On Thu, 24 Apr 2008, Grant Peel wrote:
When I have an SPF record like:
a:reflexion.net
Should it allow for domain names like:
asp-0.reflexion.net ?
If not, can wildcards be used? If so what is the format?
Wildcards are a feature of your DNS server and details vary.
I use bind, (Warning: bind wildcards are not for newbies, and
I probably screwed up the following untested example):
example.com IN TXT "v=spf1 mx -all"
example.com IN MX 10 mail1.example.com.
example.com IN MX 20 mail2.example.com.
mail1.example.com IN A 1.2.3.4
mail1.example.com IN TXT "v=spf1 a -all"
mail2.example.com IN A 1.2.3.5
mail2.example.com IN TXT "v=spf1 a -all"
*.example.com IN TXT "v=spv1 -all"
This sets up a domain with outgoing email restricted to its
mx servers. All subdomains allow no email at all.
Restricting all subdomains is not really necessary. Most MTAs reject mail
from domains with no A and no MX record (or can be configured to do so).
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/735/=now
RSS Feed: http://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com