spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Need Help with SPF DNS record

2006-03-11 11:35:36
from [Mark Shewmaker] [Permanent Link] 
On Sat, 2006-03-11 at 11:23 -0500, Rob Robson wrote:


rob-robson.com.       IN      TXT     "v=spf1 a mx include:adelphia.net all"


As an unrelated side note, I imagine that you intended to have your
record end in "-all" instead of "all".

"all" is equivalent to "+all", which authorizes everyone in the world to
use rob-robson.com in their MAIL FROMs.

Probably not what you really meant.  :-)


Here is what I have:
My own mail server    mail.rob-robson.com
my own DNS server with the following record

rob-robson.com.       IN      TXT     "v=spf1 a mx include:adelphia.net all"

I have a user on adelphia.net who sends newsletters to my list_server for 
distribution to club 
members.
Here is the rejection I get:

-------------  snip  ------------------------------------------------------
   *** duane(_at_)csaccess(_dot_)net
   550-SPF prohibits 216.255.7.248 sending mail from adelphia.net
--------------  end snip  -------------------------------------------------

What am I doing wrong?


It sounds like your mailing list tried to send mail from your server
with "adelphia.net" in a MAIL FROM, where it should really be generating
new emails with your server's address in the MAIL FROM.

That will definitely be a problem with SPF, as those actions are similar
to forwarding, except that SPF-checking recipients aren't as likely to
guess that your mailing list is acting like a non-SRS forwarder instead
of a mailing list.

It's probably just a coincidence that you happened to have first noticed
this error with a message originally from an adelphia user.  It could
have occurred for any email sent first sent from an spf-protected
domain.

(It sounds like you're using an /etc/aliases type mail-exploder instead
of a mailing list.  I'm curious:  What mailing list software are you
using?)

To solve the problem you will either need to have your mailing list
software generate its own MAIL FROM's, or have your mailserver do
something like SRS.

-- 
Mark Shewmaker
mark(_at_)primefactor(_dot_)com

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Evolutionary site change - FAQ is ready to go too, Scott Kitterman
Next by Date:  [spf-discuss] Re: Need Help with SPF DNS record, Scott Kitterman
Previous by Thread:  [spf-discuss] Re: Need Help with SPF DNS record, Scott Kitterman
Next by Thread:  [spf-discuss] Re: Need Help with SPF DNS record, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]