Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.


SPF (Sender Policy Framework):

  • only include the IP addresses and/or domains of the mail servers that are authorized to send email for your domain in the SPF record.
  • Don’t include IP addresses that are not used to send email.
  • Don’t include too many IP addresses in the SPF record, as this can cause the record to exceed the maximum length and become invalid, 10 is max recommended

A SPF record is just a TXT record that says who can send email for your domain:

Valid SPF Examples

A valid SPF record for would look like this:

"v=spf1 mx ip4: ip4: -all" 

or this

"v=spf1 include: ~all"

Invalid SPF Examples

Do NOT do this:

You should not have duplicate records

"v=spf1 ~all"
"v=spf1 ~all"
"v=spf1 include: ~all"

Weird Example

this is likely wrong:

root@somesite:~# dig A +short

This looks right but…

root@somesite:~# curl
root@somesite:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet  netmask  broadcast
        inet6 fe80::4c45:9eff:fe1b:f903  prefixlen 64  scopeid 0x20<link>
        ether 4e:15:9e:eb:f9:03  txqueuelen 1000  (Ethernet)
        RX packets 1479741  bytes 1121580165 (1.1 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1418661  bytes 958231328 (958.2 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Elastic IP says it might appear to be this IP

root@somesite:~# sh     600     IN      A     3600    IN      NS     3600    IN      NS     3600    IN      SOA 2023022501 28800 7200 604800 600     1800    IN      TXT     "v=DMARC1; p=none;;"

What to do?

(add all IP can send email, up to 10)

root@somesite:~# sh     600     IN      A     3600    IN      NS     3600    IN      NS     3600    IN      SOA 2023022600 28800 7200 604800 600     600     IN      TXT     "v=spf1 include: include:"     600     IN      TXT     "v=DMARC1; p=none;;"