On Thu, 17 Mar 2005, Todd Herr wrote:
On Thu, 17 Mar 2005, at 08:16, william(at)elan.net wrote:
On Thu, 17 Mar 2005, Todd Herr wrote:
I think the SPF for rr.com, as currently published, best meets
our needs. Our customers send email from sub-domains of rr.com
(each of which has its own SPF record), and the record as it
stands best communicates the information that we need to
communicate regarding the locations of our Road Runner-managed
SMTP servers.
You do realize that foo.rr.com is not the same as rr.com and needs
its own record (which if you want can be redirect to main one by
means of spf), right?
Perhaps I wasn't clear enough in what I wrote:
Our customers send email from sub-domains of rr.com
(each of which has its own SPF record),
Missed it, sorry.
For example, a customer may send email from
"joe(_at_)austin(_dot_)rr(_dot_)com":
# dig +sho austin.rr.com txt
"v=spf1 redirect=texas.rr.com"
# dig +sho texas.rr.com txt
"v=spf1 ip4:24.93.47.0/24 ip4:24.28.204.15 ip4:24.28.204.16 +mx ~all"
Looks good. I do hope your austin.rr.com customers don't travel much
beyond Texas on your net or when they do they send email back through
texas.rr mail servers...
i.e. what do you do when customer from Texas moves to say California, is
he allowed keep his old email account as he would with most other ISPs?
Also each actual mail server should also
have its own spf record and those should be specific (they are used
for HELO checks).
Our inbound servers, which would send bounces (yes, I know;
accept-then-bounce is bad; we're working on a solution to that
problem) each have their own SPF record, all of which are:
"v=spf1 a -all"
Our inbound servers are all collected in the DNS domain
mgw.rr.com, a domain from which customers will never send email.
Are you saying here that our outbound servers (not collected in
any one particular domain) also require SPF records?
The first question to ask is if your outbound mail servers ever send email
with null mail-from? If they do (i.e. if they allow customers to do it and
don't modify it), the answer is definetly yes. Next even if they dont if
you look at latest Wayne's SPF draft you'll find that HELO checks are
optional but can be done no matter if MAIL-FROM is null or not (and some
do it already), that suggests that you should consider adding SPF records
to all outbound mail servers anyway.
If that's true, when might the FAQ be updated?
http://spf.pobox.com/faq.html#allsmtp
Well, this is hardly the only problem with spf.pobox.com website or FAQ
(you may want to check few other threads on the subjest of spf webste in
last couple weeks to find more), in fact considering other things on that
website, its rather minor problem
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net