If your DNS server maintains SPF records, you can determine the TXT records by making the below "dig" query:
$dig @ns.mycompany.com mycompany.com TXT
; <<>> DiG 9.7.1 <<>> @ns.mycompany.com mycompany.com txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30737
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;mycompany.com. IN TXT
;; ANSWER SECTION:
mycompany.com. 3600 IN TXT "google-site-verification=W....A"
mycompany.com. 3600 IN TXT "v=spf1 mx ip4:x.x.x.x ip4:
x.x.x.x ip4:x.x.x.x ip4:x.x.x.x.x ip4:x.x.x.x ip4:x.x.x.x ip4:x.x.x.x ip4:x.x.x.x include:mail.com include:yahoo.com include:_spf.google.com ~all"
;; AUTHORITY SECTION:
mycompany.com. 3600 IN NS ns1.mycompany.com.
mycompany.com. 3600 IN NS ns2.mycompany.com.
mycompany.com. 3600 IN NS ns3.mycompany.com.
;; ADDITIONAL SECTION:
ns1.mycompany.com. 86400 IN A x.x.x.x
ns2.mycompany.com. 86400 IN A x.x.x.x
ns3.mycompany.com. 86400 IN A x.x.x.x
;; Query time: 204 msec
;; SERVER: x.x.x.x#53(x.x.x.x)
;; WHEN: Sat Mar 15 16:54:06 2014
;; MSG SIZE rcvd: 474
Since Amazon SES is not part of the above SPF records maintained by mycompany's DNS server, the email's sent through Amazon SES with an verified email address such as no-reply@mycompany.com may be marked as spam by receiving email servers. This record tells what servers are authorized to send messages from your domain and Amazon SES servers are not included on this list.It also says what to do if a message is received from a server outside of that list - "~all" means "messages should be accepted but tagged".
The reasons to implement SPF is outlined in wikipedia article: Reasons to implement SPF - "If a domain publishes an SPF record, spammers and phishers are less likely to forge e-mails pretending to be from that domain, because the forged e-mails are more likely to be caught in spam filters which check the SPF record. Therefore, an SPF-protected domain is less attractive to spammers and phishers. Because an SPF-protected domain is less attractive as a spoofed address, it is less likely to be blacklisted by spam filters and so ultimately the legitimate e-mail from the domain is more likely to get through."
Once you add Amazon SES to your DNS server's SPF records, the "dig" query return values will look like
$dig @ns.mycompany.com mycompany.com TXT
; <<>> DiG 9.7.1 <<>> @ns.mycompany.com mycompany.com txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30737
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;mycompany.com. IN TXT
;; ANSWER SECTION:
mycompany.com. 3600 IN TXT "google-site-verification=W....A"
mycompany.com. 3600 IN TXT "v=spf1 mx ip4:x.x.x.x ip4:
x.x.x.x ip4:x.x.x.x ip4:x.x.x.x.x ip4:x.x.x.x ip4:x.x.x.x ip4:x.x.x.x ip4:x.x.x.x include:mail.com include:yahoo.com include:_spf.google.com include:amazonses.com ~all"
;; AUTHORITY SECTION:
mycompany.com. 3600 IN NS ns1.mycompany.com.
mycompany.com. 3600 IN NS ns2.mycompany.com.
mycompany.com. 3600 IN NS ns3.mycompany.com.
;; ADDITIONAL SECTION:
ns1.mycompany.com. 86400 IN A x.x.x.x
ns2.mycompany.com. 86400 IN A x.x.x.x
ns3.mycompany.com. 86400 IN A x.x.x.x
;; Query time: 204 msec
;; SERVER: x.x.x.x#53(x.x.x.x)
;; WHEN: Sat Mar 15 16:54:06 2014
;; MSG SIZE rcvd: 474
$dig @ns.mycompany.com mycompany.com TXT
; <<>> DiG 9.7.1 <<>> @ns.mycompany.com mycompany.com txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30737
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;mycompany.com. IN TXT
;; ANSWER SECTION:
mycompany.com. 3600 IN TXT "google-site-verification=W....A"
mycompany.com. 3600 IN TXT "v=spf1 mx ip4:x.x.x.x ip4:
x.x.x.x ip4:x.x.x.x ip4:x.x.x.x.x ip4:x.x.x.x ip4:x.x.x.x ip4:x.x.x.x ip4:x.x.x.x include:mail.com include:yahoo.com include:_spf.google.com ~all"
;; AUTHORITY SECTION:
mycompany.com. 3600 IN NS ns1.mycompany.com.
mycompany.com. 3600 IN NS ns2.mycompany.com.
mycompany.com. 3600 IN NS ns3.mycompany.com.
;; ADDITIONAL SECTION:
ns1.mycompany.com. 86400 IN A x.x.x.x
ns2.mycompany.com. 86400 IN A x.x.x.x
ns3.mycompany.com. 86400 IN A x.x.x.x
;; Query time: 204 msec
;; SERVER: x.x.x.x#53(x.x.x.x)
;; WHEN: Sat Mar 15 16:54:06 2014
;; MSG SIZE rcvd: 474
Since Amazon SES is not part of the above SPF records maintained by mycompany's DNS server, the email's sent through Amazon SES with an verified email address such as no-reply@mycompany.com may be marked as spam by receiving email servers. This record tells what servers are authorized to send messages from your domain and Amazon SES servers are not included on this list.It also says what to do if a message is received from a server outside of that list - "~all" means "messages should be accepted but tagged".
The reasons to implement SPF is outlined in wikipedia article: Reasons to implement SPF - "If a domain publishes an SPF record, spammers and phishers are less likely to forge e-mails pretending to be from that domain, because the forged e-mails are more likely to be caught in spam filters which check the SPF record. Therefore, an SPF-protected domain is less attractive to spammers and phishers. Because an SPF-protected domain is less attractive as a spoofed address, it is less likely to be blacklisted by spam filters and so ultimately the legitimate e-mail from the domain is more likely to get through."
Once you add Amazon SES to your DNS server's SPF records, the "dig" query return values will look like
$dig @ns.mycompany.com mycompany.com TXT
; <<>> DiG 9.7.1 <<>> @ns.mycompany.com mycompany.com txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30737
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;mycompany.com. IN TXT
;; ANSWER SECTION:
mycompany.com. 3600 IN TXT "google-site-verification=W....A"
mycompany.com. 3600 IN TXT "v=spf1 mx ip4:x.x.x.x ip4:
x.x.x.x ip4:x.x.x.x ip4:x.x.x.x.x ip4:x.x.x.x ip4:x.x.x.x ip4:x.x.x.x ip4:x.x.x.x include:mail.com include:yahoo.com include:_spf.google.com include:amazonses.com ~all"
;; AUTHORITY SECTION:
mycompany.com. 3600 IN NS ns1.mycompany.com.
mycompany.com. 3600 IN NS ns2.mycompany.com.
mycompany.com. 3600 IN NS ns3.mycompany.com.
;; ADDITIONAL SECTION:
ns1.mycompany.com. 86400 IN A x.x.x.x
ns2.mycompany.com. 86400 IN A x.x.x.x
ns3.mycompany.com. 86400 IN A x.x.x.x
;; Query time: 204 msec
;; SERVER: x.x.x.x#53(x.x.x.x)
;; WHEN: Sat Mar 15 16:54:06 2014
;; MSG SIZE rcvd: 474
No comments:
Post a Comment