I need help generating an SPF record.

[thecomputerguy]

A client is getting bounce backs from Gmail accounts because her email is failing SPF/DMARC/DKIM.

I'd like to try and throw an SPF record in there to see if it correct the issue. The problem is she doesn't use business email, she has her own domain and she uses POP. Her MX records show carrierzone.com

Here are all the records I have for her regarding MX

MX

100

mx2c40.carrierzone.com.

MX

10

mx1c40.carrierzone.com.

MX

110

mx3c40.carrierzone.com.

What are my options to get an SPF record in here ... is it something like this?

Type: TXT
Host/Name: domain.com
Value: v=spf1 mx a: include:mx2c40.carrierzone.com include:mx1c40.carrierzone.com include:mx3c40.carrierzone.com ~all

 

[Mick]

A client is getting bounce backs from Gmail accounts because her email is failing SPF/DMARC/DKIM.

I'd like to try and throw an SPF record in there to see if it correct the issue. The problem is she doesn't use business email, she has her own domain and she uses POP. Her MX records show carrierzone.com

Here are all the records I have for her regarding MX

MX

100

mx2c40.carrierzone.com.

MX

10

mx1c40.carrierzone.com.

MX

110

mx3c40.carrierzone.com.

What are my options to get an SPF record in here ... is it something like this?

Try this: https://mxtoolbox.com/SPFRecordGenerator.aspx

 

[YeOldeStonecat]

I'd shorten, don't need the host names, meaning I'd just do include:carrierzone.com

 

[Sky-Knight]

If all authorized mail services that send on their behalf are those MX servers... then all you need is this:

v=spf1 mx -all

You'll want to start with this one first though...

v=spf1 mx ~all

Those rules are very simple, the MX records are my mail servers world... the top vs the bottom is hard vs soft fail. ~ means I'm not quite sure about this world... handle things accordingly while I'm testing.

 

[thecomputerguy]

I'll give this one a go

v=spf1 mx include:carrierzone.com ~all

 

[Sky-Knight]

I'll give this one a go

v=spf1 mx include:carrierzone.com ~all

There is no SPF record I can resolve at carrierzone.com, so that include won't go anywhere.

 

[thecomputerguy]

There is no SPF record I can resolve at carrierzone.com, so that include won't go anywhere.

Would it hurt anything though? Should I just stick with

v=spf1 mx ~all

??

If the include doesn't go anywhere can I just leave it in case they ever get their **** together?

 

[Sky-Knight]

A negative DNS lookup is a reputation ding because you're making servers check a record that doesn't exist.

I don't think that would actually generate a negative impact though.

I do not think that mail host will ever "get their **** together", because POP3/IMAP are ancient, and do not support modern authentication in any way. As such every day GPUs get stronger, they become less viable as functional services. Toss in a lack of DKIM and honestly... SPF alone doesn't really help much.

You're not able to send to GMAIL because the mail servers reputation sucks. And it will CONTINUE TO SUCK FOREVER, until it supports SPF and DKIM so you can properly DMARC.

Which I'm afraid makes the current exercise largely academic. You've got strong odds even with a good SPF record, you're still going to have the same issue. The error you're listing up top shows this clearly. Google and M365 are starting to require all three, and I'll bet this service cannot DKIM. So you could SPF and DMARC, but without DKIM you're still in violation, you're still going into the spam bucket. Which... honestly is where this service belongs.

POP3/IMAP are old... let them die.

 

[Markverhyden]

Did you run the clients domain through blacklist checkers? Is there a reverse DNS record for her domain? Are you sure carrierzone is reputable. I don't care how long she's been using them. She needs to get her domain into the 21rst century. This isn't the 1990's and AOL and Hotmail.

 

[YeOldeStonecat]

Ahh thought your client was carrierzone.
She "uses" carrierzone as her host. Looking at their....rather simple website, seems they're a host for email...and they talk about "security"
They should have SPF and DKIM records she can add. I'd email their support. If they're an email hosting platform..and then advertise "secure services"...and they don't even have old school SPF records....I'd be firm with having this client move to a REAL email host.

 

[britechguy]

POP3/IMAP are old... let them die.

Good luck on both counts.

POP3 should have been "drowned in the bathtub" several decades ago. It has no reason for being.

But unless you think the entire world can or will "go Exchange" I have no idea what you'd substitute for IMAP at this point in time. And the whole world going Exchange just isn't happening.

I'll be dead long before IMAP is, if history is any indication, and I believe it is. This may even be true for POP3 since it seems that the industry doesn't want to declare a drop dead date and stick to it.

 

[Blues]

Only thing I like about POP3 is that it lets me locally archive and not maintain a bunch of data on a server somewhere i wish there was a more updated means of local storage w/ removal of server side data. This is how I prefer to use my personal email which is different than how I would store and keep work email.

 

[britechguy]

Only thing I like about POP3 is that it lets me locally archive

And you've been able to do this for IMAP (at least under Outlook) for ages. In Outlook, you can get to the IMAP settings via ALT + F, I, S, N [File Backstage, Info, Account Settings, Account Name & Sync settings]. The control for retention duration is a slider. The "All" end keeps 'em locally (but they're also retained on the server, too - which is a great thing to me, particularly when I want to set up the same account on another machine).

 

[SAFCasper]

Is your client is using a Carrierzone recommended application such as Outlook 2000, Eudora 6 or Netscape 7?

carrierzone

 

[Markverhyden]

Is your client is using a Carrierzone recommended application such as Outlook 2000, Eudora 6 or Netscape 7?

carrierzone

You omitted a critical choice. Outlook Express.......

 

[YeOldeStonecat]

Is your client is using a Carrierzone recommended application such as Outlook 2000, Eudora 6 or Netscape 7?

carrierzone

LOL OMG I haven't seen Eudora or Nutscrape mentioned in .....a long arse time....

 

[Blues]

And you've been able to do this for IMAP (at least under Outlook) for ages. In Outlook, you can get to the IMAP settings via ALT + F, I, S, N [File Backstage, Info, Account Settings, Account Name & Sync settings]. The control for retention duration is a slider. The "All" end keeps 'em locally (but they're also retained on the server, too - which is a great thing to me, particularly when I want to set up the same account on another machine).

The gone from the server without losing is what I am after

 

[britechguy]

The gone from the server without losing is what I am after

Then have your email client move 'em to a local folder and nuke 'em out of inbox.

There's never been much of a trick to "store local, delete from server" under IMAP if you're not retaining things in Inbox or another IMAP folder.

But, and I really hate to say this, if you're looking for what you say you are, then POP3 with the ancient defaults of "download and nuke from server immediately" is still your best bet. It's just an option I can't fathom wanting, as over time and the hardware that comes with it, "carrying with" is a much more difficult affair. But each to his or her own taste.

 

[Blues]

The default behavior of POP3 is how I prefer my personal email to be managed it is a different story for business.

 

[Sky-Knight]

Within Outlook, if you move to IMAP and want the online copy gone after a certain amount of time, you configure an Outlook rule that runs against all mail in inbox to move mail to a folder that's stored in a local PST if it's older than X days. If you do this while configuring it to keep all the IMAP mail locally it'll function as a poor man's archival system.

You can do the same thing with Exchange, the only rub is the rule executes in Outlook itself, so unless that specific instance of Outlook is running, that rule isn't running. But for a single mailbox being accessed regularly from a specific location it works pretty well.

There's the autoarchive features too, but those aren't nearly as flexible as the mail rules are.

*Edit* I just looked at the rules and realized you'd have to rely on the received in a specific date span rule flag. This flag works on hard set dates. So you can't do a rule that says anything older than 365 days move here. You have to say anything older than Jan 1st 2023, or anything between the dates of Jan 1st 2022 and Dec 31st 2022.

Still, that's a rule a year into an archive folder of your choice, it runs once a year when you make it to slurp things off the server and stuff the mail into a local archive.