Configurable SPF default template + automatically include assigned IP to SPF (not just main shared IP)
At the moment SPF record changes are limited to post-provisioning or modifying SPF.pm (method 2 of http://forums.cpanel.net/f5/external-mail-server-spf-207622.html). I have the need to add Blackberry SPF as the default include SPF record. I've seen people needing to add more mail servers for smarthost purposes.
The proposed method 2 actually can easily solve this, but it won't be pretty because in case SPF.pm does get updated, it might lead to another problem which admins may not remember. I don't think there is a notification mechanism in place to inform the admin in case any files listed in the /etc/cpanelsync.exclude gets an update through upcp script. This alone can be another feature request.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
Hey all! We were able to sneak an update into version 78 that allow you to configure these settings in WHM. You can both tell the server to include entries from smart hosts, and you can set a default value to be included in all new spf records:
Take a look at the overview of all features for Version 78 on the Release Site and see the full release notes on our documentation site.
Hey all! We were able to sneak an update into version 78 that allow you to configure these settings in WHM. You can both tell the server to include entries from smart hosts, and you can set a default value to be included in all new spf records:
Take a look at the overview of all features for Version 78 on the Release Site and see the full release notes on our documentation site.
We need to add a list of ips to the spf records. Will try and see if this will work with the spf.pm method but this feature is so simple that it should have been implemented a long time ago
We need to add a list of ips to the spf records. Will try and see if this will work with the spf.pm method but this feature is so simple that it should have been implemented a long time ago
Need an option to configure a default "include:_spf.domain.com" field which is available for all domains as default spf record
Need an option to configure a default "include:_spf.domain.com" field which is available for all domains as default spf record
If you create a custom DNS record in the DNS template it adds the SPF record for new accounts. When we moved to an outgoing antispam gateway we had to edit all existing records, we regretted not having an include from day 1…
If you create a custom DNS record in the DNS template it adds the SPF record for new accounts. When we moved to an outgoing antispam gateway we had to edit all existing records, we regretted not having an include from day 1…
Kindly implement this soon as it now practiced by many host to use a different IP address for emails due to malware attacks from the main shared IP.
Kindly implement this soon as it now practiced by many host to use a different IP address for emails due to malware attacks from the main shared IP.
Yes we always had the same problem, will be nice for example assign /28 in the spf so if need to switch Ip the spf will be valid... edit template dns is not a nice solution... will bw nice to say in tweak settings the default "SPF" when you create e new account.
Yes we always had the same problem, will be nice for example assign /28 in the spf so if need to switch Ip the spf will be valid... edit template dns is not a nice solution... will bw nice to say in tweak settings the default "SPF" when you create e new account.
What kind of configuration would require this?
I currently have my cPanel-based e-mail set up on my BlackBerry, but when I sent e-mail it goes through my SMTP server, and so uses my shared IP address. So in my case SPF records for BlackBerry are not necessary, because the e-mail is not sent out through their server.
What kind of configuration would require this?
I currently have my cPanel-based e-mail set up on my BlackBerry, but when I sent e-mail it goes through my SMTP server, and so uses my shared IP address. So in my case SPF records for BlackBerry are not necessary, because the e-mail is not sent out through their server.
When you change the outgoing IP either because you added a SMTP antispam gateway or simply because you changed the outgoing e-mail IP because the first one was blocked.
We now always add our SPF include to the DNS configuration template which allows us to add IP's to all of our customer's SPF records in a single edit.
But we learnt the hard way and had to edit over a thousand records manually to set this up.
When you change the outgoing IP either because you added a SMTP antispam gateway or simply because you changed the outgoing e-mail IP because the first one was blocked.
We now always add our SPF include to the DNS configuration template which allows us to add IP's to all of our customer's SPF records in a single edit.
But we learnt the hard way and had to edit over a thousand records manually to set this up.
Quite an urgently needed feature for us, we have issues with outgoing spam and are unable to efficiently work with an external mail service due to this.
Quite an urgently needed feature for us, we have issues with outgoing spam and are unable to efficiently work with an external mail service due to this.
+1 This feature, also for include: domains and not just IP addresses. Google Cloud does not support outgoing SMTP, so this is a vital feature as more and more people need to use external mail transport.
+1 This feature, also for include: domains and not just IP addresses. Google Cloud does not support outgoing SMTP, so this is a vital feature as more and more people need to use external mail transport.
This should have been implemented ages ago. We are currently being hindered from using an external mail filtering service and this would solve the problem.
This should have been implemented ages ago. We are currently being hindered from using an external mail filtering service and this would solve the problem.
Nope, there hasn't been any internal movement on this at all. As soon as there's any change, I'll definitely make sure there's an update here.
Nope, there hasn't been any internal movement on this at all. As soon as there's any change, I'll definitely make sure there's an update here.
+1 on this; we use MailChannels in our servers and it's really a pain that each time someone enables SPF on their account I have to tell them to add our SPF includes right after they complain since a bunch of e-mails got bounced or lost due to SPF mismatch.
+1 on this; we use MailChannels in our servers and it's really a pain that each time someone enables SPF on their account I have to tell them to add our SPF includes right after they complain since a bunch of e-mails got bounced or lost due to SPF mismatch.
@SIlent Ninja
You can edit your default zone template with the following guide https://documentation.cpanel.net/display/ALD/Edit+Zone+Templates
this way you can assign a default SPF include pointing to your setup.
I'd recommend a setup of
_spf.clientdomain.com CNAME _spf.clients.yourcompanydomain.com
This way when you make changes to the SPF on _spf.clients to a new provider lets say Mandrill then they don't have to update their templates.
Good luck.
@SIlent Ninja
You can edit your default zone template with the following guide https://documentation.cpanel.net/display/ALD/Edit+Zone+Templates
this way you can assign a default SPF include pointing to your setup.
I'd recommend a setup of
_spf.clientdomain.com CNAME _spf.clients.yourcompanydomain.com
This way when you make changes to the SPF on _spf.clients to a new provider lets say Mandrill then they don't have to update their templates.
Good luck.
I'm quite surprised this hasn't already been implemented.
How are people dealing issues where the SPF needs to be pre-configured for emails sent via a relay?
As far as I can tell, some providers simply disable SPF by default, which I think is just as crazy because SPF is so helpful!
I'm quite surprised this hasn't already been implemented.
How are people dealing issues where the SPF needs to be pre-configured for emails sent via a relay?
As far as I can tell, some providers simply disable SPF by default, which I think is just as crazy because SPF is so helpful!
I agree with you Mike, as I've said above, each time a customer enables SPF thru the cPanel or an account gets migrated having SPF already on, I need to manually login and edit the DNS and add our include.
All of these are usually after we get a ticket asking why their emails are being marked as spam by Gmail and some others due to SPF mismatch.
I guess we could modify /usr/local/cpanel/Cpanel/SPF.pm to add an include by default but it seems more of a hack than feature
I agree with you Mike, as I've said above, each time a customer enables SPF thru the cPanel or an account gets migrated having SPF already on, I need to manually login and edit the DNS and add our include.
All of these are usually after we get a ticket asking why their emails are being marked as spam by Gmail and some others due to SPF mismatch.
I guess we could modify /usr/local/cpanel/Cpanel/SPF.pm to add an include by default but it seems more of a hack than feature
For some reason, I was under the impression that placing an SPF entry in the zone templates would be incompatible with cPanel's automatic SPF record creation. I was wrong, it works fine (it's even indicated on the account creation page, see screenshot). I now understand this feature request is about dynamically adding an account's dedicated IP, which isn't actually an issue for us as we don't offer dedicated IP addresses. So, I'm going to remove my vote and drop out of this tread as we no longer require this feature. Just decided to leave this quick note incase anybody else is having the same confusion as myself.
For some reason, I was under the impression that placing an SPF entry in the zone templates would be incompatible with cPanel's automatic SPF record creation. I was wrong, it works fine (it's even indicated on the account creation page, see screenshot). I now understand this feature request is about dynamically adding an account's dedicated IP, which isn't actually an issue for us as we don't offer dedicated IP addresses. So, I'm going to remove my vote and drop out of this tread as we no longer require this feature. Just decided to leave this quick note incase anybody else is having the same confusion as myself.
Hey all! We were able to sneak an update into version 78 that allow you to configure these settings in WHM. You can both tell the server to include entries from smart hosts, and you can set a default value to be included in all new spf records:
Take a look at the overview of all features for Version 78 on the Release Site and see the full release notes on our documentation site.
Hey all! We were able to sneak an update into version 78 that allow you to configure these settings in WHM. You can both tell the server to include entries from smart hosts, and you can set a default value to be included in all new spf records:
Take a look at the overview of all features for Version 78 on the Release Site and see the full release notes on our documentation site.
Replies have been locked on this page!