spf at metro
Nov 20, 2004, 3:18 AM
Post #9 of 58
(5851 views)
Permalink
|
Hi,
You have a bit of a problem here. The only way to make this work is to
set up SPF records so that you are allowed to send mail from your two
isp's is to include a overly permissive set of servers in your SPF
record.
It depends a bit here: are you using the ISP's smtp servers as relay or
are you sending directly from your dial-in account? If the former is the
case, you need to get the ip's for those smtp servers, which you should
ask you ISP to provide (there are ways to find out for yourself, if the
ISP is unwilling to help, but in any case you need to keep the setup up
to date: if the ISP changes something you need to follow). Setting it up
like so has a disadvantage: anyone who also uses the ISP's smtp's as
relay can still forge your domains.
If you send directly from your dial up account, you need to include the
IP's you get when you dial up. Probably this is allocated from a dynamic
ip range, which means you will have to include a large number of IP
addresses (like ip4:10.0.0.0/8), meaning again that any dial up customer
of your ISP can still forge your domain.
The best solution is for your domain hoster to provide an SMTP-AUTH
login on their servers, with protection from cross-customer forgery. Ask
your domain hoster if they provide such a server. If not, such a service
is in the making both for free (for small and private domain users) as
well as commercially. I expect to be offering such a service commerially
before the end of this year for example.
As a last note: do not use the wizard from microsoft, it is seriously
broken and does not help you setting up spf records, only pra records.
PRA is a technically flawed protocol.
Kind regards,
Koen Martens
On Fri, Nov 19, 2004 at 07:37:54PM -0800, Kaye Caldwell wrote:
> I have 2 domain names which are hosted at a third party. I send mail
> "from" those domains via my dial up account which is either ix.netcom.com
> or mindspring.com (both of which are now owned by earthlink), using
> Eudora's personality feature. I would like to set up my DNS records for
> the 2 domains to use SPF in the hopes that it will stop people from
> spoofing my addresses at the 2 domains and and using my return address to
> send spam. I have tried to use the MS sender ID wizard, but it does not
> seem to be set up for the hosted domain situation. I'm not sure I know
> enough yet to ask the right questions, but I think they are:
> 1) what IP address do I use as my out-going mail address and how do I find
> out what that IP address is? (I'm guessing that I use the one listed in
> the DNS infor for netcom.com, right? The SMTP server specified in my Eudora
> personality record for those domains is smtp.ix.netcom.com.)
> 2) What do I put in my DNS record, and HOW do I get it there?
> Any help appreciated!
>
> Thanks,
> Kaye
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
> subscription, please go to
> http://v2.listbox.com/member/?listname=spf-help [at] v2
--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/
-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help [at] v2
|
1
