Nigel wrote:
Paul Howarth wrote:
> For example:
>
> forwarders-to-kilner-vacuum-lifting.local. TXT "v=spf1
> ip4:195.102.244.128/28"
So should that ip be the ip of clara.net's mail servers or the ip range
of our domain as hosted by clara?
No, it should be the IP addresses of forwarding services that people in your
domain use. However, given that you're not running your own incoming mail
server, the point is moot as the milter isn't doing anything useful for you as
I mentioned in another email.
> SPF will only detect forgeries for domains that have published SPF
> records, and where those forgeries don't come from the servers
> authorized to send for the sender's domain. The forgeries will only be
> rejected if the sender's SPF record uses "-all"; otherwise the mail >
> will be accepted and the Received-SPF: header will show a "neutral" or
> "softfail" result.
How long will it be before I can actually benefit from SPF, are we
talking months or years?
are there any benefits at present?
At the moment you're not going to be seeing any benefit at all from SPF.
If you get your DNS set up so that your SPF record is visible to the rest of
the Internet then you'll no longer get bounces from sites checking SPF
regarding spam/viruses that have forged your domain name, and the rest of the
Internet will benefit from being able to reject such spam/viruses.
If either (a) you run your own incoming mail server with SPF checking, or (b)
your ISP does SPF checks, then you will get the benefit of being able to
reject/filter mail with forged sender addresses of any domain that has
published SPF records.
Paul.