Thank you Koen
So I will change my dns TXT to read
Mtown.com TXT "v=spf1 ip4:64.204.63.128/25 -all"
Gldata.com TXT "v=spf1 ip4:64.204.63.128/25 -all"
Dnsspy.com TXT "v=spf1 ip4:64.204.63.128/25 -all"
Etc, etc
for all the mail generating domains we have here that send from the
64.204.63.128/25?
Thanks again - George
Our mailserver which answers smtp queries as 'mtown.com'
hosts several
other domains.
Our organization has an assigned CIDR address space of
64.204.63.128/25
- 64.204.63.255/25
Mail from our domains will only be sent from these addressess.
Would you take a look at the two example dns TXT statements
and tell
me if this is the best most network efficient way to do SPF?
mtown.com. TXT
"v=spf1 ip4:64.204.63.128/25 a:dnsforyou.com a:dnsspy.com
a:gldata.com -all"
dnsforyou.com. 14292 IN A 64.204.63.132
gldata.com. 2836 IN A 64.204.63.197
These are inside 64.204.63.128/25, so you can leave them out.
Furthermore, dnsspy.com does not seem to have an A record, so
it does not make much sense to add it in the txt record.
---------------------------
gldata.com. TXT
"v=spf1 ip4:64.204.63.128/25 mx include:mail.mtown.com -all"
gldata.com. 3449 IN MX 10 mail.gldata.com.
mail.gldata.com. 3456 IN A 64.204.63.235
is again inside 64.204.63.128/25, so you can leave out the mx.
As mail.mtown.com above
mail.mtown.com. 14147 IN TXT "v=spf1
ip4:64.204.63.128/25 a:dnsforyou.com a:dnsspy.com
a:gldata.com a:sandifrazier.com -all"
Ok, dnsforyou.com / gldata.com are inside 64.204.63.128/25
and can be left out. dnsspy.com has no A record and can be left out.
sandifrazier.com. 14404 IN A 64.204.63.197
is also in 64.204.63.128/25, so it too can be left out.
If mail only is send by hosts in 64.204.63.128/25, the
ip4:64.204.63.128/25 followed by the -all is enough, you
don't need to specify the others as they are already allowed
by ip4:64.204.63.128/25. By leaving them out, you minimize
the length of the TXT, which is a good thing <tm>.
Koen