User Tools

Site Tools


admin:settings:spf

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
admin:settings:spf [2019/09/25 14:37] csharpadmin:settings:spf [2024/03/01 15:34] (current) tlittle
Line 1: Line 1:
-====== SPF Records ======+ ====== SPF Records ======
  
-One of the features of Evergreen is the abililty to specify the sending address on outgoing email and SMS text messages so that individual libraries can receive any bounced messages and correct patron accounts accordingly (Admin -> Local Administration -> Library Settings Editor - the setting name is "Sending email address for patron notices").  The "sending address" feature means that messages sent from the PINES servers (gapines.org) appear to some of the receiving email providers to be "pretending" to be library (which is known as "spoofing"), which is resulting in either outright rejection (where the email provider's server will not accept the message) or silent acceptance and non-delivery to your patrons.+One of the features of Evergreen is the ability to specify the sending address on outgoing email and SMS text messages so that individual libraries can receive any bounced messages and correct patron accounts accordingly (Admin -> Local Administration -> Library Settings Editor - the setting name is "Sending email address for patron notices").  The "sending address" feature means that messages sent from the PINES servers (gapines.org) appear to some of the receiving email providers to be "pretending" to be the library (known as "spoofing"), which is resulting in either outright rejection (where the email provider's server will not accept the message) or silent acceptance and non-delivery to your patrons.
  
-Fortunately, there is a mechanism your library can use to tell patrons' email providers' servers to consider messages sent from gapines.org to be legitimate: [[http://www.openspf.org/Introduction|Sender Policy Framework]], or SPF.  An SPF entry is set up by whoever manages your email domain.  For example, if your library's email domain is "georgialibraries.org" you could use [[http://www.kitterman.com/spf/validate.html]] and enter "georgialibraries.org" into the "domain" field.  You would see something like the following:+Fortunately, there is a mechanism your library can use to tell patrons' email providers' servers to consider messages sent from gapines.org to be legitimate: [[http://www.openspf.org/Introduction|Sender Policy Framework]], or SPF. An SPF entry is set up by whoever manages your email domain. For example, if your library's email domain is "georgialibraries.org" you could use [[http://www.kitterman.com/spf/validate.html]] and enter "georgialibraries.org" into the "domain" field. You would see something like the following:
  
-<wrap indent>v=spf1 include:_spf.google.com ip4:168.28.68.41 ~all</wrap>+"Before" example:\\ 
 +<wrap indent>**v=spf1 include:_spf.google.com ip4:168.28.68.41 ~all**</wrap>
  
-This is the SPF entry for that domain.  Here's a breakdown of what each part means:+This is the SPF entry for that domain. Here's a breakdown of what each part means:
  
 {{tablelayout?rowsHeaderSource=Auto&colwidth="212px,432px"}} {{tablelayout?rowsHeaderSource=Auto&colwidth="212px,432px"}}
Line 13: Line 14:
 | v=spf1                   | The SPF version being used                                                     | | v=spf1                   | The SPF version being used                                                     |
 | include:_spf.google.com  | "include the SPF record for the '_spf.google.com' domain"                      | | include:_spf.google.com  | "include the SPF record for the '_spf.google.com' domain"                      |
-| ip4:168.28.68.41          | "consider 168.28.68.41 to be a valid sending IP address"                        |+| ip4:168.25.131.21          | "consider 168.25.131.21 to be a valid sending IP address"                        |
 | ~all                     | "if anything above hasn't matched, mark it 'soft failure' but let it through"  | | ~all                     | "if anything above hasn't matched, mark it 'soft failure' but let it through"  |
  
-As of April 11, 2019, PINES' sending IP addresses are 168.25.131.21 (primary) and 168.25.131.22 (failover), so they will need to be added to the SPF record for georgialibraries.org sending addresses to be accepted.  Our edited SPF record would then look like this:+As of April 11, 2019, PINES'sending IP addresses are **<color #ff0000>168.25.131.21</color>** (primary) and **<color #ff0000>168.25.131.22</color>** (failover), so they will need to be added to the SPF record for georgialibraries.org sending addresses to be accepted. Our edited SPF record would then look like this:
  
-<wrap indent>v=spf1 include:_spf.google.com ip4:168.28.68.41 ip4:168.25.131.21 ip4:168.25.131.22 ~all</wrap>+"After" example:\\ 
 +<wrap indent>**v=spf1 include:_spf.google.com ip4:168.25.131.21 ip4:168.25.131.22 ~all**</wrap>
  
-With that in place, messages should be accepted by email providers that consult the SPF record.  You would want to ask whoever manages your email to make that change.  NOTE:  GPLS-hosted email has already made this change, so no further action is required. +With that in place, messages should be accepted by email providers that consult the SPF record. You would want to ask whoever manages your email to make that change.  NOTE: GPLS-hosted email has already made this change, so no further action is required.
  
-It's also worth noting that you will not be able to edit the SPF records of email providers outside of your agency's area of responsibility.  Several libraries have hotmail.com or yahoo.com addresses set.  We strongly recommend changing these to library-owned/administered addresses.+It's also worth noting that you will not be able to edit the SPF records of email providers outside of your agency's area of responsibility. Several libraries have hotmail.com or yahoo.com addresses set. We strongly recommend changing these to library-owned/administered addresses.
  
-It's helpful to understand where Evergreen is getting the email used in the notices being sent.  Here's where each address is set and how it's used:+It's helpful to understand where Evergreen is getting the email used in the notices being sent. Here's where each address is set and how it's used:
  
 {{tablelayout?rowsHeaderSource=Auto}} {{tablelayout?rowsHeaderSource=Auto}}
 ^ Email Address Setting  ^ When Used/Who Sets  ^ ^ Email Address Setting  ^ When Used/Who Sets  ^
-|Admin -> Local Administration -> Library Settings Editor, "Sending email address for patron notices" setting |If present, this is used.  Set by LocalAdmins for each library system.| +|Admin -> Local Administration -> Library Settings Editor, "Sending email address for patron notices" setting |If present, this is used. Set by LocalAdmins for each library system.| 
-|Admin -> System Administration -> Organizational Units, Email for Organizational Unit |If the library setting isn't present, this is used.  Set by GPLS/PINES staff only.| +|Admin -> System Administration -> Organizational Units, Email for Organizational Unit |If the library setting isn't present, this is used. Set by GPLS/PINES staff only.| 
-|Fallback address (evergreen@gapines.org) |If neither of the above is set, this is used.  Set by PINES System Administration staff.  Not a valid receiving address.|+
  
 Please contact the [[https://help.georgialibraries.org|Help Desk]] if you have further questions. Please contact the [[https://help.georgialibraries.org|Help Desk]] if you have further questions.
 +
 +====== DMARC ======
 +
 +Email service providers may also be checking for valid DMARC records. You can check the DMARC for your domain at:
 +
 +[[https://www.dmarcanalyzer.com/dmarc/dmarc-record-check/]]
 +
admin/settings/spf.1569422245.txt.gz · Last modified: 2019/09/25 14:37 by csharp