Thanks for the very useful info, both Wayne and John.
[John Warren]
So forget their DNS servers and go to zoneedit.com and do your own.
It's easy, the only thing you can't do is "_SPF" since they don't allow
the "_".
That's a reasonable option. What is the "_SPF" used for? I was just going
to use the ptr mechanism to qualify my outgoing MX's.
[wayne]
First off, a /14 isn't really that large. More importantly, if any
Interland.com customer starts forging your domain name, I would hope
that Interland.com would be willing to do something about it.
True on both counts. I often forget the distinction between what would be
"nice" and what is a reasonable practical solution.
[wayne]
That said, it appears that Interland.com has more than a /14. Doing a
"dig interland.com" shows that their name servers are on 64.226.28.33,
64.77.127.42, and 69.0.145.33, which is quite a spread.
That's true, but for my class of puny hosting account (fixed IP, shared
server), all mail goes through their registeredsite.com mail cluster.
[wayne]
The best tool that I know of to figure this stuff is to use
senderbase.org. If anyone knows a better tool, please let me know!
That's an amazing tool, thanks. I was amused to see their individual
outgoing MX's listed on the web, when after several escalations of my
request for this information, a senior tech support person for email
categorically stated that they would never give out the IP's or the CIDR
range of their outgoing MX's due to security considerations.
I tried to diplomatically sell the benefits of SPF during the process of
requesting either a CIDR range or a naming structure for their outgoing
MX's, but was finally told that they looked at SPF, decided that it had no
industry support and did not plan to make provisions for it. From the
sidelines, that does not appear to be true, and I hope that they reconsider
SPF or whatever verification scheme the industry eventually gets behind. As
a large hosting service, they tend to be late adopters. For the past year,
they have been filtering or tagging email, configurable per domain, against
both SpamCop and Sorbs (not configurable). They are just now considering
rejection at the SMTP level against those DNSBL's, but again, all or
nothing. They have thus far decided against any kind of secure
authentication or support for port 587. I still think they'll come around,
but not quickly.
[wayne]
From there, it appears that you are correct, most of the email is
coming from the domain name of registeredsite.com. More over, it looks
like you are pretty safe with using ptr:atl.registeredsite.com and/or
ip4:64.224.219.0/24
That was the /24 I was thinking of based on my own observations. The
senderbase tool verifies this. I agree that either of your solutions is
fine for my purposes.
--
Seth Goodman
off-list replies to sethg [at] GoodmanAssociates [dot] com
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡