SPF Configurations

Michael Holstein michael.holstein at csuohio.edu
Mon Dec 7 11:51:16 CST 2009

> The problem we face is that some people we work with can't do that

Then explain that client-side (their users, to whom they send mail) are
probably using Hotmail, et.al. and SPF will simply not allow "spoofing"
which is what they want to do, unless they either :

A) add the SPF record as previously mentioned. It's a TXT record under
their root and isn't hard at all.
B) permit you to use a subdomain (like
"user at theircompanymail.yourdomain.com").

A variant of (B) would be to ask them if you can register
"theircompanymail.[com|net|..]" and send from that with proper SPF
records. Most people won't notice the difference.

We run into this all the time (a .edu) where users decide they want to
use Yahoo for their email (we let them do that) .. but then configure
their @edu address as the FROM and wonder why nobody gets their email.

(we have to constantly explain how "NO, we won't add Yahoo's mail
servers to our SPF record")

Personally, I think SPF is a major PITA operations-wise .. but if you've
ever had to fill out the form to get un-blacklisted at Yahoo/AOL, that's
one of the first things they ask .. "do you have a spfv1 record defined?".

As an aside, allowing your customers to forward @yourdomain to
@otherdomain .. is a good way to get your own MXs blacklisted (this
happens to us about once a month, then the "free whatever" adds blast
our @edu addresses and a third of them go off to Yahoo .. our spam
filters catch most of it, but then they miss a batch, we always have
problems because of the forwards.)


Michael Holstein
Cleveland State University

More information about the NANOG mailing list