SPF. What a pain in the ass. I think I finally got it working for unternet.net; I'd forgotten to escape the quotes in my bash templates, so the resulting TXT records weren't quoted and thus were being returned with no spaces between the elements. Then finally realized I had to set /etc/mailname to be simply unternet.net, not the FQDN of the host; naturally I realized this after already polluting my zonefiles with the SPF (TXT) records for each hostname in the zone.

I guess the biggest part of my misunderstanding was that SPF tests use primarily the envelope (MAIL FROM) address, not the 'From:' header address. Not all seemingly-authoritative webpages discussing SPF make this clear.

Then there's waiting for hours between changes for the cached DNS information to propagate, unless you want to lower your TTL to 5 minutes and hope you remember to set it back.

Also, I saw old newsbriefs on the web that said Hotmail will "junk" any email that doesn't use SenderID. Well, Hotmail doesn't even use SenderID themselves:

jcomeau@unixshell:~$ dig hotmail.com txt

; <<>> DiG 9.2.4 <<>> hotmail.com txt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59637
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;hotmail.com. IN TXT

hotmail.com. 2696 IN TXT "v=spf1 include:spf-a.hotmail.com include:spf-b.hotmail.com include:spf-c.hotmail.com include:spf-d.hotmail.com ~all"

;; Query time: 3 msec
;; WHEN: Sun Jun 3 07:56:43 2007
;; MSG SIZE rcvd: 157

I sure don't see any spf2.0 records, do you? AOL has it, though. Anyway, I haven't been able to get Hotmail to accept my mail yet. Not sure what it's going to take. I don't know how to implement domainkeys yet.

Back to blog or home page

last updated 2013-01-10 20:54:09. served from tektonic