cPanel & WHM Version 94 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Change default SPF template

Daniel Berthiaume shared this idea 3 years ago
Open Discussion

As a web hosting provider, SPAM can be a huge issue to resolve, but sometimes the actual issue is not SPAM itself by lies in a miss configuration. I think that having the ability to modify the default SPF template could help us resolve one of those issues.


We've noticed that many of our cPanel server IP was getting blacklisted in the Microsoft SNDS (Smart Network Data Service).


-------------------------------------------------------------------


After many research and investigation, we've found that one of the problem is the way the SPF are made in each Zone. From the site openspf.org common mistakes it is mentioned that :

1- The SPF must not have more than 10 DNS lookup

2- A server must be listed only once in the SPF TXT record.


For the point #1,

If we keep the default cPanel proxy, many record are added in the DNS Zone :

webdisk, whm, webmail, cpanel, cpcalendats, cpcontacts

and those will be double up when you have a sub domain. By having the +a in the DNS zone, we can go above the 10 DNS lookup.


For the point #2,

With cPanel current default, the rule #2 is never respected. EX :

ZONE for example.com

example.com  A    100.100.100.100
example.com  MX   0   example.com
example.com  TXT "v=spf1 ip4:100.100.100.100 +a +mx ~all"
Therefore the Main server IP is listed tree times in the SPF record, ideally, only the "ip4:104.254.183.23" should be in the SPF record to prevent duplicate entry.


I'm not sure what would be the best "global" solution for everyone, but I think that having the ability to modify the SPF template used in the DNS template file could be a good start. This way some can kept the default setup and other may modify it to their needs. This way, a solution for the request "choose multiple ip's for SPF TXT record" and "Revamp of SPF Required" could also be solve with the ability to created a SPF template.

Leave a Comment
 
Attach a file