spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Are these dns TXT statements ok?

2004-08-09 08:48:21
from [Koen Martens] [Permanent Link] 
Hi,

On Mon, Aug 09, 2004 at 10:47:42AM -0400, George Young1 wrote:


Hello 

Our mailserver which answers smtp queries as 'mtown.com' hosts several
other domains.

Our organization has an assigned CIDR address space of 64.204.63.128/25
- 64.204.63.255/25

Mail from our domains will only be sent from these addressess.

Would you take a look at the two example dns TXT statements and tell me
if this is the best most network efficient way to do SPF?


mtown.com.  TXT 
    "v=spf1 ip4:64.204.63.128/25 a:dnsforyou.com a:dnsspy.com
a:gldata.com  -all"


dnsforyou.com.          14292   IN      A       64.204.63.132
gldata.com.             2836    IN      A       64.204.63.197

These are inside 64.204.63.128/25, so you can leave them out.
Furthermore, dnsspy.com does not seem to have an A record, so it does
not make much sense to add it in the txt record.



---------------------------
gldata.com.  TXT   
  "v=spf1 ip4:64.204.63.128/25 mx include:mail.mtown.com -all"


gldata.com.             3449    IN      MX      10 mail.gldata.com.
mail.gldata.com.        3456    IN      A       64.204.63.235

is again inside 64.204.63.128/25, so you can leave out the mx.

As mail.mtown.com above

mail.mtown.com.         14147   IN      TXT     "v=spf1 ip4:64.204.63.128/25 
a:dnsforyou.com a:dnsspy.com a:gldata.com a:sandifrazier.com -all"

Ok, dnsforyou.com / gldata.com are inside 64.204.63.128/25 and can be
left out. dnsspy.com has no A record and can be left out. 

sandifrazier.com.       14404   IN      A       64.204.63.197

is also in 64.204.63.128/25, so it too can be left out.

If mail only is send by hosts in 64.204.63.128/25, the
ip4:64.204.63.128/25 followed by the -all is enough, you don't need to
specify the others as they are already allowed by ip4:64.204.63.128/25.
By leaving them out, you minimize the length of the TXT, which is a good
thing <tm>.

Koen

-- 
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features 
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: pgphHGXDJzHcX.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Are these dns TXT statements ok?, George Young1
Next by Date:  Re: Re: change of version string, Mark Lentczner
Previous by Thread:  Are these dns TXT statements ok?, George Young1
Next by Thread:  RE: Are these dns TXT statements ok?, George Young1
Indexes:  [Date] [Thread] [Top] [All Lists]