At 20:38 12/02/2010 Friday, James R. Marcus wrote:
Okay
I'll set an SPF to tell the world not accept email from @www.edhance.com with
<http://www.edhance.com>www.edhance.com IN TXT "v=spf1 -all" correct?
The part that I'm not quite clear on is the part with the relay hosts. The
relay hosts <http://relay1.edhance.com>relay1.edhance.com and
<http://relay0.edhance.com>relay0.edhance.com don't have txt record but they
are in the <http://edhance.com>edhance.com TXT record. To be extra safe
should I add a txt record for each of the relays like this:
<http://relay1.edhance.com>relay1.edhance.com. IN TXT "v=spf1
ip4:67.110.143.100 -all" & <http://relay0.edhance.com>relay0.edhance.com. IN
TXT "v=spf1 ip4:67.110.143.99 -all"?
Thanks,
James
now from looking at your actual spf records {as now i see the bit quoted was
for example.com not edhance.com
edhance.com IN TXT v=spf1 mx ip4:67.110.143.99 ip4:64.68.200.53
ip4:74.203.49.89 ip4:67.110.143.100 ip4:174.143.247.222 -all
relay0.edhance.com
i see you need to remove the mx or at least move it to after the ip4 records
{ALWAYS,ALWAYS order correctly ip4{fastest 0 extra lookups} then A{1 lookup}
then only if necessary mx{4 in your case}}
if you know your ip's mx is never needed or useful {and in your case mx ==
ip4:67.110.143.99 ip4:67.110.143.100 ip4:64.68.200.53}
so i would rewrite your spf as follows given the available information
edhance.com IN TXT v=spf1 ip4:67.110.143.99 ip4:67.110.143.100 ip4:74.203.49.89
ip4:174.143.247.222 ip4:64.68.200.53 a:smtp2.easydns.com -all
i included the ip4 and a for smtp2 so while it lives at that ip it works
fastest by matching ip4 but also if they move it, it continues to work by a:
also in your ip list i see 67.110.143.99 relay0 & 67.110.143.100 relay1
but who/what are the other 3 64.68.200.53 [smtp2.easydns.com from your mx
records] 74.203.49.89 74.143.247.222 and what names might they use to helo
greet? and do you actually send mail out via those servers? as inbound MX's are
not often outbound relays?
we can always test by sending me a mail via each to see?
On Feb 12, 2010, at 3:09 PM, alan wrote:
At 19:24 12/02/2010 Friday, James R. Marcus wrote:
Yesterday I changed completely our SPF record to -all from ~all. I started
reading the common mistakes section of the website and wasn't completely
sure about this part
"Publish null SPF records for your domains that don't send mail
Once you've protected your mail sending domains with SPF, if someone is
trying to spoof you, then first thing they will try is to spoof your
non-mail sending domains. Publishing "v=spf1 -all" says that a domain sends
no mail. As an example, you might publish:
<http://example.com>example.com. IN TXT "v=spf1 a:mail.example.com
-all"
<http://mail.example.com>mail.example.com. IN TXT "v=spf1 a -all"
<http://www.example.com>www.example.com. IN TXT "v=spf1 -all"
"
Are there a list of common subdomains I'm supposed to add TXT records for or
just just simple ones I can think of?
no just any that already exist in your DNS records with an A or MX record
[there is no point creating new ones]
{any domains without an A or MX record will already be rejected by most
mail-recievers}
but i would point out from looking at you mail to the list that your server
actually sends with the name
<http://relay1.edhance.com>relay1.edhance.com
(<http://relay1.edhance.com>relay1.edhance.com [67.110.143.100
so you MUST have
<http://relay1.edhance.com>relay1.edhance.com. IN TXT "v=spf1 a -all"
or
<http://relay1.edhance.com>relay1.edhance.com. IN TXT "v=spf1
ip4:67.110.143.100 -all"
if you want to be kinder to us all and save us the extra lookups
if you have a second machine sending as
<http://mail.edhance.com>mail.edhance.com the above is fine IF not you can
set <http://mail.edhance.com>mail.edhance.com to v=spf1 -all
I have shutdown SMTP access to all but my to relay servers on the network.
But if I don't want email to come from
<mailto:username(_at_)www(_dot_)edhance(_dot_)com>username(_at_)www(_dot_)edhance(_dot_)com,
do I just add this:
<http://www.edhance.com>www.edhance.com IN TXT "v=spf1 -all"
exactly {this dosn't stop mail comming from xxx(_at_)domain, it just enables
receivers to tell it is obviously a forgery and reject it if it does, but
also as spammer aren't so dumb it does tend to stop them trying}
thanks,
James
-------------------------------------------
Sender Policy Framework: <http://www.openspf.org>http://www.openspf.org
[http://www.openspf.org]
Modify Your Subscription:
<http://www.listbox.com/member/>http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives:
<https://www.listbox.com/member/archive/735/=now>https://www.listbox.com/member/archive/735/=now
RSS Feed:
<https://www.listbox.com/member/archive/rss/735/>https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: <http://www.listbox.com>http://www.listbox.com
-------------------------------------------
Sender Policy Framework: <http://www.openspf.org>http://www.openspf.org
[http://www.openspf.org]
Modify Your Subscription:
<http://www.listbox.com/member/>http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives:
<https://www.listbox.com/member/archive/735/=now>https://www.listbox.com/member/archive/735/=now
RSS Feed:
<https://www.listbox.com/member/archive/rss/735/>https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: <http://www.listbox.com>http://www.listbox.com
:: James R. Marcus | Director, IT Operations
:: Edhance |
<x-msg://103/jmarcus(_at_)edhance(_dot_)com>jmarcus(_at_)edhance(_dot_)com
:: v: 617-475-5360 | m: 914-772-8533
:: web: <http://www.edhance.com/>www.edhance.com
Sender Policy Framework: <http://www.openspf.org>http://www.openspf.org
Modify Your Subscription:
<http://www.listbox.com/member/>http://www.listbox.com/member/
<https://www.listbox.com/member/archive/735/=now>Archives<https://www.listbox.com/member/archive/rss/735/>
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com