spf-discuss
[Top] [All Lists]

Re: RE: rr.com and SPF records

2005-03-17 09:31:09
On Thu, 17 Mar 2005, at 08:16, william(at)elan.net wrote:

On Thu, 17 Mar 2005, Todd Herr wrote:

I think the SPF for rr.com, as currently published, best meets
our needs.  Our customers send email from sub-domains of rr.com
(each of which has its own SPF record), and the record as it
stands best communicates the information that we need to
communicate regarding the locations of our Road Runner-managed
SMTP servers.

You do realize that foo.rr.com is not the same as rr.com and needs
its own record (which if you want can be redirect to main one by
means of spf), right?

Perhaps I wasn't clear enough in what I wrote:

Our customers send email from sub-domains of rr.com
(each of which has its own SPF record),

For example, a customer may send email from 
"joe(_at_)austin(_dot_)rr(_dot_)com":

# dig +sho austin.rr.com txt
"v=spf1 redirect=texas.rr.com"
# dig +sho texas.rr.com txt
"v=spf1 ip4:24.93.47.0/24 ip4:24.28.204.15 ip4:24.28.204.16 +mx ~all"

                       Also each actual mail server should also
have its own spf record and those should be specific (they are used
for HELO checks).

Our inbound servers, which would send bounces (yes, I know;
accept-then-bounce is bad; we're working on a solution to that
problem) each have their own SPF record, all of which are:

   "v=spf1 a -all"

Our inbound servers are all collected in the DNS domain
mgw.rr.com, a domain from which customers will never send email.

Are you saying here that our outbound servers (not collected in
any one particular domain) also require SPF records?  If that's
true, when might the FAQ be updated?

  http://spf.pobox.com/faq.html#allsmtp

-- 
Todd Herr
Senior Security Policy Specialist/Postmaster      V: 703.345.2447
Time Warner Cable IP Security                     M: 571.344.8619
therr(_at_)security(_dot_)rr(_dot_)com                           AIM:  
RRCorpSecTH


<Prev in Thread] Current Thread [Next in Thread>