SPF pointer usage for domains

Owned by Thomas Tornevall
Last updated: Sept 18, 2018

Relaying pointers. SPF pointers are kept for being backwards compatible.

Primary Configuration

For most of the domains, those rows should be used:

@ IN SPF "v=spf1 include:_spf.tornevall.net -all"
@ IN TXT "v=spf1 include:_spf.tornevall.net -all"


This SPF limits relaying to our local servers. The former "~all" has been changed to "-all" to prevent softfails. If the sender is not the specified hosts defined by tornevall.net, you can safely reject the mail completely.

For tornevall.se and hosts that needs external relays like telia, etc (country zone is se)

@ IN SPF "v=spf1 include:_spf.tornevall.se -all"
@ IN TXT "v=spf1 include:_spf.tornevall.se -all"


This list of relays includes ISP-servers that may be required for sending mail outside our SMTP address range.
If you really need other relays, contact support@tornevall.net and tell. In that case, relays will be included at tornevall.se or similar. 

Ranges described

Divided into inclusions

_spf.tornevall.net IN TXT "v=spf1 include:_spfblockv4.tornevall.net include:_spfblockv6.tornevall.net include:_spfblockrelay.tornevall.net -all";

or

_spf.tornevall.se IN TXT "v=spf1 include:_spfblockv4.tornevall.net include:_spfblockv4.tornevall.net include:_spfblockrelay.tornevall.net include:_spfblocktelia.tornevall.net -all";


Categorized as

// Safe
_spfv4tblock IN TXT "v=spf1 ip4:194.71.111.240/28 ip4:88.80.19.161 ip4:194.71.111.243 ip4:212.63.209.62 ip4:212.63.208.0/26 ip4:194.71.111.244 ip4:10.1.1.0/24 -all"
_spfv6tblock IN TXT "v=spf1 ip6:2a01:299:a0::/48 ip6:2001:470:7ece::/48 -all"


// Safe
_spfblockrelay.tornevall.net IN TXT "v=spf1 ip4:185.9.166.80 ip6:2a01:298:f001::/48 a:webmail.tornevall.net a:smtp.tornevall.net a:tornevall.net a:i-s-vg-k-se-mailrelay1.tornevall.net -all"


// Unsafe
_spfblocktelia.tornevall.net IN TXT "v=spf1 ip4:81.236.60.128/26 ip4:81.236.60.192/28 include:_spf-a.telia.net include:_spf-b.telia.net include:_spf-c.telia.net include:_spf-2.telia.com -all"


// Deprecated unsafe
_spfblockteliaold IN TXT "v=spf1 ip4:81.236.60.192/27 ip4:62.20.233.140 ip4:81.236.60.0/24 a:v-smtpout2.han.skanova.net -all"