Yesterday we updated our SMTP servers so that they deliver mail using a pool of 30 IP addresses. Previously outgoing mail from all of our SMTP servers was NAT’d through a single outgoing IP address. Using a single IP however left our system somewhat vulnerable, because if that IP address were to become temporarily blacklisted by an anti-spam group, it could affect the deliverability of all customer mail. We have dealt with this situation in the past by switching to a new unused IP temporarily while addressing the problem. However you can’t do that anymore because SenderBase.org and TrustedSource.org will see a huge mail volume spike, which their partners use to further block mail.
Now with the use of a pool of outgoing IP addresses, if an IP becomes temporarily blacklisted, we can pull the affected IP address out of use while we deal with the customer who got us blacklisted.
Fyi, our IPs have only been blacklisted three times during the six years we have been in business. In both cases it was resolved with within hours.
Webmail.us customers who have SPF records for their domains should continue to
use the following value in order to always have the updated IPs
automatically included in your domain’s SPF record:
example.com IN TXT "v=spf1 include:emailsrvr.com -all"
I’m glad you’re blogging…I look forward to getting more technical info in edition to Pat’s blog and the company blog.
This is my current SPF record:
“v=spf1 mx a:secure.emailsrvr.com a:smtp.emailsrvr.com ip4:220.127.116.11/24 ip4:18.104.22.168/28 ip4:22.214.171.124/28 ip4:126.96.36.199/24 ip4:188.8.131.52/24 ip4:184.108.40.206/22 include:emailsrvr.com -all”
What do you think of my SPF entry? I was under the impression that I would gain a performance boost by listing the IP’s and servers directly rather than just using include. Is that incorrect? Should I simply change it to “v=spf1 include:emailsrvr.com -all”?
Thanks, and keep on blogging! 🙂
Some of those IPs are already outdated. Here is the current emailsrvr.com SPF record showing all of the Webmail.us outgoing public IPs:
“v=spf1 ip4:220.127.116.11/28 ip4:18.104.22.168/24 ip4:22.214.171.124/24 i
Listing the IPs directly in your SPF record will allow receiving mail servers to process your mail slightly faster, but it will create more work for you when our IPs change – which they may. The performance difference will not be noticeable so I would recommend using the “include:” value.
However, if you decide to keep the IPs, you can definitely remove these values:
mx a:secure.emailsrvr.com a:smtp.emailsrvr.com
Your outgoing mail will not originate from the IPs of the SMTP servers that you connect to. Those are the IPs for our load balancers, which send the mail to a number of SMTP servers behind it. The true outgoing IP will be one in the other listed IP ranges.
I hope this helps.