Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: Help

How best to include?

 

 

SPF help RSS feed   Index | Next | Previous | View Threaded


aculver at uwo

Jun 30, 2009, 6:33 AM

Post #1 of 2 (1236 views)
Permalink
How best to include?

We are looking to expand SPF records to several of our subdomains and
clients' domains. We have 2 IP addresses which send outbound mail, which
would be the same for most of our clients and subdomains. Rather than
list these IPs in the SPF records for each client/subdomain, I think
using include: may be more appropriate in case we need to change the IP
in the future.

Then I got wondering, should I do really have all these other domains
include our top domain? What if we want to allow few more IP addresses
to send mail as @uwo.ca? I don't want to authorize that IP to send mail
as every other domain that's including us.

This is our current SPF record:

uwo.ca "v=spf1 ip4:129.100.74.146 ip4:129.100.74.147 ~all"

I'm thinking of laying things out in the following way:

_spf.uwo.ca "v=spf1 ip4:129.100.74.146 ip4:129.100.74.147 ~all"
uwo.ca "v=spf1 include:_spf.uwo.ca ~all"
its.uwo.ca "v=spf1 include:_spf.uwo.ca ~all"

This way its.uwo.ca (and others) wouldn't need to update their records
if we had to change our outbound mail servers and we could add
additional entries to uwo.ca without affecting all the other domains.

My only concern is the extra lookups caused by include. Is this a big
deal? Would others recommend the setup I described?

The description of how include works is also a bit unclear. If
_spf.uwo.ca was to end with a "-all", would an SPF check on its.uwo.ca
result in a FAIL or SOFTFAIL? I haven't tested this myself.

Thanks in advance,
Andrew


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


rob.macgregor at gmail

Jun 30, 2009, 7:29 AM

Post #2 of 2 (1136 views)
Permalink
Re: How best to include? [In reply to]

On Tue, Jun 30, 2009 at 14:33, Andrew Culver<aculver [at] uwo> wrote:
<---SNIP--->
> This is our current SPF record:
>
> uwo.ca "v=spf1 ip4:129.100.74.146 ip4:129.100.74.147 ~all"
>
> I'm thinking of laying things out in the following way:
>
> _spf.uwo.ca "v=spf1 ip4:129.100.74.146 ip4:129.100.74.147 ~all"
> uwo.ca "v=spf1 include:_spf.uwo.ca ~all"
> its.uwo.ca "v=spf1 include:_spf.uwo.ca ~all"
>
> This way its.uwo.ca (and others) wouldn't need to update their records
> if we had to change our outbound mail servers and we could add
> additional entries to uwo.ca without affecting all the other domains.
>
> My only concern is the extra lookups caused by include. Is this a big
> deal? Would others recommend the setup I described?

Since you're being sensible and using IP addresses in the included
record the overhead is minor.

> The description of how include works is also a bit unclear. If
> _spf.uwo.ca was to end with a "-all", would an SPF check on its.uwo.ca
> result in a FAIL or SOFTFAIL? I haven't tested this myself.

You can put anything you want there - only the tag in the record doing
the including matters.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

SPF help RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.