P.S
I have not tried this way of doing DKIM, but I am sure someone else here has and can guide if needed.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: SPF records
« Reply #13 on: February 12, 2019, 07:31:14 PM »
Yup.... done it both single and multiple domains.

Easy. Certainly easier than it was originally !!

Note what I said above about the use of CNAMEs. Tread with care.

https://serverfault.com/questions/91712/dns-using-cnames-breaks-mx-records

https://serverfault.com/questions/18000/dns-subdomains-that-require-both-an-mx-record-and-a-cname
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
Re: SPF records
« Reply #14 on: February 14, 2019, 08:44:30 PM »
Well, then it is clear that you do not send with DKIM enabled.  Have you created and published the DKIM keys (in DNS)?

https://wiki.contribs.org/Email#DKIM_Setup_-_qpsmtpd_version_.3E.3D_0.96

P.S
I have not tried this way of doing DKIM, but I am sure someone else here has and can guide if needed.
I must have got something wrong its now lower

Quote
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.
The DKIM signature of your message is:
   v=1;
   a=rsa-sha256;
   c=relaxed;
   d=thesecurityinstaller.co.uk;
   h=to:from:subject:message-id:date:mime-version:content-type:content-transfer-encoding;
   s=default;
   bh=W8LYD7UjVZovSJJz/TT+VYVFpOsJOHza8Uw8Pvf9Wd8=;
   b=r+0Glm9IzdR8HBRx/0dz3SNl4EBdEYL2dyA+2eWQ5oYBbl5RV74s/gLGOBhTPifU1mBNlCW3r80KJQGs5Ul26niJAlXs5UyCESL02vmpIh1+eYxprWlVMlRboUbeCxt5ffagrOqYnbMbK76t/ME/6/R1rP1mNCzstXfAE6UQ1fIOwWiXk26rUFDfgCsdrwMUsHGoqx3QFWxsH5XqTpHtxh72MqxxxxxxxxxxxQ==
We were not able to retrieve your public key.
Please ensure that you inserted your DKIM TXT DNS record on your domain thesecurityinstaller.co.uk using the selector default.
If you recently modified your DNS, please be patient and test again your Newsletter in 12 hours, it may take some time for the DNS to be propagated

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: SPF records
« Reply #15 on: February 15, 2019, 11:45:02 AM »
I must have got something wrong its now lower

Que ????

Quote
We were not able to retrieve your public key.
Please ensure that you inserted your DKIM TXT DNS record on your domain thesecurityinstaller.co.uk using the selector default.
If you recently modified your DNS, please be patient and test again your Newsletter in 12 hours, it may take some time for the DNS to be propagated

Yup - something is amiss

Is this your domain?

thesecurityinstaller.co.uk

https://mxtoolbox.com/SuperTool.aspx?action=mx%3athesecurityinstaller.co.uk&run=toolpage

https://mxtoolbox.com/domain/thesecurityinstaller.co.uk/

Go back and start looking at your DNS records.

You can post here what you have currently got set.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
Re: SPF records
« Reply #16 on: February 20, 2019, 03:25:46 PM »
Que ????

Yup - something is amiss

Is this your domain?

thesecurityinstaller.co.uk

https://mxtoolbox.com/SuperTool.aspx?action=mx%3athesecurityinstaller.co.uk&run=toolpage

https://mxtoolbox.com/domain/thesecurityinstaller.co.uk/

Go back and start looking at your DNS records.

You can post here what you have currently got set.
Great Thanks I never know what shoudl and shouldnt be posted

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
Re: SPF records
« Reply #17 on: February 20, 2019, 03:31:13 PM »
I have just added
Quote
"v=DMARC1; p=none; sp=none; rua=mailto:james.wilson@thesecurityinstaller.co.uk; ruf=mailto:james.wilson@thesecurityinstaller.co.uk; rf=afrf; pct=100; ri=86400"

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: SPF records
« Reply #18 on: February 20, 2019, 03:50:28 PM »
Not sure it is right to have 2 MX records like that. Check the mxtoolbox and you can see it isn't happy.

I *think* you should have

A comms.thesecurityinstaller.co.uk

MX comms.thesecurityinstaller.co.uk

I don't think you need the MX record for '@'

Have a look on mx toolbox using links above for my work domain impamark.co.uk to see the differences.

I have an A for mail and then an MX for mail.

I don't have MX @ because @ is not a single host / A record.

Note if you had MX backup you would add A records for each host, then a MX for each A with a priority.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline warren

  • *
  • 291
  • +0/-0
Re: SPF records
« Reply #19 on: February 20, 2019, 04:15:07 PM »
Just on the DNS entry for DKIM ( i have followed wikias above ) but had to scratch around for the formatting of the dns entry :

this is what i found works :

Type : TXT
Host name :  default_.domainkey.thesecurityinstaller.co.uk
Value : ""v=DKIM1\;p............;t=y"

where value is the dkim value you get from :
Code: [Select]
qpsmtpd-print-dns

You might have to exclude the "at begining and end " ( depends on how the DNS Provider  - some strip it out )
« Last Edit: February 20, 2019, 04:18:36 PM by warren »

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
Re: SPF records
« Reply #20 on: February 20, 2019, 04:28:41 PM »
Just on the DNS entry for DKIM ( i have followed wikias above ) but had to scratch around for the formatting of the dns entry :

this is what i found works :

Type : TXT
Host name :  default_.domainkey.thesecurityinstaller.co.uk
Value : ""v=DKIM1\;p............;t=y"

where value is the dkim value you get from :
Code: [Select]
qpsmtpd-print-dns

You might have to exclude the "at begining and end " ( depends on how the DNS Provider  - some strip it out )

I have added the attached to the 1and1 dns entry


but now get this on mail-tester.com
Quote
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.

The DKIM signature of your message is:

   v=1;
   a=rsa-sha256;
   c=relaxed;
   d=thesecurityinstaller.co.uk;
   h=to:from:subject:message-id:date:mime-version:content-type:content-transfer-encoding;
   s=default;
   bh=iLwiFZNUfdJrkW/1bs6DSZAArywjUi3Vr9qKRmodS5o=;
   b=aQxVMpJbPyY9frs0LKLMS7tgOQpVUSnd5JKpjrmKEKuqoPEqR/hqMR862lrQg2rlhDZMEOAdjOIVodqhFtJCxkZ444H9ObrD1917w4PW/HS2oDx+/+b19bmDzKdYrBPbheMAiytPQ+hl5+87vlX4Aeyd/W2yhzdSP8KSf+RLASg1YAEjL1zxwAjWlUx374LavnMyjzpSM47OFX5ajHFTPaPlsK0CZbokCuyT429h68isdKmmFtYLAPgFr4wPNZr0ayrXLVFZNps2T5ct08eqxJaLijd+e++hIYzZXbxC9UOt6Wi3IJf3Zs07UEQhC49Iu1iPM9mRpigNmfGLpYsSgA==

We were not able to retrieve your public key.
Please ensure that you inserted your DKIM TXT DNS record on your domain thesecurityinstaller.co.uk using the selector default.
If you recently modified your DNS, please be patient and test again your Newsletter in 12 hours, it may take some time for the DNS to be propagated

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
Re: SPF records
« Reply #21 on: February 20, 2019, 04:29:09 PM »
Not sure it is right to have 2 MX records like that. Check the mxtoolbox and you can see it isn't happy.

I *think* you should have

A comms.thesecurityinstaller.co.uk

MX comms.thesecurityinstaller.co.uk

I don't think you need the MX record for '@'

Have a look on mx toolbox using links above for my work domain impamark.co.uk to see the differences.

I have an A for mail and then an MX for mail.

I don't have MX @ because @ is not a single host / A record.

Note if you had MX backup you would add A records for each host, then a MX for each A with a priority.
i have removed the comms entries as i dont know what they were for.

Offline warren

  • *
  • 291
  • +0/-0
Re: SPF records
« Reply #22 on: February 20, 2019, 04:51:20 PM »
I have added the attached to the 1and1 dns entry


but now get this on mail-tester.com

The host name must be : default_.domainkey.thesecurityinstaller.co.uk

The value field must only contain : "v=DKIM1\;p............;t=y"

When finished it should look like below part :
Code: [Select]
Type HostName                           Value
TXT default_.domainkey.thesecurityinstaller.co.uk       "v=DKIM1\;p............;t=y"



at the moment nslookup shows no record ( neither soes MXtoolbox) :
Code: [Select]
dig -t txt default_.domainkey.thesecurityinstaller.co.uk

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> -t txt default_.domainkey.thesecurityinstaller.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5689
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;default_.domainkey.thesecurityinstaller.co.uk. IN TXT

;; Query time: 2141 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Feb 20 17:31:19 2019
;; MSG SIZE  rcvd: 63


Once you have the format correct you will get following from dig ( Use Reetp domain as example )

Code: [Select]
dig -t txt  default._domainkey.impamark.co.uk

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> -t txt default._domainkey.impamark.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35998
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;default._domainkey.impamark.co.uk. IN  TXT

;; ANSWER SECTION:
default._domainkey.impamark.co.uk. 3600 IN TXT  "v=DKIM1\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpPAb1A/itvbbFdKbMywrSxP5myVnfiIHwdOdtCxt/jsJBQ5DlFD0VXQ3JWLZ4aaOc2QQFVhjoZWTnwTZ35m/DjATpydexaC9cvg8TzoZ3VHvQ4VEXBhWlwaRET7oK8NUQHoe56EZILGb60kRjV5tuDygka4i/J0C5ulqkO2JfQQIDAQAB\;"

;; Query time: 903 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Feb 20 17:50:43 2019
;; MSG SIZE  rcvd: 291


Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: SPF records
« Reply #23 on: February 20, 2019, 05:00:38 PM »
Quote
If you recently modified your DNS, please be patient and test again your Newsletter in 12 hours

So you may need to wait for changes to propagate.

I still believe you would also be better off having a specific mail host and not relying on @ just the same as you have an A record for www

So like I said before, an A record for mail 'host' and a MX record for it as well. Eg:

A mail.thesecurityinstaller.co.uk

MX mail.thesecurityinstaller.co.uk

That way you can move your mail host as you require.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline warren

  • *
  • 291
  • +0/-0
Re: SPF records
« Reply #24 on: February 20, 2019, 07:19:15 PM »
Your DNS Record is entered incorrectly :
this is how its showing :
Code: [Select]
dig -t txt thesecurityinstaller.co.uk
;; Warning: Message parser reports malformed message packet.
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> -t txt thesecurityinstaller.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62769
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;thesecurityinstaller.co.uk.    IN      TXT

;; ANSWER SECTION:
thesecurityinstaller.co.uk. 3600 IN     TXT     "v=spf1 include:_spf.perfora.net include:_spf.kundenserver.de ip4:81.143.33.108 ~all"
thesecurityinstaller.co.uk. 3600 IN     TXT     "v=DMARC1\; p=none\; sp=none\; rua=mailto:james.wilson@thesecurityinstaller.co.uk\; ruf=mailto:james.wilson@thesecurityinstaller.co.uk\; rf=afrf\; pct=100\; ri=86400"
thesecurityinstaller.co.uk. 3600 IN     TXT     "default._domainkey IN TXT v=DKIM1\;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9vP9oXU3IcKu8yOu0cXeCuFK+ZqM/L4EIa9+9yByi7R0ErB/uFLeclmHn0CPsV2REJk97jogL5P2sfT+I7WcRApGVD2Xv4v5krT5YrjKBMgO2u2bBF3yLTqs3e1pgOleI4BuemMaaz702ymmQgVCaIaP4ytoZylKY6ueDr5/XcWD7V" "btk0HO8iebJraimGF9PDs3Q/5izd+g2qxrpxyRatfBtgZL5mPnO7HzCIbmkTcSlAEUuY2HxSj/TTKpMA/LYZJlnaq9VzPuu5XLbPCRCKW43AJ9r3pEvZ6YfAuh2fuEmDpsZnqHX3BBIWMZloFB6hCI37M2X68rAeD3FeOCQIDAQAB\;t=y @ IN SPF v=spf1 mx a -all @ IN TXT v=spf1 mx a -all _dmarc IN TXT v=DMARC1\; p" "=none\; adkim=s\; aspf=r\; rua=mailto:dmarc-feedback@thesecurityinstaller.co.uk\; pct=100"




It should look like :

Code: [Select]
default_.domainkey.thesecurityinstaller.co.uk.  3600 IN     TXT   " v=DKIM1\;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9vP9oXU3IcKu8yOu0cXeCuFK+ZqM/L4EIa9+9yByi7R0ErB/uFLeclmHn0CPsV2REJk97jogL5P2sfT+I7WcRApGVD2Xv4v5krT5YrjKBMgO2u2bBF3yLTqs3e1pgOleI4BuemMaaz702ymmQgVCaIaP4ytoZylKY6ueDr5/XcWD7V" "btk0HO8iebJraimGF9PDs3Q/5izd+g2qxrpxyRatfBtgZL5mPnO7HzCIbmkTcSlAEUuY2HxSj/TTKpMA/LYZJlnaq9VzPuu5XLbPCRCKW43AJ9r3pEvZ6YfAuh2fuEmDpsZnqHX3BBIWMZloFB6hCI37M2X68rAeD3FeOCQIDAQAB\;t=y"

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
Re: SPF records
« Reply #25 on: February 20, 2019, 07:51:43 PM »
I have tried adding as both a txt entry and a subdomain

default_.domainkey.thesecurityinstaller.co.uk

but I get this error

The subdomain contains invalid characters.
Allowed: Letters from a-z, numerics from 0-9 and hyphens.

It seems I cant use _ in either?

Thanks

Offline warren

  • *
  • 291
  • +0/-0
Re: SPF records
« Reply #26 on: February 20, 2019, 08:27:10 PM »
I have tried adding as both a txt entry and a subdomain

default_.domainkey.thesecurityinstaller.co.uk

but I get this error

The subdomain contains invalid characters.
Allowed: Letters from a-z, numerics from 0-9 and hyphens.

It seems I cant use _ in either?

Thanks

Never used 1&1....
check if this helps ( from 4:38 onwards ) https://www.youtube.com/watch?v=Bj1Xq-Hvh24