Monthly Archives: June 2014

Improved SPF Tool RFC changes

Over the past few weeks we’ve been working hard to improve our SPF Record Testing Tool to help people check and monitor SPF records. We’ve added some improved diagnostic testing capabilities to give you more specified details if we discover an issue with your SPF Record.

One of the big SPF events that occurred this year and spurred these updates was a significant change in SPF best practices, namely RFC 7208.  This new document advises the administrators to discontinue using the alternative SPF RR type that was formerly supported during the experimental phase of SPF. SPF records must only be published as a DNS TXT Resource Record. Due to this change we have updated our SPF Lookup tool and now report the status of the following problems you might encounter with SPF:
SPF problems

SPF Record Deprecated - If you still have an SPF type record, we will warn you. Simply remove these records to clear the warning.

SPF No Records – If you have no Sender Policy Framework records, we issue this warning. SPF participation is voluntary, but if you want to remove this warning you will need to create an SPF record and publish it as a TXT type record. There are several good tools for creating SPF records such as http://www.spfwizard.net/.

SPF Invalid Syntax – This is the only problem that will cause a domain to show as error. We have detected some type of syntax problem in your SPF record. This could cause real problems when recipients attempt to decode it.

SPF Multiple Records – The RFC only allows a single SPF record per domain. If you have more than one, we will display a warning. Ideally, you should ensure that only a DNS TXT Resource Record is published and all others SPF records are removed to clear this warning.

You might be listed and not listed on Barracuda right now

Recently, several of our users contacted us, asking us what is going on with the Barracuda blacklist. Our monitoring tools have alerted many administrators that their IP is blacklisted by Barracuda.

The problem that is currently happening is that one of the two DNS servers run by Barracuda is stale (shown in the image below). This is causing email servers that are doing lookups to show some people as being listed even though Barracuda considers them as not listed. This is why their web lookup tool will show them as clean, but the listing is still being published via DNS.

Barracuda DNS Screenshot

For a refresher course on How Blacklists Work you can check out one of our past blog posts.

We’ll update this post as we get new information