spf-discuss
[Top] [All Lists]

how to avoid receiving email w. sender forged to be a host in my domain

2004-08-11 08:24:56
Hello All,

I want to avoid receiving email claiming to be from hosts in my domain,
except of course from those hosts that I designate in my TXT spf record.

e.g. suppose the TXT record for mydomain.com is:

        "v=spf1 mx -all"

     and suppose I add no more TXT spf records.

     Suppose there is a host on my network, noemail.mydomain.com,
     that should not receive email.

     In the above scheme, the mx for mydomain.com will still deliver
     email claiming to be from anyname(_at_)noemail(_dot_)mydomain(_dot_)com to
     validname(_at_)mydomain(_dot_)com(_dot_)  This is becuz i have no spf 
records
     published for noemail.mydomain.com, and the default behaviour when
     there are no spf records is to accept the email.

How do I avoid receiving email claiming to be from
anyname(_at_)noemail(_dot_)mydomain(_dot_)com ?  I could add an spf record for
noemail.mydomain.com, but what about every other host in mydomain.com
that doesn't receive email?

Do I have to add a TXT spf record for every host that is not a legitimate
sender of email from my domain?  There are hundreds of hosts in my
domain's zonefile, many of which are dynamically added (via dhcp).
I'd like to avoid having to add a TXT spf record for each host.
Is there a way to make the spf record "v=spf1 -all" be the default unless
otherwise specified?

Thanks
-- 
Happy Landings,

Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202