Can I "overwrite" or (if that's not possible) ignore an SPF record for a specific sender domain?
Basically I want to add additional sender IPs to the "official" SPF record.
Example: Let's say the SPF for dom.com is "v=spf1 ipv4:1.2.3.4 -all" but I also want to treat e-mails from dom.com senders sent via 2.3.4.5 als legitimate.
Thank you in advance!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
To clarify: This is about the SPF of a remote domain that's sending to us, NOT for a domain Scrollout sends out for.
@MACscr: Of course that would be best but unfortunately we cannot change the SPF record because it's for a customer's domain we have no control of.
Whitelisting does not help, Scrollout still rejects e-mails sent via servers not in the SPF.
@Marius: The SPF is for a remote domain so we cannot change it.
I fully understand that this is an unusual request :) If the sender domain's SPF designates a sending server as "fail" I'd expect Scrollout to reject those messages but in our case it'd be still "nice" to override it somehow ...
Last edit: Anonymous 2016-02-06
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I run into this a lot where people don't know how to configure their own SPF and they ask me to whitelist them, "because this happens all the time." I don't comply with their stupid request. I educate them. This is most common with people who use Office365 and allow it to autoconfig their DNS records which results in an SPF record with -all
Then they wonder why their newsletters from a non-Office365 server all get rejected.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If you want to alter the SPF or whitelist a domain without DKIM/SPF, the only secure way is to whitelist their IPs in /var/www/rbldns/reputation-ip-{0.100}
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
is there a way to make scrollout override the fact that the originating domain has ~all spf policy, and treat it as it had -all, so actively refusing any mail not coming from the official servers? This would kill most malware pretending to come from existing services having a relaxed spf policy (express couriers, isp, etc.)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There are already options to disable DKIM and SRS for SPF on outbound. Make sure you have the latest updates.
The entries there are more informational than anything else, and wont do anything if you dont setup your own DNS records accordingly. If you keep DKIM enabled on the outbound, and do not update your DNS record, then your messages will have the DKIM header, but recipients wont be able to validate them (no harm no foul). Disabling DKIM will remove the header. It is always recommended to keep them enabled and update your DNS records accordingly. This way when email leaving your server can be properly validated and less likely to be marked as SPAM. In the future, create a new thread for seperate requests.
When you add thier domain to the UI Whitelist. When added to the whitelist, a SPAM score of -100 is added, which should be way more than enough to counter an SPF failure. If not, you may need to analyze the SPAM score (seen in mail.log or the email header) to determine why the message is still being flagged and/or blocked. Rarely are emails blocked by SPF alone.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
View and moderate all "Get Help" comments posted by this user
Mark all as spam, and block user from posting to "Discussion"
Hi,
Can I "overwrite" or (if that's not possible) ignore an SPF record for a specific sender domain?
Basically I want to add additional sender IPs to the "official" SPF record.
Example: Let's say the SPF for dom.com is "v=spf1 ipv4:1.2.3.4 -all" but I also want to treat e-mails from dom.com senders sent via 2.3.4.5 als legitimate.
Thank you in advance!
can you not simply adjust the real SPF dns record instead? that seems more like the proper thing to do. If not, simly whitelist the domain.
The SPF in the GUI is presented as an example and a reminder to be use.
You can place any VALID SPF in your DNS.
View and moderate all "Get Help" comments posted by this user
Mark all as spam, and block user from posting to "Discussion"
To clarify: This is about the SPF of a remote domain that's sending to us, NOT for a domain Scrollout sends out for.
@MACscr: Of course that would be best but unfortunately we cannot change the SPF record because it's for a customer's domain we have no control of.
Whitelisting does not help, Scrollout still rejects e-mails sent via servers not in the SPF.
@Marius: The SPF is for a remote domain so we cannot change it.
I fully understand that this is an unusual request :) If the sender domain's SPF designates a sending server as "fail" I'd expect Scrollout to reject those messages but in our case it'd be still "nice" to override it somehow ...
Last edit: Anonymous 2016-02-06
View and moderate all "Get Help" comments posted by this user
Mark all as spam, and block user from posting to "Discussion"
I run into this a lot where people don't know how to configure their own SPF and they ask me to whitelist them, "because this happens all the time." I don't comply with their stupid request. I educate them. This is most common with people who use Office365 and allow it to autoconfig their DNS records which results in an SPF record with -all
Then they wonder why their newsletters from a non-Office365 server all get rejected.
View and moderate all "Get Help" comments posted by this user
Mark all as spam, and block user from posting to "Discussion"
If you want to alter the SPF or whitelist a domain without DKIM/SPF, the only secure way is to whitelist their IPs in /var/www/rbldns/reputation-ip-{0.100}
View and moderate all "Get Help" comments posted by this user
Mark all as spam, and block user from posting to "Discussion"
is there a way to make scrollout override the fact that the originating domain has ~all spf policy, and treat it as it had -all, so actively refusing any mail not coming from the official servers? This would kill most malware pretending to come from existing services having a relaxed spf policy (express couriers, isp, etc.)
View and moderate all "Get Help" comments posted by this user
Mark all as spam, and block user from posting to "Discussion"
Hi Marius, I think you should add option to disable SPF, DKIM and DMARC in Route > Domain > Outbond.
There are already options to disable DKIM and SRS for SPF on outbound. Make sure you have the latest updates.
The entries there are more informational than anything else, and wont do anything if you dont setup your own DNS records accordingly. If you keep DKIM enabled on the outbound, and do not update your DNS record, then your messages will have the DKIM header, but recipients wont be able to validate them (no harm no foul). Disabling DKIM will remove the header. It is always recommended to keep them enabled and update your DNS records accordingly. This way when email leaving your server can be properly validated and less likely to be marked as SPAM. In the future, create a new thread for seperate requests.
When you add thier domain to the UI Whitelist. When added to the whitelist, a SPAM score of -100 is added, which should be way more than enough to counter an SPF failure. If not, you may need to analyze the SPAM score (seen in mail.log or the email header) to determine why the message is still being flagged and/or blocked. Rarely are emails blocked by SPF alone.