On Mon, Aug 09, 2004 at 07:49:49PM -0400, John Hinton wrote:
I already have smtp sasl_auth setup.
We have some users with simple forwarded addresses and some with POP
accounts. Some of these POP accounts send through their own ISP.
1. Will I need to add a SPF record to each DNS record on our
nameservers, assuming it will be used as a from address for email?
Yes, and also if the domain does not send mail you will want to add
something like "v=spf1 -all", since that prevents spammers/virusses from
using your non-mail domain.
2. Will the users using forwarding be able to use their domain as the
from address when replying while sending through their ISP? Or would
that ISP need to add a record for that sender?
SPF will check only the spf records for the MAIL FROM domain (and in
absence of that, it will use the HELO domain). If your users send their
mail through mail.xyzisp.com, you will have to include mail.xyzisp.com
as a permitted sender for that domain. Note that you can never know for
sure (and keep up to date) which servers are being used for outgoing
mail by xyzisp.com.
3. Will POP account users need to only send through our server to make
use of the SPF record, assuming they are using their domain in the from
address?
Yes, having them use your server all the time is best, since then you
can effectively publish spf records for the domain. You know when your
servers change ip or things like that.
Seems not much is covered anywhere from the hosting point of view.
It's between the lines ;)
Koen
--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
pgpkfQUTA0Aii.pgp
Description: PGP signature