Geek Answers Handbook

How do I know if my SPF configuration is working (Amazon SES / Route53)?

I use Amazon SES and Route53 and confuse how I specify the TXT value to enable the correct SPF configuration. Amazon gave me a pair of SES TXT name / value that looks something like this:

Name: "_amazonses.xxx.com" Value: "bInxJfnRbxxxxx9uFXgmxxxxxQHd08UxxxxxxsG+k="

I connected this to my Route53 record set (same as the "Zone File" on Godaddy). Of course, after adding my SMTP credentials to my application and checking Amazon for my account ("providing access to products"), it works, and I can send emails from my site to various accounts (Gmail, Yahoo, Hotmail, my University .edu account).

I do not know anything about SPF, but I hear well that in one configuration of the email server. By googling about Amazon SES, I continue to see to include current snippets:

 "v=spf1 include:amazonses.com ~all" "spf2.0/pra include:amazonses.com ~all"

Currently, these 2 snippets are included in the same TXT value field, as this big, ugly value is higher ("bInxJfnRb ..."), and my emails are still sent normally.

Two related questions:

  • Do I need to place all 3 fragments in one TXT value field for these fragments?
  • What are the circumstances in which "v = spf1 includes: amazonses.com ~ all" and "spf2 ..." comes into play? Basically, how do I know that they are doing something?
+7
source share
2 answers

Tim,

I always used TXT records to store SPF and SenderID information, for example, the following (the lines below are the result of dig ):

mydomain.com. 86400 IN TXT "v = spf1 enable: amazonses.com? All"
mydomain.com. 86400 IN TXT "spf2.0 / pra include: amazonses.com? All"

This is also how Amazon recommends you do this.

Both SPF and SenderID are the mechanisms that Internet service providers use to verify that the server that sent the email from your domain is indeed allowed by your domain to do so. Whenever the ISP is about to forward your email, they will perform such checks to ensure that it is not SPAM. The explanation on the Amazon SES page is one of the shortest that I could find:

Internet providers who forward email traffic to the Internet are well aware of spammers and their actions. Most Internet service providers have taken steps to assess whether email is legitimate. One such action that ISPs are considering is email authentication, in which senders provide evidence that they own the account with which they send. In some cases, Internet service providers will refuse to forward emails that are not authenticated.

If providers such as Gmail, Yahoo !, etc., delivered your email to the final destination, your DNS records are probably correct. If you try to delete them and wait a while for the distribution of DNS settings, it is very likely that your email will start to be classified as spam. There are some web tools like this one that can help you check your SPF records.

Hope this helps.

+7
source

SPF and AASONS SES

If you use Amazon SAS to send from your domain, you need to know that the current SES implementation includes sending letters from the SES-owned MAIL-FROM domain. This means that you do not need any changes to your DNS records for your emails to pass SPF authentication.

Source: SPF and Amazon SES

Additional Information:

+1
source

More articles:


All Articles