I have a SPF record for my top-level domain, structuredweb.com. see "dig" outputs below. as part of our operations we send emails from swmail.structuredweb.com (64.14.55.140) in which the Return-Path is an address under "inbound.structuredweb.com
however, when i look at the headers of a typical email, i see that google approves this sender, as if it's honoring the SPF record for the top-level domain.
Is there any standard here? can I assume SPF records affect sub-domains unless there is a specific record on the sub-domain? the last example shows "campaigns.structuredweb.c
1) ========== email header ===========
Received-SPF: pass (google.com: domain of
XCAM_xxx@inbound.structure
permitted sender) client-ip=64.14.55.140
2) ===== dig for txt record of structuredweb.com ============
$ dig @dns025.b.register.com structuredweb.com txt
; <<>> DiG 9.3.3rc2 <<>> @dns025.b.register.com structuredweb.com txt
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3276
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;structuredweb.com. IN TXT
;; ANSWER SECTION:
structuredweb.com. 14400 IN TXT "v=spf1 a:swmail01.structuredweb.c
;; Query time: 31 msec
;; SERVER: 216.21.232.25#53(216.21.23
;; WHEN: Fri Mar 26 11:20:24 2010
;; MSG SIZE rcvd: 144
3) ===== dig of inbound.structuredweb.com =============
$ dig @dns025.b.register.com inbound.structuredweb.com txt
; <<>> DiG 9.3.3rc2 <<>> @dns025.b.register.com inbound.structuredweb.com txt
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53828
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;inbound.structuredweb.com
;; AUTHORITY SECTION:
structuredweb.com. 14400 IN SOA dns174.a.register.com. root.register.com. 2009070226 28800 7200 604800 14400
4) ===== dig of campaigns.structuredweb.co
$ dig @dns025.b.register.com campaigns.structuredweb.co
; <<>> DiG 9.3.3rc2 <<>> @dns025.b.register.com campaigns.structuredweb.co
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49336
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;campaigns.structuredweb.c
;; ANSWER SECTION:
campaigns.structuredweb.co
;; Query time: 32 msec
;; SERVER: 216.21.232.25#53(216.21.23
;; WHEN: Fri Mar 26 11:29:41 2010
;; MSG SIZE rcvd: 109
however, when i look at the headers of a typical email, i see that google approves this sender, as if it's honoring the SPF record for the top-level domain.
Is there any standard here? can I assume SPF records affect sub-domains unless there is a specific record on the sub-domain? the last example shows "campaigns.structuredweb.c
1) ========== email header ===========
Received-SPF: pass (google.com: domain of
XCAM_xxx@inbound.structure
permitted sender) client-ip=64.14.55.140
2) ===== dig for txt record of structuredweb.com ============
$ dig @dns025.b.register.com structuredweb.com txt
; <<>> DiG 9.3.3rc2 <<>> @dns025.b.register.com structuredweb.com txt
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3276
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;structuredweb.com. IN TXT
;; ANSWER SECTION:
structuredweb.com. 14400 IN TXT "v=spf1 a:swmail01.structuredweb.c
;; Query time: 31 msec
;; SERVER: 216.21.232.25#53(216.21.23
;; WHEN: Fri Mar 26 11:20:24 2010
;; MSG SIZE rcvd: 144
3) ===== dig of inbound.structuredweb.com =============
$ dig @dns025.b.register.com inbound.structuredweb.com txt
; <<>> DiG 9.3.3rc2 <<>> @dns025.b.register.com inbound.structuredweb.com txt
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53828
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;inbound.structuredweb.com
;; AUTHORITY SECTION:
structuredweb.com. 14400 IN SOA dns174.a.register.com. root.register.com. 2009070226 28800 7200 604800 14400
4) ===== dig of campaigns.structuredweb.co
$ dig @dns025.b.register.com campaigns.structuredweb.co
; <<>> DiG 9.3.3rc2 <<>> @dns025.b.register.com campaigns.structuredweb.co
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49336
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;campaigns.structuredweb.c
;; ANSWER SECTION:
campaigns.structuredweb.co
;; Query time: 32 msec
;; SERVER: 216.21.232.25#53(216.21.23
;; WHEN: Fri Mar 26 11:29:41 2010
;; MSG SIZE rcvd: 109
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.