Hi - I send email from my own domain, mydomain.ca, through shaw's mail.shaw.ca smarthost. I set an spf txt field with my domain provider as:
"v=spf1 +a +mx +a:smtp-out-so.shaw.ca +a:smtp-out-no.shaw.ca ~all"
This used to work fine, but some time earlier this year it seems shaw started to divert my outgoing emails through cloudfilter.net servers, I guess to filter spam. Now the receivers indicate spf softfails (as per the "~all" tag), since the receiver no longer sees the "originating" server as a shaw server.
What cloudfilter server/IP range should I specify in the spf txt field so receiving servers give an spf pass? In other words, what will receiving servers see as the originating IP/server?
Thanks!
@fredko --- The "nslookup" command-line utility is your friend:
$ nslookup -ty=mx shaw.ca.
shaw.ca MX preference = 0, mail exchanger = shw-central.mx.a.cloudfilter.net
$ nslookup smtp.shaw.ca.
Name: shawmail.glb.shawcable.net
Addresses: 64.59.128.135 , 64.59.136.142
Aliases: smtp.shaw.ca
Thanks for the reply - that got me on the right track and it's working now.
In case anyone else has this problem, what I first did was use a command like
host -t txt shaw.ca
to get the spf txt record for shaw.ca (I'm sure you could use nslookup or dig instead). The result is:
shaw.ca descriptive text "v=spf1 mx ip4:3.97.99.32/31 ip4:3.97.99.42/31 ip4:64.59.134.0/25 ip4:64.59.136.128/27 ip4:204.209.208.40/31 ip4:204.209.208.150/28 ~all"
Some of those IP's are indeed the IP's my outgoing emails get tagged as coming from by the receivers. Now I could just add those IP's to my own domain's spf txt field. But instead I did a simpler approach, and just added
include:shaw.ca
to my domain's spf field. This means any IP's shaw.ca deems acceptable for outgoing emails will be acceptable by me, and if shaw changes those IP's in the future I won't have to make any changes myself.