With just days to go before launch, we’ve started going through the final checks. It’s almost like the final stages of preparation before launching a space flight:
- Speed: Check
- Performance: Check
- Accuracy: Check
And so on. Every so often, we hit a check item and we get, what we call in the office, an “oh sh*t” moment! For example, this morning, we hit the “Check DNS” item. On checking our SPF records we found that they were screwed up big time and had been this way for a long time (probably “for ever”). Our SPF entries are (thankfully) fixed now which should make email address checking more accurate from our servers when we query external email servers that implement SPF checking.
Hindsight is a wonderful thing, so what did we learn from this? Two things:
- SPF wizards suck! In our case, the SPF wizard that we used a couple of years ago spat out the wrong text to paste into our DNS records. To fix the problem, we resorted to manually generating the records after having read the Wiki on SPF records. The idea behind SPF wizards is great (i.e. make it easy to create records). Unfortunately, the implementations of all the wizards that we tried were confusing (poorly worded), ambiguous and created duplicate entries for A:, MX, PTR and every other conceivable DNS record. Ultimately, we boiled the required SPF entry to a simple “v=spf1 a mx -all” and have found this to work well for all of our server infrastructure. “Wizards” came back with completely different results and, on testing, we found that none of them worked as we had expected.
- With DNS, don’t assume anything! In hindsight, we should have checked the original SPF records for validity. We didn’t and so have been running with no SPF records for over two years! Doh!
Having correct SPF records is essential if you operate services that need to cooperate with external email servers. For us, it’s very important that we get this right as it directly affects the results that we see when checking email addresses on servers that implement aggressive anti-spam policies.
Getting SPF records wrong is, at best inconvenient and may result in some of your emails not getting delivered. At it’s worst, incorrect SPF records can mean that most of your emails (or email address checks in our case) wont get through.
A lesson learnt for us.
