On 6/17/22 07:56, Thomas Cameron wrote:
I have set up spf, dmarc, and dkim for my email domain. It *seems* to work well. I tested it by sending an email to my GMail account. When I look at the headers of the email, GMail says that it passes all three tests:
ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@camerontech.com header.s=default header.b=My0caSvG; spf=pass (google.com: best guess record for domain of thomas.cameron@camerontech.com designates 3.138.45.83 as permitted sender) smtp.mailfrom=thomas.cameron@camerontech.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=camerontech.com
But then, when I do something like send email to this list, I suddenly get a TON of error messages saying that the email failed spf tests because it's coming from the server of the mailing list instead of my email server. Is that normal? It's kind of frustrating. I added the ip address of the Fedora list server to my spf record, but that seems really hackish.
What do folks do to set up email with dmarc, spf, and so on?
Hi Thomas,
Here's how I setup SPF.
Create a separate subdomain in DNS to contain the spf TXT record that points to the mailserver:
_spf.hostisimo.com. TXT "v=spf1 ip4:78.138.24.13 ~all"
Now add an spf redirect TXT record to the mail server's domain and any other domains and subdomains that use the mail server.
mailserver's domain: hostisimo.com. TXT "v=spf1 redirect=_spf.example.com"
a subdomain: nospam.hostisimo.com. TXT "v=spf1 redirect=_spf.example.com"
Here's what google says about it:
ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of nobody@nospam.hostisimo.com designates 78.138.24.13 as permitted sender)...
That's it. ezpz.
Mike Wright