hpr-knowledge-base/hpr_transcripts/hpr2763.txt

Episode: 2763
Title: HPR2763: Deepgeek explains SPF records
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr2763/hpr2763.mp3
Transcribed: 2025-10-19 16:29:03

---

This is HBR episode 2007-163 entitled Deep Geek Explain SPF Records and is part of the series Information Underground.
It is posted by Klaatu and is about 14 minutes long and carries a clean flag.
The summary is Confused about SPF. Klaatu one. Here's Deep Geek's explanation.
This episode of HBR is brought to you by archive.org.
Support universal access to all knowledge by heading over to archive.org forward slash donate.
Hey everyone you're listening to Hacker Public Radio and this is Deep Geek.
It's not really Deep Geek, it's Klaatu but I'm reading something that Deep Geek wrote because he emailed me something about SPF records in Mx mail servers.
And I thought this is really really useful information and it is explained in a way that I have not read elsewhere.
So I think it's worth making this into a Hacker Public Radio episode. Deep Geek gave me his blessing so to speak.
And so here it is. I guess it's a blog post technically by Deep Geek.
You can imagine his voice if you want, although that said I'm not going to read it word for word.
If you want it verbatim you can find it at gofer.info-underground.net colon 70 slash Scott Flog slash 9997-SPF-intro.txt.
There you can find the verbatim version of this post.
The reason I'm not reading it word for word is because I find that when people do that it doesn't sound...
It's difficult to follow. So I'm going to read it but I'm going to put in a couple of Klaatuisms here and there just because I think it'll feel more natural for you listening trying to parse it rather than me just reading sentence after sentence without any sort of emotion or understanding in my voice.
So there you go. There's the disclaimer. This is a slight remix but not much. So here it is.
So after a few people read my last Flog entry I've been asked to explain SPF. I won't try to explain everything about SPF. That's for the people at openspf.org to do.
I'll try to explain it from my point of view which is that of a guy running his own outbound SMTP server who wants his emails to get accepted by all the other SMTP servers out there.
Now I always believe it's good to start by asking what's it for because if it's just a thing that we're made to do nobody wants to do it but if we can understand the benefits of doing it then we may actually want to do it to reap those benefits.
SPF stands for sender policy framework. This means that it's away for domain owners to publish their policy on who is a valid sender of email for the domains they own.
So I'm just going to read that part again. SPF stands for sender policy framework and it means that it's away for domain owners to publish their policy on who is a valid sender of email for the domains they own.
And why is that important? Well, in the old days of email you would just set your from address and that was that. No question is asked. Everyone just assumed that you were telling the truth.
If you would set your from address to clat2adexample.com then why would it be from anywhere else? You said that's where you said it was from.
But then the spammers came along of course and they started setting the from address as part of their campaign to fool people into reading their messages.
So you get an email from a friend or a boss or someone you know at work or maybe even yourself.
And you open it only to find that the message isn't a friendly message at all but it's a message about purchasing herbal vague or something.
So there had to be a way to say okay only these senders can send email claiming to be from this place.
Of course as you can see probably this breaks some applications for for email forwarding.
Being a butcher by trade I used to have a forwarder at Jason Scott's domain cow dot net specifically I was mad at cow dot net.
I even put this in my from header and sent email like that. My ride ended months later when some spammer decided that my cool email address would be the perfect from header for his spams and I began to get all kinds of weird bounces and complaints about spam.
Now with spf Jason could declare only my email server at such and such a mail exchanger is a valid sender of cow dot net email and all others should be rejected.
Even then it would have been up to Jason as to whether or not to include my smtp server on that authorized list.
I very well could have been left out in the cold.
So when it comes to spf start out by thinking in terms of domains you own and what servers can send mail into the internet with a from header that refers to a domain you own.
And here's clad to interjecting here a little bit so just in case you're not familiar maybe with what he's talking about like what's a from from header what is that.
Well if you go into your email client and I'm assuming that you have an email client of some kind it might be online it might be a web browser it might be a remote thing that you have you know desktop client that you pull email down from the internet and read it there it might be something like that but in a terminal who knows who knows what you're using.
Whatever your client is there ought to be a way after a fashion hopefully easily but there ought to be a way to find the to look at the full headers of that email and if you've never done that I urge you to do that really just for fun even if it doesn't if you're not looking for anything just have a look because it's it's got a lot of information in there.
And this one from from deep geek for instance has a return path of his email address and it's delivered to me at a specific email address but it was received by this server that sits between me my desktop email address and and where the emails actually hosted.
So that gets inserted in there and the delivery date is marked and let's see what else is going on there's an ex spam checker version and the ex spam level of this email address or this this email message rather and then there's the from and then there's the two and the subject and so on.
So there's a bunch of information in there that can be that can that can be kind of interesting and if you look at a couple of header blocks from something legitimate and then look at a couple of header blocks from the next spam message that you receive it it'll be an interesting comparison and it is worth doing in my opinion so back to deep geek now.
So let's look at everybody's first SPF record V equals SPF one space plus a space plus in X plus tilde all how to interpret this well SPF is read from left to right so we start with V equals SPF one which is just a declaration of what this record is which is an SPF record written to the standard of version one.
What follows is a space separated list of actions and mechanisms so in plus a the plus means accept email and the a is the a record of this domain.
So if the domain is email dot domain and its SPF record is V equals SPF one space plus a space minus all this which is the same as V equals SPF one a minus all since the plus can be assumed means if you get an email that claims to be from email dot domain accepted if the DNS look up for the a record for domain dot com.
Is where it came from if that doesn't match reject all other emails this can also be said as V equals SPF one space plus a colon email dot domain space dash yeah minus all changing the end to tilde all means soft fail which means it just gets marked and moved to the spam folder rather than dropped.
How about that plus mx well you guessed it the mx record of that domain the other thing you need to know is that you are allowed ten mechanisms with straight IP addresses not included it is evaluated in order left to write and if you run over ten items the thing fails and is invalid so let's look at a real example so if you go into a terminal and issue the command dig can you dot org space txt.
You'll get a bunch of results back a lot of which you can ignore but eventually you'll see things such as V equals SPF one space IP for colon one forty dot one eighty six dot seventy dot zero slash twenty four.
So what we're seeing is that Gnu dot org chose to list the IP address ranges as valid email senders indeed doing a dig space Gnu dot org space mx shows that their mx is let's see ten mx ten eggs dot Gnu dot org.
Shows their email exchanger is eggs dot Gnu dot org that traces to sixty four bites from eggs dot Gnu dot org two eight dot one eighteen dot two thirty five dot ninety two and two eight dot one eighteen dot two thirty five dot nine two is presumably in IP for colon two eight one eighteen two thirty five dot zero slash twenty four.
So in my case I decided to go back to using a shared hosting provider servers so I had to contact them to get their SPF record V equals SPF one space plus mx space plus a space plus include colon website welcome dot com plus include colon unified layer dot com space till the all.
So what's with the mechanism include well that means to use their list as well as your own it turns out that after a few dig commands there list is a nested list of other groups of IP addresses so remember when I said you have ten mechanisms well if I put the name of my email sending domain at the end of their record before the minus all because remember it's evaluated from left to right.
Then I do run out of lookups and it never gets there so to add to that SPF record I make my SPF record thus V equals SPF one space plus mx space plus a colon machine name dot my domain dot top level domain space plus include colon website welcome dot com space till the all.
And this is quite to again just just in case it wasn't clear the example that he's using here is it would be s v equals SPF one plus space plus mx space plus a colon and in some the name of your of your of your server so let's let's say that it was um I don't know excel seer dot example dot com and then space plus include colon website welcome dot com.
And then space till the all so you're you're saying to accept the stuff from excel seer dot example dot com and then you're including the stuff from website welcome dot com and then till the all this was so back to deep geek here this way the contents of my designation are checked first then what my email provider includes next.
The last means I want to mention is a way to check SPF email with an email verifier the company port 25.com which makes a commercial mta that's mail transfer application by the way.
They make a professional commercial mta keeps a verifier on the internet if you send an email to check dash off at verifier dot port 25.com they will email you back or report as to how your record checks out.
I hope you found this text file informative and that's the end of deep geeks blog I found it extremely extremely helpful hopefully you did too thanks for listening talk to you next time.
You've been listening to hecka public radio at hecka public radio dot org we are a community podcast network that releases shows every weekday Monday through Friday.
Today's show like all our shows was contributed by an HBR listener like yourself if you ever thought of recording a podcast then click on our contributing to find out how easy it really is.
Hecka public radio was founded by the digital dog pound and the infonomicon computer club and it's part of the binary revolution at binwave.com.
If you have comments on today's show please email the host directly leave a comment on the website or record a follow up episode yourself unless otherwise stated today's show is released on the creative comments, attribution, share a light 3.0 license.
Thank you very much.