Re: Are these dns TXT statements ok?

On Mon, Aug 09, 2004 at 10:13:20PM -0400, George Young1 wrote:
> Thank you Koen
>
> So I will change my dns TXT to read
>
> Mtown.com TXT   "v=spf1 ip4:64.204.63.128/25 -all"
> Gldata.com  TXT  "v=spf1 ip4:64.204.63.128/25 -all"
> Dnsspy.com TXT  "v=spf1 ip4:64.204.63.128/25 -all"
>
> Etc, etc
>
>  for all the mail generating domains we have here that send from the
> 64.204.63.128/25?
Correct, and for the domains that never ever send any mail, you should
put "v=spf1 -all", so that spammers can't use those domains too.

Koen

> Thanks again - George
>
>
> > > Our mailserver which answers smtp queries as 'mtown.com' 
> > hosts several 
> > > other domains.
> > >
> > > Our organization has an assigned CIDR address space of 
> > > 64.204.63.128/25
> > > - 64.204.63.255/25
> > >
> > > Mail from our domains will only be sent from these addressess.
> > >
> > > Would you take a look at the two example dns TXT statements 
> > and tell 
> > > me if this is the best most network efficient way to do SPF?
> > >
> > >
> > > mtown.com.  TXT 
> > >     "v=spf1 ip4:64.204.63.128/25 a:dnsforyou.com a:dnsspy.com 
> > > a:gldata.com  -all"
> > dnsforyou.com.          14292   IN      A       64.204.63.132
> > gldata.com.             2836    IN      A       64.204.63.197
> >
> > These are inside 64.204.63.128/25, so you can leave them out. 
> > Furthermore, dnsspy.com does not seem to have an A record, so 
> > it does not make much sense to add it in the txt record.
> >
> > > ---------------------------
> > > gldata.com.  TXT   
> > >   "v=spf1 ip4:64.204.63.128/25 mx include:mail.mtown.com -all"
> > gldata.com.             3449    IN      MX      10 mail.gldata.com.
> > mail.gldata.com.        3456    IN      A       64.204.63.235
> >
> > is again inside 64.204.63.128/25, so you can leave out the mx.
> >
> > As mail.mtown.com above
> >
> > mail.mtown.com.         14147   IN      TXT     "v=spf1 
> > ip4:64.204.63.128/25 a:dnsforyou.com a:dnsspy.com 
> > a:gldata.com a:sandifrazier.com -all"
> >
> > Ok, dnsforyou.com / gldata.com are inside 64.204.63.128/25 
> > and can be left out. dnsspy.com has no A record and can be left out. 
> >
> > sandifrazier.com.       14404   IN      A       64.204.63.197
> >
> > is also in 64.204.63.128/25, so it too can be left out.
> >
> > If mail only is send by hosts in 64.204.63.128/25, the 
> > ip4:64.204.63.128/25 followed by the -all is enough, you 
> > don't need to specify the others as they are already allowed 
> > by ip4:64.204.63.128/25. By leaving them out, you minimize 
> > the length of the TXT, which is a good thing <tm>.
> >
> > Koen
> -------
> Sender Policy Framework: http://spf.pobox.com/
> Archives at http://archives.listbox.com/spf-discuss/current/
> http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features 
> SPF and Sender ID.
> To unsubscribe, change your address, or temporarily deactivate your 
> subscription, 
> please go to 
> http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
-- 
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features 
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

pgpzMWUvsi2UO.pgp
Description: PGP signature