Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

SPF

SPF (Sender Policy Framework):

  • only include the IP addresses and/or domains of the mail servers that are authorized to send email for your domain in the SPF record.
  • Don’t include IP addresses that are not used to send email.
  • Don’t include too many IP addresses in the SPF record, as this can cause the record to exceed the maximum length and become invalid, 10 is max recommended

A SPF record is just a TXT record that says who can send email for your domain:

https://dnschecker.org/#TXT/somesite.com

Valid SPF Examples

A valid SPF record for example.com would look like this:

"v=spf1 mx ip4:192.0.2.1/24 ip4:198.51.100.123 -all"

or this

"v=spf1 include:emailsrvr.com include:somesite.com include:162.243.23.116 ~all"

Invalid SPF Examples

Do NOT do this:

You should not have duplicate records

"v=spf1 include:emailsrvr.com ~all"
"v=spf1 include:somesite.com ~all"
"v=spf1 include:162.243.23.116 ~all"

Weird Example

this is likely wrong:

root@somesite:~# dig A +short somesite.com
127.0.1.1

This looks right but…

root@somesite:~# curl icanhazip.com
107.170.48.9

root@somesite:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 107.170.48.9  netmask 255.255.255.0  broadcast 107.170.48.255
        inet6 fe80::4c45:9eff:fe1b:f903  prefixlen 64  scopeid 0x20<link>
        ether 4e:15:9e:eb:f9:03  txqueuelen 1000  (Ethernet)
        RX packets 1479741  bytes 1121580165 (1.1 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1418661  bytes 958231328 (958.2 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Elastic IP says it might appear to be this IP

root@somesite:~# sh dg.sh somesite.com
somesite.com.     600     IN      A       45.55.116.11
somesite.com.     3600    IN      NS      ns39.domaincontrol.com.
somesite.com.     3600    IN      NS      ns40.domaincontrol.com.
somesite.com.     3600    IN      SOA     ns39.domaincontrol.com. dns.jomax.net. 2023022501 28800 7200 604800 600
somesite.com.     1800    IN      TXT     "v=DMARC1; p=none; rua=mailto:dmarc@somesite.com;"

What to do?

(add all IP can send email, up to 10)

root@somesite:~# sh dg.sh somesite.com
somesite.com.     600     IN      A       45.55.116.11
somesite.com.     3600    IN      NS      ns39.domaincontrol.com.
somesite.com.     3600    IN      NS      ns40.domaincontrol.com.
somesite.com.     3600    IN      SOA     ns39.domaincontrol.com. dns.jomax.net. 2023022600 28800 7200 604800 600
somesite.com.     600     IN      TXT     "v=spf1 include:emailsrvr.com include:somesite.com include:107.170.48.9 include:45.55.116.11~all"
somesite.com.     600     IN      TXT     "v=DMARC1; p=none; rua=mailto:dmarc@somesite.com;"