Mailing List Archive: SPF: Deployment

Question on Deployment

Index | Next | Previous | View Threaded

dtannatt at britemoon

Aug 24, 2004, 12:12 PM

Post #1 of 5 (2854 views)
Permalink

Question on Deployment

Hello,

I am trying to update my DNS with a wildcard to include all subdomains
in my SPF record. I am using BIND my root domain is something like
abc.org and in my zone I create

* IN TXT "place info here"

Am I doing this correctly?

Dana Tannatt
781-569-6500 x228
dtannatt [at] britemoon

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment [at] v2

spf at metro

Aug 24, 2004, 12:21 PM

Post #2 of 5 (2648 views)
Permalink

Re: Question on Deployment [In reply to]

Please not that if you have any domain that has some other record (eg.
A, MX), than that domain will not match the * IN TXT anymore. You'll
have to explicitly add the TXT record for every subdomain for which
there is another record (with the exception of CNAME records, which
don't allow other records for the same domain, in this case SPF will use
the TXT record for the CNAME's destination).

Hope this helps,

Koen

On Tue, Aug 24, 2004 at 03:12:01PM -0400, Dana Tannatt wrote:
> Hello,
>
>
>
> I am trying to update my DNS with a wildcard to include all subdomains
> in my SPF record. I am using BIND my root domain is something like
> abc.org and in my zone I create
>
>
>
> * IN TXT "place info here"
>
>
>
> Am I doing this correctly?
>
>
>
> Dana Tannatt
>
> 781-569-6500 x228
>
> dtannatt [at] britemoon
>
>
> _________________________________________________________________
>
> To unsubscribe, change your address, or temporarily deactivate your
> subscription, please go to
> http://v2.listbox.com/member/?listname=spf-deployment [at] v2

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment [at] v2

adam at terraband

Aug 24, 2004, 12:37 PM

Post #3 of 5 (2644 views)
Permalink

Re: Question on Deployment [In reply to]

Yes. my domain have an SPF record as follows:

domain.org. 3600 IN TXT "v=spf1 +a +mx +ptr all"

I believe this should auth mail coming from your MX as well as A records
and not Auth anything else.

Adam Goodman

> Hello,
>
> I am trying to update my DNS with a wildcard to include all subdomains
> in my SPF record. I am using BIND my root domain is something like
> abc.org and in my zone I create
>
> * IN TXT "place info here"
>
> Am I doing this correctly?
>
> Dana Tannatt
> 781-569-6500 x228
> dtannatt [at] britemoon
>
>
> -------
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to
> http://v2.listbox.com/member/?listname=spf-deployment [at] v2
>

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment [at] v2

ethomas at lambdares

Aug 24, 2004, 12:41 PM

Post #4 of 5 (2655 views)
Permalink

Re: Question on Deployment [In reply to]

Adding "ptr" into the SPF record tells it to accept for all
subdomains under your main domain. A wildcard isn't necessary.

ptr Any server whose name ends in domain.com is allowed to send mail
from domain.com.

------------------------------------------------------------------------
Edward L Thomas Jr. ethomas [at] lambdares
Webmaster / Network Admin ethomas [at] tales
978-486-0766x20 (Office) 781-608-5379 (Cell)
------------------------------------------------------------------------

On Tue, 24 Aug 2004, Dana Tannatt wrote:

> Hello,
>
> I am trying to update my DNS with a wildcard to include all subdomains
> in my SPF record. I am using BIND my root domain is something like
> abc.org and in my zone I create
>
> * IN TXT "place info here"
>
> Am I doing this correctly?
>
> Dana Tannatt
> 781-569-6500 x228
> dtannatt [at] britemoon
>
>
> -------
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-deployment [at] v2
>
>
> !DSPAM:412b91a016251818248875!
>

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment [at] v2

spf at kitterman

Aug 24, 2004, 12:49 PM

Post #5 of 5 (2654 views)
Permalink

RE: Question on Deployment [In reply to]

> -----Original Message-----
> From: owner-spf-deployment [at] v2
> [mailto:owner-spf-deployment [at] v2]On Behalf Of
> Adam Goodman
> Sent: Tuesday, August 24, 2004 3:37 PM
> To: spf-deployment [at] v2
> Subject: Re: [spf-deployment] Question on Deployment
>
>
>
> Yes. my domain have an SPF record as follows:
>
>
> domain.org. 3600 IN TXT "v=spf1 +a +mx +ptr all"
>
> I believe this should auth mail coming from your MX as well as A records
> and not Auth anything else.
>
> Adam Goodman
>
That will cause anything that fails to match the a, mx, and ptr will match
the all and since the default prefix is +, your all = +all. Currently
everything will pass. I believe you want ?all or ~all until you are
confident you are ready to go -all.

In the latest SPF spec it says:

A missing prefix for a mechanism is the same as a prefix of "+".

The possible prefixes are:
+ pass
- fail
~ softfail
? neutral

See http://spf.pobox.com/spf-draft-200406.txt paragraph 3.2.

Scott Kitterman

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment [at] v2

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads