spf-discuss
[Top] [All Lists]

Re: [spf-discuss] More detail on subdomains

2010-02-12 13:41:57
On 12-Feb-10, at 2:24 PM, James R. Marcus wrote:

Yesterday I changed completely our SPF record to -all from ~all. I started reading the common mistakes section of the website and wasn't completely sure about this part

"Publish null SPF records for your domains that don't send mail
Once you've protected your mail sending domains with SPF, if someone is trying to spoof you, then first thing they will try is to spoof your non-mail sending domains. Publishing "v=spf1 -all" says that a domain sends no mail. As an example, you might publish:

example.com.       IN  TXT  "v=spf1 a:mail.example.com -all"
mail.example.com.  IN  TXT  "v=spf1 a -all"
www.example.com.   IN  TXT  "v=spf1 -all"
"

Are there a list of common subdomains I'm supposed to add TXT records for or just just simple ones I can think of?

No! What you want to do is create an SPF policy for any domain/host name that has an 'A' record only!

For example, if you don't have the host name, 'ftp.edhance.com' then why created a SPF policy for it? Just because 'ftp' is common doesn't mean you create a policy for it.

I have shutdown SMTP access to all but my to relay servers on the network. But if I don't want email to come from username(_at_)www(_dot_)edhance(_dot_)com , do I just add this:
www.edhance.com IN TXT "v=spf1 -all"

Since 'www.edhance.com' and 'edhance.com' both point to the IP address 67.110.143.116 why have an 'A' record for 'www.edhance.com'? You could have covered this with a 'C NAME' record and not worried about providing a SPF policy for it. But this touches on DNS configuration and is beyond the scope of this mail list!



thanks,
James

--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON  M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ 
[http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com