Hi,
On Mon, Aug 09, 2004 at 10:47:42AM -0400, George Young1 wrote:
Hello
Our mailserver which answers smtp queries as 'mtown.com' hosts several
other domains.
Our organization has an assigned CIDR address space of 64.204.63.128/25
- 64.204.63.255/25
Mail from our domains will only be sent from these addressess.
Would you take a look at the two example dns TXT statements and tell me
if this is the best most network efficient way to do SPF?
mtown.com. TXT
"v=spf1 ip4:64.204.63.128/25 a:dnsforyou.com a:dnsspy.com
a:gldata.com -all"
dnsforyou.com. 14292 IN A 64.204.63.132
gldata.com. 2836 IN A 64.204.63.197
These are inside 64.204.63.128/25, so you can leave them out.
Furthermore, dnsspy.com does not seem to have an A record, so it does
not make much sense to add it in the txt record.
---------------------------
gldata.com. TXT
"v=spf1 ip4:64.204.63.128/25 mx include:mail.mtown.com -all"
gldata.com. 3449 IN MX 10 mail.gldata.com.
mail.gldata.com. 3456 IN A 64.204.63.235
is again inside 64.204.63.128/25, so you can leave out the mx.
As mail.mtown.com above
mail.mtown.com. 14147 IN TXT "v=spf1 ip4:64.204.63.128/25
a:dnsforyou.com a:dnsspy.com a:gldata.com a:sandifrazier.com -all"
Ok, dnsforyou.com / gldata.com are inside 64.204.63.128/25 and can be
left out. dnsspy.com has no A record and can be left out.
sandifrazier.com. 14404 IN A 64.204.63.197
is also in 64.204.63.128/25, so it too can be left out.
If mail only is send by hosts in 64.204.63.128/25, the
ip4:64.204.63.128/25 followed by the -all is enough, you don't need to
specify the others as they are already allowed by ip4:64.204.63.128/25.
By leaving them out, you minimize the length of the TXT, which is a good
thing <tm>.
Koen
--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
pgphHGXDJzHcX.pgp
Description: PGP signature