spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: I hate to interrupt all this for something practical, but.... we need a concise, easy-to-follow set of SPF instructions in file format - anyone able to help?

2004-11-01 09:40:16
from [Andrew W . Donoho] [Permanent Link] 

On Oct 31, 2004, at 21:53, Scott Kitterman wrote:
It's more complex than this perhaps. Generally, the name that the ISP gives 
you actually resolves to multiple machines with different names/IP
adrresses.  For example, when I send mail via my domain hosts server, I
"send" mail to relay.pair.com.  This is actually 5 SMTP servers.
Fortunately, Pair.com publishes an SPF record for relay.pair.com, so your 
solution works fine.
My cable modem provider is Comcast. They publish no SPF record at all, so 
I'l left to guess.  So, through trial and error I've come up with a,
hopefully, comprehensive list of IP addresses:

?ip4:204.127.202.0/24 ?ip4:204.127.198.0/24 ?ip4:216.148.227.0/24
?ip4:63.240.76.0/24

I also have DSL as a backup (I work out of the house, so redundancy is
critical)). For that, I use Megapathdsl.net. They publish an SPF record, 
but it's a bit complex, so the best bet is to include it in my record:

?include:megapathdsl.net
Additionally, all these are shared MTAs or IP blocks not under my control 
that do not have strong technical measures in place to prevent
cross-customer forgery (this is true of almost all mail services today), so I always put a ? in front of the mechanism so that it gives a NEUTRAL rather than PASS result. This is important, because I don't want other customers 
of my providers to be able to forge my mail from address.
Also, you will almost certainly want MX in your record to support bounce 
authentication even if people don't send mail from the MX.
Judging from the comments over the last few days, I would change the record to:
IN TXT "v=spf1 ?include:ISP.net ?a:ISP.net ip4:192.0.2.2 -all"
Of course, since Anne has not responded to this list or to me privately, this may be a totally moot discussion. 

Andrew
____________________________________
Andrew W. Donoho
awd(_at_)DDG(_dot_)com, PGP Key ID: 0x81D0F250
+1 (512) 453-6652 (o), +1 (512) 750-7596 (m)


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features 
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: PGP.sig
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Using "v=spf1/scope1,scope2,scope3 " as ascopingsyntax, Richard Bang
Next by Date:  RE: Using "v=spf1/scope1,scope2,scope3 " as ascopingsyntax, Mark Shewmaker
Previous by Thread:  RE: I hate to interrupt all this for something practical, but.... we need a concise, easy-to-follow set of SPF instructions in file format - anyone able to help?, Mark Shewmaker
Next by Thread:  Re: I hate to interrupt all this for something practical, but.... we need a concise, easy-to-follow set of SPF instructions in file format - anyone able to help?, Anne P. Mitchell, Esq. <amitchell(_at_)isipp(_dot_)com>
Indexes:  [Date] [Thread] [Top] [All Lists]