spf-discuss
[Top] [All Lists]

Re: Basic Question

2004-08-11 12:27:27
Hi,

Most mta's nowadays do reject if the MAIL FROM domain does
not exist I think.. At least, sendmail does, has been doing so for
years. 

If you want to be absolutely sure, publish the wildcard record. But
you'll have to publish explicitly for your NS domains.

Koen

On Wed, Aug 11, 2004 at 11:53:33AM -0700, Lou Katz wrote:
I have some domains which have the following attributes:

1. I control the DNS and run the servers
2. The domains all have NS records
3. The domains have no A records and no MX records
4. The domains never send nor receive E-mail.

(these are placeholder domains, mostly to prevent others from
 using them for confusion purposes).

Publishing
      "v=spf1 -all"
should allow the detection of forgeries in sent mail for
mail allegedly coming from user(_at_)placeholder(_dot_)domain, or even
the null sender at placeholder.domain. It that sufficient to
also give detection of mail from user(_at_)mail(_dot_)placeholder(_dot_)domain
(where, in fact, there are no machine names in the domain),
or do I need to add a wildcard record to stop those?

In the cases where I do have some A records, and supply MX
records only for the old fashioned best practices of having
a working postmaster (and now 'abuse') inbound address, what
are the minimal set of spf records needed to assert that
there are no valid senders?


-- 
-=[L]=-

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features 
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

-- 
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features 
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: pgpQJHupEWwtJ.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>