Score:1

Meaning of "sender"?

au flag

Reading documentation about SPF records, I can't quite seem to disambiguate the meaning of "sender". It could mean "the IP where the mail client sent the message" or it could mean "the IP of the mail server that the mail client is contacting".

So, it could be my home/business IP address (where my mail client is), or it could be just the address of valid mail servers.

John Mee avatar
il flag
Are you sure the email protocol considers the client as a "sender". I suspect the first step is to get the email accepted into a server. That server that initially accepts it is the first "sender".
au flag
@JohnMee I don't know. I know that my location's IP address is recorded by the mail server and also seems to be included in the mail headers. So I think it might actually be my location and not the server. But I don't know.
John Mee avatar
il flag
The IP address of the client is captured in the header, perhaps as `X-Received`, but that is not the "sender" that SPF is interested in. SPF is trying to determine if the server passing the message is associated with the domain the purports to be from. The "sender" in this context is always a mail server.
Score:2
in flag

A "sender" in the SPF record is the IP address of the computer which tries to send the email. In other words, when an SMTP server checks SPF, it will check against the server which is currently connected and is trying to send the email.

So you need to include the IP address of your SMTP server in the SPF record, and not the IP of your client.

Score:0
mu flag

You can specify it by IP or by hostname in your DNS zone according to this documentation:

An SPF record is a DNS record that has to be added to the DNS zone of your domain. In this SPF record you can specify which IP addresses and/or hostnames are authorized to send email from the specific domain.

au flag
yes, but does "send email" mean from an email client, or from the mail server? is it my physical location's IP address or the address of the mail server that I'm contacting?
Alejandro Vázquez avatar
mu flag
sender would be the client IP, but the check for the allowed "senders" is done when you receive an email (before reading the body, in the link mentioned you can check the part named "SPF in practice" for reference
Score:0
au flag

My understanding now is that it's actually the last SMTP server before being delivered, which may be very different from the SMTP server your email client contacted. So it is definitely not your mail client's address, and likely may not be your first SMTP server's address either.

This will mean that you need to determine the full list of your provider's server addresses. This can be a very large list of addresses, and so there is likely some kind of "spf" prefixed domain offered by your provider that can be included in your spf record instead of listing specific addresses or even address ranges. Eg:

v=spf1 include=spf123.mymailprovider.com ~all

This allows your provider to update their record as necessary and for you to have the lastest changes automatically.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.