On 17/02/2023 17:39, steve-ALUG@hst.me.uk wrote:
Hi all
I have just seen a message saying that Gmail is going to reject all emails without an SPF set up, so I thought I'd try for my mail server.
Of course I have immediately run into trouble.
My email gets sent via a virgin media server, currently smtp.ntlworld.com but I may update to smtp.virginmedia.com in future
I used an SPF Wizard https://www.spfwizard.net
It generated
v=spf1 mx a a:smtp.ntlworld.com a:smtp.virginmedia.com ~all
which if I read it right, accepts my domain, or smtp.ntlworld.com or smtp.virginmedia.com as valid email handlers for my email, with a "soft fail". [I used a soft fail for debugging - I want to swap to hard fail, but can't until I get this right]
I've sent a couple of emails to test, and here's the snag. By the time they get to google, they're coming from 212.54.57.96 212.54.57.97
If I do a whois on that, I get back ziggo.nl (VODAFONEZIGGO)
I expect email to smtp.ntlworld.com gets redirected to another server, or group of servers, inside virgin media, no doubt with a name like MAILSERVER.virginmedia.com (for some value of MAILSERVER), and that's handled by a range of IP addresses.
How can I craft a valid SPF record, if I don't know which IP addresses or name to put in the spf?
Why is virgin media mail ending up on a server in NL, or is that just an out-of-date or wrong whois lookup?
Any ideas?????
I'm struggling!
Fixed!
Eventually I found
https://community.virginmedia.com/t5/Email/Sending-email-using-your-own-doma...
and included
include:_smtprelay.virginmedia.com
in my SPF record. That file points to virgin media's list of email addresses used for mail sending.
FWIW I also have created a (do almost nothing) DMARC Record along the lines of what's on that website. There was a slight error/omission in what was listed. It should be of the format:
v=DMARC1; p=none; rua=mailto:reportaddress@domain
Steve