lokrasa at gmail
May 19, 2009, 5:54 PM
Post #16 of 17
(537 views)
Permalink
|
Correct. SPF records are usually checked by Anti-SPAM/AV Filter
Appliances/software at the edge to make sure that the email came from
whoever it claims to have been sent from. For example, if my SPAM filter
receives email from abc.com that has a SPF record, but the email claiming to
be from abc.com is actually from xyz.com, then the SPF record would clear
that up. The SPAM appliance would look for the SPF record for abc.com and
see that it should be coming from a certain IP/hostname/domain name, while
it came from actually somewhere else. The SPAM filter will then act on the
result of this check and either drop/quarantine/etc. It may also check for
the SPF record for abc.com and notice that it does not even have one,
thereby rejecting the message. I know that some SPAM filters now REQIURE you
to have a SPF record or the SMTP connection is just rejected, and my
experience with that is mostly military domains.
The SPF record can be setup using a:/mx:/ip4: records... so hostname, domain
name, and ip can be used as reference points to check where the email should
have come from.
Hope that helps,
-Les
On Tue, May 19, 2009 at 8:21 PM, Paymaun Jafari <PJafari[at]keenan.com> wrote:
>
> I was under the impression that SPF record is used when other sites
> (example performacemonitor.com) send email that looks like email
> spoofing and you use the SPF record to accept emails coming from those
> sites (example performacemonitor.com). What I mean is that email
> actually coming from performacemonitor.com but it seems that it is
> coming from username[at]keenan.com to username[at]keenan.com. Isn't that
> correct? Thanks.
>
> -----Original Message-----
> From: SonicFog [mailto:wendy.honeycutt[at]sonicfog.com]
> Sent: Tuesday, May 19, 2009 2:10 PM
> To: spf-help[at]v2.listbox.com
> Subject: RE: [spf-help] Some SPF questions...
>
>
>
>
>
>
> >-----Original Message-----
> >From: Paymaun Jafari [mailto:PJafari[at]keenan.com]
> >Sent: Tuesday, May 19, 2009 4:16 PM
> >To: spf-help[at]v2.listbox.com
> >Subject: RE: [spf-help] Some SPF questions...
> >
> >Hi Wendy,
> >
> >Our mail server that sends messages out to the internet is
> >66.127.167.67 but receiving is 66.127.167.72 so they are different.
> What do you think?
> >Thanks.
>
> If the server on IP 66.127.167.67 is the ONLY server that "Sends" mail
> then you could simply
> use:
>
> v=spf1 ip4:66.127.167.67 -all
>
> Since the receiving server on IP 66.127.167.72 does not send mail it
> should not be listed in the SPF record.
>
> Sincerely,
> Wendy Honeycutt
> SonicFog Inc.
>
> >-----Original Message-----
> >From: SonicFog [mailto:wendy.honeycutt[at]sonicfog.com]
> >Sent: Tuesday, May 19, 2009 10:34 AM
> >To: spf-help[at]v2.listbox.com
> >Subject: RE: [spf-help] Some SPF questions...
> >
> >Short answer: NO this is NOT safe. The ?all statement gives free reign
> >to all the worldwide servers to send mail as your domain and gives them
>
> >a FREE PASS thru SPF record checks.
> >
> >Now lets analyze your SPF record for a minute: spf1 mx:exacttarget.com
>
> >mx:salesforce.com mx:surveymonkey.com -all
> >
> >My server would have bounced your email based on your incoming emails
> >to this list showing that mail.keenanassoc.com (securemail.keenan.com
> >[66.127.167.67] delivered the mail to the listbox server and this mail
> >server is not listed in your record.
> >
> >Here is the test result from
> http://www.kitterman.com/spf/validate.html:
> >Input accepted, querying now...
> >Mail sent from: 66.127.167.67
> >Mail from (Sender): PJafari[at]keenan.com
> >Mail checked using this SPF policy: v=spf1 mx:exacttarget.com
> >mx:salesforce.com mx:surveymonkey.com -all Results - FAIL Message may
> >be rejected
> >
> >
> >So lets get back to basics. What mailserver(s) are authorized to
> >deliver (not receive) mail from keenan.com ? (If the three mx entries
> >in your record only receive email but do not send email you should not
> >list
> >them)
> >
> >
> >Sincerely,
> >Wendy Honeycutt
> >SonicFog Inc.
> >
> >
> >
> >>-----Original Message-----
> >>From: Paymaun Jafari [mailto:PJafari[at]keenan.com]
> >>Sent: Tuesday, May 19, 2009 12:36 PM
> >>To: spf-help[at]v2.listbox.com
> >>Subject: RE: [spf-help] Some SPF questions...
> >>
> >>So would be it be safe to say that since we are receiving messages
> >>from
> >
> >>other domains that the following record is correct? Thanks.
> >>
> >>keenan.com 7200 IN TXT "v=spf1 mx:exacttarget.com
> >>mx:salesforce.com mx:surveymonkey.com ?all"
> >>keenanassoc.com 7200 IN TXT "v=spf1
> >mx:exacttarget.com
> >>mx:salesforce.com mx:surveymonkey.com ?all"
> >>
> >>-----Original Message-----
> >>From: Steve Yates [mailto:steve[at]teamITS.com]
> >>Sent: Tuesday, May 19, 2009 9:05 AM
> >>To: spf-help[at]v2.listbox.com
> >>Subject: RE: [spf-help] Some SPF questions...
> >>
> >>Paymaun Jafari wrote on 5/19/2009 10:51:08 AM:
> >>
> >>> 1) -all vs ?all:
> >>> Does this mean the only domains that send email from keenan.com to
> >>> keenan.com or do we only get messages from these domains? Of course
> >>> we
> >>
> >>> get messages for lots of different domains including the 3 domains
> >>> mentioned below. Sorry for a basic questions but just want to make
> >>sure.
> >>> 2) Does the following setting look right? Thanks.
> >>>
> >>> Keenan.com 7200 IN TXT "v=spf1 mx:exacttarget.com
> >>> mx:salesforce.com mx:surveymonkey.com -all"
> >>
> >> I'm not sure I understand your first question, but in your case
> >an SPF
> >>record is used to specify which servers can send mail for your domain.
> >
> >>Your SPF record says that the MXs for those three domains can send
> >>mail
> >
> >>using @keenan.com addresses. The "-all" says that ONLY that set of
> >>servers can send mail using your domain.
> >>
> >>-----
> >>SPF FAQ: http://www.openspf.org/FAQ
> >>Common mistakes: http://www.openspf.org/FAQ/Common_mistakes
> >>
> >> - Steve Yates
> >> - ITS, Inc.
> >> - I am Porky of Borg. Pbbpbbprebbprepare to bbbbbbb--eh, we're
> >> taking
> >
> >>over.
> >>
> >>~ Taglines by Taglinator: www.srtware.com ~
> >>
> >>
> >>-------------------------------------------
> >>Sender Policy Framework: http://www.openspf.org Modify Your
> >>Subscription: http://www.listbox.com/member/
> >>Archives: https://www.listbox.com/member/archive/1020/=now
> >>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> >>Powered by Listbox: http://www.listbox.com
> >>
> >>
> >>
> >>CONFIDENTIALITY NOTICE: This communication and its attachments may
> >>contain non-public,
> >confidential
> >>or legally privileged information. The unlawful interception, use or
> >>disclosure of such
> >information is
> >>prohibited. If you are not the intended recipient, or have received
> >>this communication in
> >error, please notify
> >>the sender immediately by reply email and delete all copies of this
> >>communication and
> >attachments
> >>without reading or saving them.
> >>
> >>
> >>
> >>-------------------------------------------
> >>Sender Policy Framework: http://www.openspf.org Modify Your
> >>Subscription: http://www.listbox.com/member/
> >>Archives: https://www.listbox.com/member/archive/1020/=now
> >>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> >>Powered by Listbox: http://www.listbox.com
> >
> >
> >
> >-------------------------------------------
> >Sender Policy Framework: http://www.openspf.org Modify Your
> >Subscription: http://www.listbox.com/member/
> >Archives: https://www.listbox.com/member/archive/1020/=now
> >RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> >Powered by Listbox: http://www.listbox.com
> >
> >
> >
> >CONFIDENTIALITY NOTICE: This communication and its attachments may
> >contain non-public,
> confidential
> >or legally privileged information. The unlawful interception, use or
> >disclosure of such
> information is
> >prohibited. If you are not the intended recipient, or have received
> >this communication in
> error, please notify
> >the sender immediately by reply email and delete all copies of this
> >communication and
> attachments
> >without reading or saving them.
> >
> >
> >
> >-------------------------------------------
> >Sender Policy Framework: http://www.openspf.org Modify Your
> >Subscription: http://www.listbox.com/member/
> >Archives: https://www.listbox.com/member/archive/1020/=now
> >RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> >Powered by Listbox: http://www.listbox.com
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org Modify Your
> Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>
>
>
> CONFIDENTIALITY NOTICE: This communication and its attachments may contain
> non-public, confidential or legally privileged information. The unlawful
> interception, use or disclosure of such information is prohibited. If you
> are not the intended recipient, or have received this communication in
> error, please notify the sender immediately by reply email and delete all
> copies of this communication and attachments without reading or saving them.
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
|
