SPF of "v=spf1 a mx ptr -all" is supposed to mean that all MX hosts for a domain are the only authorised senders of mail for that domain, correct? And the IP must match the PTR record for that host. oasystems.co.nz: witch.oasystems.co.nz is the MX 10 for oasystems.co.nz witch.oasystems.co.nz resolves to 202.180.74.56 (A) 202.180.74.56 resolves to witch.oasystems.co.nz (PTR) Where is this SPF record broken? This line from the rejection: "210.48.108.215 is not allowed to send mail from oasystems.co.nz" is saying the host grunge.hosts.net.nz is not allowed to send email on behalf of oasystems.co.nz which is correct, it's not. -- Regan -----Original Message----- From: Jasper Bryant-Greene [mailto:jasper(a)metaname.co.nz] Sent: Thursday, 22 July 2010 3:54 p.m. To: Regan Murphy Cc: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] SPF Mail rejection On 22/07/2010, at 3:47 PM, Regan Murphy wrote:
Why is OrgA's SPF record broken?
Are you saying that OrgA needs to add SPF records to allow every ISP and Hosting company to relay email on its behalf?
No, only the hosts which send mail on OrgA's behalf. This is usually only a handful of hosts at most. In this case, it's probably just their server (if they send any mail directly), and/or their hosting company's mail server (if they use it as a so-called "smarthost"). http://en.wikipedia.org/wiki/Sender_Policy_Framework is quite comprehensive. -jasper