On 12-Feb-10, at 2:24 PM, James R. Marcus wrote:
Yesterday I changed completely our SPF record to -all from ~all. I
started reading the common mistakes section of the website and
wasn't completely sure about this part
"Publish null SPF records for your domains that don't send mail
Once you've protected your mail sending domains with SPF, if someone
is trying to spoof you, then first thing they will try is to spoof
your non-mail sending domains. Publishing "v=spf1 -all" says that a
domain sends no mail. As an example, you might publish:
example.com. IN TXT "v=spf1 a:mail.example.com -all"
mail.example.com. IN TXT "v=spf1 a -all"
www.example.com. IN TXT "v=spf1 -all"
"
Are there a list of common subdomains I'm supposed to add TXT
records for or just just simple ones I can think of?
No! What you want to do is create an SPF policy for any domain/host
name that has an 'A' record only!
For example, if you don't have the host name, 'ftp.edhance.com' then
why created a SPF policy for it? Just because 'ftp' is common doesn't
mean you create a policy for it.
I have shutdown SMTP access to all but my to relay servers on the
network. But if I don't want email to come from username(_at_)www(_dot_)edhance(_dot_)com
, do I just add this:
www.edhance.com IN TXT "v=spf1 -all"
Since 'www.edhance.com' and 'edhance.com' both point to the IP address
67.110.143.116 why have an 'A' record for 'www.edhance.com'? You could
have covered this with a 'C NAME' record and not worried about
providing a SPF policy for it. But this touches on DNS configuration
and is beyond the scope of this mail list!
thanks,
James
--
Gino Cerullo
Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6
416-247-7740
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com