Menu
Reply
  • 75
  • 3
  • 1
munrobasher
Dialled in
459 Views
Message 1 of 10
Flag for a moderator

SPF record for sending email via smtp.ntlworld.com

My personal domain @myname.me.uk currently doesn't have an SPF record but I'm considering adding one. I send email via smtp.ntlworld.com with logon authentication and SSL encryption from Outlook. My guess at my SPF record would be:

v=spf1 include:ntlworld.com -all

I've used the rather useful SPF validation tool at http://www.kitterman.com/spf/validate.html to check this record and it nests to _spf.ntlworld.com which then nests down and down to end up with the IP addresses of, I assume, all the VM STMP servers.

Am I barking up the right tree?

0 Kudos
Reply

Helpful Answers
  • 13.65K
  • 720
  • 4.73K
Superuser
Superuser
878 Views
Message 2 of 10
Flag for a moderator
Helpful Answer

Re: SPF record for sending email via smtp.ntlworld.com

Hint:

If you're only using smtp.ntlworld.com to send your mail then all you are really using is Virgin Media's outbound smtp relays

As you've already drilled down through the ntlworld smtp records - which one do you think best applies?

However - all you really need is to use is v=spf1 redirect:ntlworld.com - UNLESS you are using any other servers to send your mail.

This is probably one of the easiest choices as it simply tells the mail server to use the SPF record for ntlworld.com to validate the send for your domain.

Ravenstar68

________________________________________


Only use Helpful answer if your problems been solved.

  • 75
  • 3
  • 1
munrobasher
Dialled in
835 Views
Message 6 of 10
Flag for a moderator
Helpful Answer

Re: SPF record for sending email via smtp.ntlworld.com

You obviously know a lot more about this than me and thanks but for anyone else reading this, it's actually redirect=ntlworld.com so the entire record is:

v=spf1 redirect=ntlworld.com

All Replies
  • 13.65K
  • 720
  • 4.73K
Superuser
Superuser
879 Views
Message 2 of 10
Flag for a moderator
Helpful Answer

Re: SPF record for sending email via smtp.ntlworld.com

Hint:

If you're only using smtp.ntlworld.com to send your mail then all you are really using is Virgin Media's outbound smtp relays

As you've already drilled down through the ntlworld smtp records - which one do you think best applies?

However - all you really need is to use is v=spf1 redirect:ntlworld.com - UNLESS you are using any other servers to send your mail.

This is probably one of the easiest choices as it simply tells the mail server to use the SPF record for ntlworld.com to validate the send for your domain.

Ravenstar68

________________________________________


Only use Helpful answer if your problems been solved.

  • 75
  • 3
  • 1
munrobasher
Dialled in
444 Views
Message 3 of 10
Flag for a moderator

Re: SPF record for sending email via smtp.ntlworld.com

The reason I'm checking this is because smtp.ntlworld.com resolves to 62.254.26.219 but if you following the SPF tree down, you end up at this subnets:

80.0.253.64/28
81.104.62.32/28
212.54.59.64/26
212.54.57.64/26

And 62.254.26.219 is not in those subnets so won't be passed as an authenticated server?

0 Kudos
Reply
  • 13.65K
  • 720
  • 4.73K
Superuser
Superuser
438 Views
Message 4 of 10
Flag for a moderator

Re: SPF record for sending email via smtp.ntlworld.com

smtp.ntlworld.com - is simply a proxy that redirects the connection to one of 32 outbound smtp relays. - the addresses starting 212.x.x.x - are only used by the webmail service and are not relevant if you only send via smtp.ntlworld.com.

So the part of the SPF record that's relevant is this one - 

_smtprelay.virginmedia.com text =

"v=spf1 ip4:80.0.253.64/28 ip4:81.104.62.32/28 ~all"

Ravenstar68

As noted above if you use redirect:ntlworld.com - It'll work just fine.

 

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply
  • 75
  • 3
  • 1
munrobasher
Dialled in
432 Views
Message 5 of 10
Flag for a moderator

Re: SPF record for sending email via smtp.ntlworld.com

Thanks for the quick reply - whilst I'm familiar with the query behind all of this, your comment prompted me to go back to the classroom ;-) Of course I'm using a relay - doh! Google, bless them, adds a very useful line to the message headers:

Received-SPF: neutral (google.com: 80.0.253.65 is neither permitted nor denied by best guess record for domain of rob@mydomain.me.uk) client-ip=80.0.253.65 ;

I was typing this as your second useful reply came in. All makes sense now.

 

0 Kudos
Reply
  • 75
  • 3
  • 1
munrobasher
Dialled in
836 Views
Message 6 of 10
Flag for a moderator
Helpful Answer

Re: SPF record for sending email via smtp.ntlworld.com

You obviously know a lot more about this than me and thanks but for anyone else reading this, it's actually redirect=ntlworld.com so the entire record is:

v=spf1 redirect=ntlworld.com
  • 75
  • 3
  • 1
munrobasher
Dialled in
422 Views
Message 7 of 10
Flag for a moderator

Re: SPF record for sending email via smtp.ntlworld.com

I've updated my DNS settings and then hit this one when I checked it:

DNS Type SPF use has been removed in the standards track version of SPF, RFC 7208. These records should be removed.

That's because I added it as a SPF record on Fasthosts. More reading reveals I should do it as a TXT record.

0 Kudos
Reply
  • 13.65K
  • 720
  • 4.73K
Superuser
Superuser
414 Views
Message 8 of 10
Flag for a moderator

Re: SPF record for sending email via smtp.ntlworld.com

That's correct - if it's any consolation I made the same mistake when I first looked into SPF.

Originally they used a Separate SPF record (type 99) then decided that it would be best to use a TXT record for SPF so withdrew the SPF record type.  Indeed DKIM and DMARC both use TXT records as well.

The reason for using TXT records is that allowed for new standards to be created without needing to have a specific DNS record type ratified by IANA for every new standard.

Ravenstar68

Edit - BTW you're right about the redirect - my error.

As you've stated it should indeed be v=spf1 redirect=ntlworld.com - I've given you kudos for the spot.

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply
  • 75
  • 3
  • 1
munrobasher
Dialled in
397 Views
Message 9 of 10
Flag for a moderator

Re: SPF record for sending email via smtp.ntlworld.com

DKIM is next on my reading list. I ended up here today as a result of a client saying that when their Office 365 (Exchange) email is received by Google Mail, it's shown as "via theirdomain.onmicrosoft.com" which is a little worrying. In order to gen up on this topic, I decided to play with my own domains first before making any changes to theirs!

Thanks for your help.

0 Kudos
Reply
  • 13.65K
  • 720
  • 4.73K
Superuser
Superuser
383 Views
Message 10 of 10
Flag for a moderator

Re: SPF record for sending email via smtp.ntlworld.com

This post explains why Google adds additional info to the email addresses.

https://support.google.com/mail/answer/1311182?hl=en

Ravenstar68

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply