spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: HELO Checking [Re: What to include...]

2004-10-06 06:15:02
from [terry] [Permanent Link] 
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Greg 
Hewgill
Sent: Wednesday, October 06, 2004 8:45 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: HELO Checking [Re: [spf-discuss] What to include...]


On Wed, Oct 06, 2004 at 01:25:08PM +1000, Raymond Neeves wrote:

HELO au01.mta.mycompany.myisp.au.com
where in this fqdn do i stop checking for SPF records?


You could walk up the DNS tree looking for SOA records. If mycompany
runs their own DNS, the first match might be an SOA for
mycompany.myisp.au.com. Otherwise, continue to remove names from the
left hand side until an SOA record is found.


Note that even if an SOA is required, there might be one for say:
example.com
And an SPF record say:
some.deep.subdomain.example.com.  IN TXT "v=spf1 <shallowrule>"

But in the subdomain:
server.some.deep.subdomain.example.com

If SPF is published at:
some.deep.subdomain.example.com.  IN TXT "v=spf1 <deeprule>"

But if there was no SOA for some.deep.subdomain.example.com your method would 
skip over the spf
record that should have been used and end up using the SPF record for 
example.com, hence you would
apply "shallowrule" instead of "deeprule".

Yes, there should be an SOA.  Would you like to explain that to all the mail 
admins that don't know
DNS very well?   :)

Note that a simple:
server.some.deep.subdomain.example.com.  IN TXT "v=spf1 
redirect=some.deep.subdomain.example.com"
Solves the problems.  You would need one for each of your mail servers (you 
could play with
wildcards, ugh, but given there are a finite number of mail servers one has, I 
wouldn't)

A decent spf record generator (e.g. the one on pobox.com) gives you the 
additional needed TXT
record(s) to redirect the FQDN of your mail server to the SPF record for your 
domain.

Terry Fielder
Manager Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
terry(_at_)greatgulfhomes(_dot_)com
Fax: (416) 441-9085


Greg Hewgill
http://hewgill.com

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in
Atlanta features SPF and Sender ID.
To unsubscribe, change your address, or temporarily
deactivate your subscription,
please go to

http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: HELO Checking [Re: What to include...], Greg Hewgill
Next by Date:  Re: HELO Checking [Re: What to include...], Mark
Previous by Thread:  Re: HELO Checking [Re: What to include...], Mark Shewmaker
Next by Thread:  RE: HELO Checking [Re: What to include...], administrator
Indexes:  [Date] [Thread] [Top] [All Lists]