Check for SPF records of a domain name

We have a web application that will allow users to use their own email address (domain name) to send emails.  We are requesting their add the SPF record below, so that when our server sends an email using their domain name it checks and OK the email.

v=spf1 include:mail.bluedot-immigration.com ?all

Questions:

1. Is this process correct ?
2. Is the SPF above correct ?
3. How can we check that the SPF record has been added to their domain DNS records ?
4. What to do if they don't have a personal domain name and use google or yahoo email ?

Help is appreciated.
LVL 1
AleksAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
If the client does not have their own domain name, then you simply cannot allow them to use your service. You are basically spoofing the address, which is considered a major problem on the internet, hence the use of SPF records to combat it. Google etc are very protective and you will find emails get rejected.

As for checking the SPF records, they are just DNS records, so you can use any of the numerous online DNS lookup tools to confirm they are in place.

I have left your first two points to last, because there is no single answer to those questions.
If you get SPF records wrong then it can mean that emails get dropped by the sites using them as a hard failure.
Furthermore, there is no single answer to SPF records, hence the use of wizards online to create them. Your records do not take in to account how a client may send their email, instead you are opening them to spoofing. If a client already has SPF records and then replaces that with the one you have outlined they could be causing themselves further problems.

Rather than dictating the SPF record, you should point the client at one of the many wizards online and ask them to include your server address in the record. That will allow them to correctly setup the record for their mail delivery method.

Simon.
0
Chris DentPowerShell DeveloperCommented:
1. Yes.

2. Syntactically, yes. There isn't an SPF record at that name though (so therefore nothing to include), is that intentional obfuscation?

3. That's complicated, you'd need something that understands SPF records (simple string match testing of the TXT record isn't very reliable). You also need something that can pick up a TXT record, that depends on the language you're developing in of course. Perhaps take a look at this: http://www.openspf.org/Tools

4. Then you're out of luck I'm afraid. It's a bit black and white, but you can only permit spoofing if the client controls the SPF record.

Chris
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.