SPF mail dns
Par PlaceOweb le lundi, avril 13 2020, 14:14 - Outils Internet - Lien permanent
Après avoir bidouillé les enregistrement des valeurs SPF, dans les enregistrement DNS, les serveurs mails indiquaient :
Authentication-Results: spf=permerror (sender IP is 193.70.108.201) Received-SPF: PermError (protection.outlook.com: domain of placeoweb.com used an invalid SPF mechanism) Authentication-Results: spf=softfail (sender IP is 217.70.183.201) Received-SPF: SoftFail (protection.outlook.com: domain of transitioning placeoweb.com discourages use of 217.70.183.201 as permitted sender)
Je me suis donc inspiré de la configuré de la configuration de facebook/google :
# dig TXT facebook.com facebook.com. 4395 IN TXT "v=spf1 redirect=_spf.facebook.com" # dig TXT _spf.facebook.com _spf.facebook.com. 829 IN TXT "v=spf1 ip4:66.220.144.128/25 ip4:66.220.155.0/24 ip4:66.220.157.0/25 ip4:69.63.178.128/25 ip4:69.63.181.0/24 ip4:69.63.184.0/25" " ip4:69.171.232.0/24 ip4:69.171.244.0/23 -all" # dig TXT google.com google.com. 300 IN TXT "v=spf1 include:_spf.google.com ~all" # dig TXT _spf.google.com _spf.google.com. 300 IN TXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" # dig TXT _netblocks.google.com _netblocks.google.com. 875 IN TXT "v=spf1 ip4:35.190.247.0/24 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all" # dig TXT _netblocks2.google.com _netblocks2.google.com. 3600 IN TXT "v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all" # dig TXT _netblocks3.google.com _netblocks3.google.com. 3600 IN TXT "v=spf1 ip4:172.217.0.0/19 ip4:172.217.32.0/20 ip4:172.217.128.0/19 ip4:172.217.160.0/20 ip4:172.217.192.0/19 ip4:172.253.56.0/21 ip4:172.253.112.0/20 ip4:108.177.96.0/19 ip4:35.191.0.0/16 ip4:130.211.0.0/22 ~all"
Au final, dans mes entrées DNS, j'ai donc indiqué l'inclusion à mes 2 serveurs mail :
@ 1800 IN TXT "v=spf1 include:_spf.placeoweb.com ~all" _spf 1800 TXT "v=spf1 ip4:193.70.108.201/32 ip4:188.165.78.103/32 ~all"
Et les retours sont désormais corrects :
Authentication-Results: spf=pass (sender IP is 193.70.108.201) Received-SPF: Pass (protection.outlook.com: domain of placeoweb.com designates 193.70.108.201 as permitted sender) receiver=protection.outlook.com; client-ip=193.70.108.201; helo=mail.placeoweb.com;
N'oubliez pas l'outil pour vérifier votre configuration : SPF Record Testing Tools
Et les quelques explications :