Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: Help

Question regarding SPF

  

 
SPF help RSS feed   Index | Next | Previous | View Threaded


lisa at jellico

Mar 28, 2008, 8:33 AM

Post #1 of 4 (1296 views)
Permalink
Question regarding SPF
Hi,

I run an ISP. I would like to implement SPF but have a couple of questions.

1. We outsource our dialups, so I have no control over the IP address space
that our customers are using. We do force the use of SMTP Auth on our mail
server. This question probably underscores my ignorance of SPF, but will
the fact that our customers emails come from all sorts of IP addresses
affect my ability to successfully implement SPF?

2. We have several domains, all of which are used by various customers as
their email address (@jellico.com, @copperhill.com, @campbellcounty.com,
etc.). I assume I need to setup SPF records for each of these. Is this
correct?

Thanks,

Lisa Casey

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


steve at teamITS

Mar 28, 2008, 8:54 AM

Post #2 of 4 (1236 views)
Permalink
RE: Question regarding SPF [In reply to]
Lisa Casey wrote on 3/28/2008 10:33:19 AM:

> 1. We outsource our dialups, so I have no control over the IP address
space
> that our customers are using. We do force the use of SMTP Auth on our
mail
> server. This question probably underscores my ignorance of SPF, but
will
> the fact that our customers emails come from all sorts of IP addresses
> affect my ability to successfully implement SPF?

The IP address of the e-mail program is not relevant to SPF.
SPF would say that mail coming from your domain comes from a certain
list of mail servers. Unless your customers are using their own domain
(which is again not relevant to your SPF record) and running a mail
server on their dial up connection (unlikely) you can ignore that
question. For SPF you need to list your outgoing mail server(s) that
deliver mail to other mail servers around the world.

> 2. We have several domains, all of which are used by various
customers
> as their email address (@jellico.com, @copperhill.com,
> @campbellcounty.com, etc.). I assume I need to setup SPF records for
> each of these. Is this correct?

Yes, SPF would be set up for each domain.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Money can't buy everything. That's what credit cards are for.

~ Taglines by Taglinator - www.srtware.com ~

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


alex at ergens

Mar 28, 2008, 9:05 AM

Post #3 of 4 (1209 views)
Permalink
Re: Question regarding SPF [In reply to]
On Fri, Mar 28, 2008 at 11:33:19AM -0400, Lisa Casey wrote:
> Hi,
>
> I run an ISP. I would like to implement SPF but have a couple of questions.
>
> 1. We outsource our dialups, so I have no control over the IP address
> space that our customers are using. We do force the use of SMTP Auth on our
> mail server. This question probably underscores my ignorance of SPF, but
> will the fact that our customers emails come from all sorts of IP addresses
> affect my ability to successfully implement SPF?

When users using your SMTP server send mail to elsewhere, the receiver
sees your SMTP server as sending host.

The customer's IP address is irrelevant.

Should users ignore instructions to use your SMTP server, they may
encounter problems.

Please make sure your SMTP server can be reached on another port than
port 25, and make sure your users know this and understand.

> 2. We have several domains, all of which are used by various customers as
> their email address (@jellico.com, @copperhill.com, @campbellcounty.com,
> etc.). I assume I need to setup SPF records for each of these. Is this
> correct?

Do you own these domains, or are they your customers' domains hosted
by you? Generally speaking you should only publish SPF records for
your own domains.

And do you understand the difference between domain and zone?

It is best to publish an SPF record for every domain (not: zone) which
could be abused by spoofers for email.


May I suggest you hire someone (not me per se) to assist you in your
initial setup?

Regards
Alex

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


vesely at tana

Mar 30, 2008, 1:40 AM

Post #4 of 4 (1201 views)
Permalink
Re: Question regarding SPF [In reply to]
Lisa Casey wrote:
> Hi,
>
> I run an ISP. I would like to implement SPF but have a couple of
> questions.
>
> 1. We outsource our dialups, so I have no control over the IP address
> space that our customers are using. We do force the use of SMTP Auth on
> our mail server. This question probably underscores my ignorance of
> SPF, but will the fact that our customers emails come from all sorts of
> IP addresses affect my ability to successfully implement SPF?

No, provided that your SPF filtering software is able to recognize
that a customer has been authenticated. You should skip SPF checking
for authenticated customers, which is consistent with granting relay
authorizations.

> 2. We have several domains, all of which are used by various customers
> as their email address (@jellico.com, @copperhill.com,
> @campbellcounty.com, etc.). I assume I need to setup SPF records for
> each of these. Is this correct?

Yes, it is. You need a good understanding of users mailout settings
and habits. I'd also recommend notifying them about SPF restrictions;
for example, using an email address with a published SPF record with a
non-compliant email postcard machine that a user may casually employ
might unexpectedly break the policy. IMHO, owners/users of a domain
should define its policy themselves; however, that implies they are
acknowledgeable enough for doing it.

Also, consider setting up an SPF record for each IPv4 A record in each
example.com domain of yours, in order to avoid senders like, say,
spammer-abused [at] dns, which is a valid address even if that
host has no MX record and no SMTP server running on it. You may want
to use a command like the following one liner, or variants thereof:

perl -n -e 'if
(m/^([a-z0-9]+)\s+IN\s+A\s+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\s*$/)
{printf "%-16sIN TXT \"v=spf1 a -all\"\n", $1;}' /your/zone/file

and then append the result to the zone file.

HTH

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

SPF help RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.