Home | Sitemap | Recent Changes | Login

SPF Logo

Sender Policy Framework

Best Practices/Email Service Provider

Managing SPF for Clients

Many companies are in the business of sending bulk email for large clients. This includes things like notifications from your bank or online service like netflix or blockbuster. Naturally, your clients would only instruct you to do this for customers who have specifically requested it via a web form or similar means. The simplest way to be SPF compatible while doing this is to follow the web generated best practices, making your domain as a service provider responsible for the mail.

However, many clients do not want your domain to appear on their email (although it will always appear in a Received header). There are two ways to deal with this.

1. The client lists the MTAs you use to send their mail as part of their SPF record. This is often easily done via the include mechanism. This works for a major client with a long term close relationship.

Messages that use the client's address, but come from your mail servers are specifically authorized by your client. Bigbank.com is used to represent any client supplied address. Customers see only your clients domain.

MAIL FROM is specially authorized.

 
 Return-Path: notifications@bigbank.com 
 From: "Account Notification" <notifications@bigbank.com> 
 Subject: A new online statement is available.   

bigbank.com IN TXT "v=spf1 A:out1.bigbank.com A:out2.bigbank.com include:bigbank.bigesp.com -all"

2. The client allocates a subdomain to use for the mass emails, for example "notify.bigcorp.com", and delegates DNS control of that subdomain to your DNS servers via NS records. You then have full administrative control of all required MX, A, and SPF records needed to send email.

Messages use a subdomain provided by the client. Customers see a domain tightly associated with your client. The From header can refer to your client directly. Customers see only your clients domain, or subdomains thereof.

MAIL FROM is delegated.

 
 Return-Path: returns@notify.videorentals.com 
 From: "Event Notices" <notify@videorentals.com> 
 Sender: "Event Notices" <returns@notify.videorentals.com> 
 Subject: Attack of the Killer Tomatoes IV has shipped!   

notify.videorentals.com IN NS ns1.bigesp.com.

notify.videorentals.com IN NS ns2.bigesp.com.


Edit text of this page | View other revisions
Last edited 2007-04-06 21:51 (UTC) by Stuart Gathman (diff)