Hotmail wants me to modify my SPF record
Solution 1
In your case, the same string you're using minus the ptr
should do the trick.
v=spf1 a mx ~all
Solution 2
The first question you need to ask yourself is, "From how many domains am I sending email from?".
In this case, you are only sending email from one domain, namely monstermmorpg.com. The "@" in your screenshot refers to the ORIGIN, which is the domain that your zone file covers (presumably also monstermmorpg.com). The next question you ask is, "Do the A/MX/etc. records associated with the name that your TXT SPF record is pointing to point to the IP that sends mail?" For example, let's say your DNS zone looks like this...
$ORIGIN monstermmorpg.com.
...
monstermmorpg.com. A 85.17.154.139 ; this points directly to an IP, and will be the final destination in the DNS lookup chain
www CNAME monstermmorpg.com. ; www.monstermmorpg.com will look up the A/CNAME record for monstermmorpg.com
mail MX monstermmorpg.com. ; mail.monstermmorpg.com points to and will look up monstermmorpg.com
@ MX monstermmorpg.com. ; email looking for monstermmorpg.com will look up the A/CNAME record for monstermmorpg.com
@ TXT "v=spf1 a mx ptr ~all"
In this case, if 85.17.154.139 is the public IP for the server that sends mail, you can change your SPF record to this...
"v=spf1 a -all"
This means that it takes the A record that corresponds with the TXT record and checks to see if it matches the IP in the emails supposedly sent from your domain. If it's a match, awesome! It goes through. If it doesn't match, it means some spammer is masquerading as your domain, and it will be dropped. You don't need to put redundant A and MX references in the SPF record if there's only one server sending mail, and both records ultimately point to the same IP. Another (more efficient, because it doesn't require a DNS lookup) option is as follows...
"v=spf1 ip4:85.17.154.139 -all"
If your mail server IP rarely changes, this may be a good solution. It's also much easier to understand from your (the admin's) perspective.
The hard -all
is preferred over the soft ~all
because some mail servers like to be 100% certain that the mail is really coming from you.
Solution 3
if you're not familiar with creating spf records i'd recommend a tool that does it for you based on a series of questions. for example, http://unlocktheinbox.com/spfwizard.aspx
Related videos on Youtube
Stefan
Updated on September 18, 2022Comments
-
Stefan over 1 year
This is my current SPF record. It works well with gmail and yahoo but hotmail was ignoring. So i used their submit system and now they replied me with the text below.
This is my current spf
v=spf1 a mx ptr ~all
Now this is hotmail message
We have successfully added your domain to the Sender ID program. This may take up to 2 business days to be fully replicated in our systems. If you have any questions regarding this please let me know.
We reviewed your SPF record and note that it includes the "ptr" or reverse DNS lookup mechanism. The specification for SPF records (RFC 4408) discourages use of "ptr" for performance and reliability reasons. This is especially important for Windows Live Mail, Hotmail and other large ISPs as a result of the very high volume of mail we receive each day. We highly recommend you remove the "ptr" mechanism from your SPF record and, if necessary, replace it with other SPF mechanisms that do not require a reverse DNS lookup, such as "a", "mx", "ip4" and "include." This will help ensure that Sender ID validation is performed as accurately as possible, maximizing your email deliverability while protecting your domain from spoofing.
So my question is simple. What is the corrected way of it to make it as hotmail wants. Thank you.
Hotmail received email from my server headers
Authentication-Results: hotmail.com; sender-id=temperror (sender IP is 85.17.154.139) [email protected]; dkim=pass header.d=monstermmorpg.com; x-hmca=pass X-Message-Status: n:0:n X-SID-PRA: MonsterMMORPG <[email protected]>
-
David Schwartz about 12 yearsThe exact answer will depend on why the
ptr
is in there. If it was added for no particular reason, it can just be removed. It was added for a particular reason, some other way to do whatever made it required will be needed. -
Philip about 12 yearsDavid and Sysadmin1138 are both correct, but it's worth noting that the "~" before all means "soft" fail all others. It's a cop-out for people who haven't put the time in to maintaining their SFP record and some servers will hold that against you (like all of the ones I control). The "correct" version should have "-all".
-
Stefan about 12 yearsChris S so can you tell me the corrected one of it ?
-
Philip about 12 years@MonsterMMORPG Edited my previous comment. Thanks for pointing that out.
-
Stefan about 12 years@Chris S Thanks a lot of reply. So the latest version is v=spf1 a mx -all
-
-
Stefan about 12 yearsThank you for answer. Actually i only need spf for verifying my noreply.monstermmorpg.com . Should i modify spf to better version instead of all ? though i am the only one who sends email via my domain. If i should modify how can i do it ?
-
Stefan about 12 yearsadded also hotmail received email from my server headers to the main post. So how should i modify spf record and make it best possible way like Chris S suggested ?
-
Philip about 12 yearsHe's got multiple servers, at least one of which is on a hosted plan where the IP can change; it's a fair amount more complicated than this. But this is good advice in general.
-
Bigbio2002 about 12 yearsIs the IP address of secureserver.net one of the places where mail ending in @monstermmorpg.com originates from? If not, you can leave the include: part out. Also, if both the A and MX records point to the same IP, you can just use one or the other. There's no harm in having duplicates or extras if you're unsure though; as it stands, it's technically correct.