spf-discuss
[Top] [All Lists]

Unified SPF: example with single domain, multiple machines

2004-06-18 13:01:00
On Fri, Jun 18, 2004 at 01:42:21PM -0400, John Glube wrote:
| 
| Can you perhaps elaborate further on this point,
| so we can better understand your vision of how
| this will all come together?

Use case 2: one domain, many machines

    Example.com is a domain with three machines.
    One is a webserver, two are mailservers.
    All of them are authorized to send mail.

        example.com A   192.0.2.1
                        192.0.2.1 PTR example.com
    www.example.com A   192.0.2.1

        example.com MX 10   mx10.example.com
                            mx10.example.com A 192.0.2.10
                                               192.0.2.10 PTR mx10.example.com
        example.com MX 11   mx11.example.com
                            mx11.example.com A 192.0.2.11
                                               192.0.2.11 PTR mx11.example.com

    192.0.2.1 sends mail with

      HELO example.com
      MAIL FROM:<user(_at_)example(_dot_)com>
      From: <user(_at_)example(_dot_)com>

    192.0.2.10 sends mail with

      HELO mx10.example.com
      MAIL FROM:<user(_at_)example(_dot_)com>
      From: <user(_at_)example(_dot_)com>

    192.0.2.11 sends mail with

      HELO mx11.example.com
      MAIL FROM:<user(_at_)example(_dot_)com>
      From: <user(_at_)example(_dot_)com>

    Unified SPF asks example.com to publish four SPF
    records:

       example.com TXT "v=spf1 a mx -all"
   www.example.com TXT "v=spf1 a -all"
  mx10.example.com TXT "v=spf1 a -all"
  mx11.example.com TXT "v=spf1 a -all"

    (This is exactly what SPF Classic asks example.com to
    publish, BTW.)

So the above SPF records are meaningful for all of the following:

  1 the PTR lookup       (MTAMark / SS)
  2 the HELO name        (CSV / DRIP / DHVP)
  3 the MAIL FROM        (SPF Classic, DMP, RMX)
  4 the header From:     (CallerID/SenderID PRA)


<Prev in Thread] Current Thread [Next in Thread>