Okay
I'll set an SPF to tell the world not accept email from @www.edhance.com with
www.edhance.com<http://www.edhance.com> IN TXT "v=spf1 -all" correct?
The part that I'm not quite clear on is the part with the relay hosts. The
relay hosts relay1.edhance.com<http://relay1.edhance.com> and
relay0.edhance.com<http://relay0.edhance.com> don't have txt record but they
are in the edhance.com<http://edhance.com> TXT record. To be extra safe should
I add a txt record for each of the relays like this:
relay1.edhance.com<http://relay1.edhance.com>. IN TXT "v=spf1
ip4:67.110.143.100 -all" & relay0.edhance.com<http://relay0.edhance.com>. IN
TXT "v=spf1 ip4:67.110.143.99 -all"?
Thanks,
James
On Feb 12, 2010, at 3:09 PM, alan wrote:
At 19:24 12/02/2010 Friday, James R. Marcus wrote:
Yesterday I changed completely our SPF record to -all from ~all. I started
reading the common mistakes section of the website and wasn't completely sure
about this part
"Publish null SPF records for your domains that don't send mail
Once you've protected your mail sending domains with SPF, if someone is trying
to spoof you, then first thing they will try is to spoof your non-mail sending
domains. Publishing "v=spf1 -all" says that a domain sends no mail. As an
example, you might publish:
example.com<http://example.com>. IN TXT "v=spf1 a:mail.example.com -all"
mail.example.com<http://mail.example.com>. IN TXT "v=spf1 a -all"
www.example.com<http://www.example.com>. IN TXT "v=spf1 -all"
"
Are there a list of common subdomains I'm supposed to add TXT records for or
just just simple ones I can think of?
no just any that already exist in your DNS records with an A or MX record
[there is no point creating new ones]
{any domains without an A or MX record will already be rejected by most
mail-recievers}
but i would point out from looking at you mail to the list that your server
actually sends with the name
relay1.edhance.com<http://relay1.edhance.com>
(relay1.edhance.com<http://relay1.edhance.com> [67.110.143.100
so you MUST have
relay1.edhance.com<http://relay1.edhance.com>. IN TXT "v=spf1 a -all"
or
relay1.edhance.com<http://relay1.edhance.com>. IN TXT "v=spf1
ip4:67.110.143.100 -all"
if you want to be kinder to us all and save us the extra lookups
if you have a second machine sending as
mail.edhance.com<http://mail.edhance.com> the above is fine IF not you can set
mail.edhance.com<http://mail.edhance.com> to v=spf1 -all
I have shutdown SMTP access to all but my to relay servers on the network. But
if I don't want email to come from
username(_at_)www(_dot_)edhance(_dot_)com<mailto:username(_at_)www(_dot_)edhance(_dot_)com>,
do I just add this:
www.edhance.com<http://www.edhance.com> IN TXT "v=spf1 -all"
exactly {this dosn't stop mail comming from xxx(_at_)domain, it just enables
receivers to tell it is obviously a forgery and reject it if it does, but also
as spammer aren't so dumb it does tend to stop them trying}
thanks,
James
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
:: James R. Marcus | Director, IT Operations
:: Edhance |
jmarcus(_at_)edhance(_dot_)com<x-msg://103/jmarcus(_at_)edhance(_dot_)com>
:: v: 617-475-5360 | m: 914-772-8533
:: web: www.edhance.com<http://www.edhance.com/>
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com