v=spf1 mx ip4:64.59.134.0/25 ip4:64.59.136.128/27 ip4:24.71.223.0/25 ip4:204.209.208.40 ip4:204.209.208.41 ptr:bis.na.blackberry.com ip4:24.215.0.0/24 ~all
Why allow all mail with the "~all", after taking the time to define all of the IP ranges? You end up with this:
Received-SPF: softfail
(shaw.ca: Sender is not authorized by default to use 'xxxxxxxx@shaw.ca' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched))
So third party servers can just fake headers and send email using Shaw addresses in the from field, a simple change to "-all" would stop this and as long as your IP ranges are accurate shouldn't impact people legitimately using your mail servers?
↧