User Tools

Site Tools


admin:settings:spf

This is an old revision of the document!


SPF Records

One of the features of Evergreen is the abililty to specify the sending address on outgoing email and SMS text messages so that individual libraries can receive any bounced messages and correct patron accounts accordingly (Admin → Local Administration → Library Settings Editor - the setting name is “Sending email address for patron notices”). The “sending address” feature means that messages sent from the PINES servers (gapines.org) appear to some of the receiving email providers to be “pretending” to be library (which is known as “spoofing”), which is resulting in either outright rejection (where the email provider's server will not accept the message) or silent acceptance and non-delivery to your patrons.

Fortunately, there is a mechanism your library can use to tell patrons' email providers' servers to consider messages sent from gapines.org to be legitimate: Sender Policy Framework, or SPF. An SPF entry is set up by whoever manages your email domain. For example, if your library's email domain is “georgialibraries.org” you could use http://www.kitterman.com/spf/validate.html and enter “georgialibraries.org” into the “domain” field. You would see something like the following:

v=spf1 include:_spf.google.com ip4:64.57.241.9 ip4:64.57.241.6
ip4:64.57.241.17 ~all

This is the SPF entry for that domain. Here's a breakdown of what each part means:

SPF Part Explanation
v=spf1 The SPF version being used
include:_spf.google.com “include the SPF record for the '_spf.google.com' domain”
ip4:64.57.241.9 “consider 64.57.241.9 to be a valid sending IP address”
ip4:64.57.241.6 “consider 64.57.241.6 to be a valid sending IP address”
ip4:64.57.241.17 “consider 64.57.241.17 to be a valid sending IP address”
~all “if anything above hasn't matched, mark it 'soft failure' but let it through”

As of April 11, 2019, PINES' sending IP addresses are 168.25.131.21 (primary) and 168.25.131.22 (failover), so they will need to be added to the SPF record for georgialibraries.org sending addresses to be accepted. Our edited SPF record would then look like this:

v=spf1 include:_spf.google.com ip4:64.57.241.9 ip4:64.57.241.6
ip4:64.57.241.17 ip4:168.25.131.21 ip4:168.25.131.22 ~all

With that in place, messages should be accepted by email providers that consult the SPF record. You would want to ask whoever manages your email to make that change. NOTE: GPLS-hosted email has already made this change, so no further action is required.

It's also worth noting that you will not be able to edit the SPF records of email providers outside of your agency's area of responsibility. Several libraries have hotmail.com or yahoo.com addresses set. We strongly recommend changing these to library-owned/administered addresses.

It's helpful to understand where Evergreen is getting the email used in the notices being sent. Here's where each address is set and how it's used:

Email Address Setting When Used/Who Sets
Admin → Local Administration → Library Settings Editor, “Sending email address for patron notices” setting If present, this is used. Set by LocalAdmins for each library system.
Admin → System Administration → Organizational Units, Email for Organizational Unit If the library setting isn't present, this is used. Set by GPLS/PINES staff only.
Fallback address (evergreen@gapines.org) If neither of the above is set, this is used. Set by PINES System Administration staff. Not a valid receiving address.

Please contact the Help Desk if you have further questions.

admin/settings/spf.1554841099.txt.gz · Last modified: 2019/04/09 20:18 by csharp