sabraham at cananinc
Feb 8, 2009, 6:23 PM
Post #26 of 28
(1038 views)
Permalink
|
Can anyone give me the little information on how to configure or implement
the receiving side of SPF record Please?
You guys are doing a great job. I learned how to configure the sending side
from this discussion and some articles online so this discussion is really
helpful. Please give me some information on the receiving side of SPF
record.
-----Original Message-----
From: Alex van den Bogaerdt [mailto:alex [at] ergens]
Sent: Thursday, February 05, 2009 10:22 AM
To: spf-help [at] v2
Subject: Re: [spf-help] New to SPF
Sure, switching to a provider which does understand and use SPF helps. But
you still need to know what you are doing when you publish your SPF policy.
Those are separate issues.
I don't know if that provider is only your email provider, or if it is doing
more for you. If it's doing more, and if you're generally satisfied with
them, you could also consider moving your inbound mail elsewhere (e.g. to
your own server(s) or to another 3rd party).
----- Original Message -----
From: "James Montgomery" <jmontgomery [at] jvireo>
To: <spf-help [at] v2>
Sent: Thursday, February 05, 2009 4:00 PM
Subject: RE: [spf-help] New to SPF
Well, just found out this really all is a moot point, our email provider
sometimes checks SPF and sometimes doesn't. So time to look for new
provider.
-----Original Message-----
From: Alex van den Bogaerdt [mailto:alex [at] ergens]
Sent: Thursday, February 05, 2009 9:33 AM
To: spf-help [at] v2
Subject: Re: [spf-help] New to SPF
That's why I explained the proces in such detail. It should help to make
such decisions if you pretend to be a receiving server.
Whenever I setup devices on a company network, I use the private
network,
private channels, pre-arranged connections, whatever necessary, towards
a
central mailserver. That mailserver does not need to do all kinds of
virusscanning, spamfiltering and such. It can trust the input (I make
sure
it can).
If such a message needs to go out onto the internet, it will be the
central
mailserver which is making the final connection to the destination. It
is
that server which needs to be authorized.
Pretend to be the receiving server. You know:
1: the IP address sending a message (e.g. your central mailserver)
2: the email name used in MAIL FROM (e.g. somenetworkdevice [at] jvireo)
And that's it. You don't know the message has come from 192.168.0.1,
sent
through 192.168.100.1, 192.168.200.1, 172.16.5.6 and so on and so on.
You
only know the last server in the chain.
So, in this example setup, no: the network device needs not be
authorized.
But do read carefully, I gave an example setup and answered your
question
for that example setup. I do not know how you setup your network, but
you
do. You can answer your question, not I.
Be careful though. If you authorize a webserver to send outbound mail,
or if
you route its messages through a central mailserver as in the above
example,
your SPF policy will authorize this. But consider what happens if you
have
a leak on the server, for instance a badly written script or some
malware
acting as a mail gateway... you will not only be sending out spam, your
SPF
policy will have authorized the use of your domain name.
Alex
----- Original Message -----
From: "James Montgomery" <jmontgomery [at] jvireo>
To: <spf-help [at] v2>
Sent: Thursday, February 05, 2009 3:08 PM
Subject: RE: [spf-help] New to SPF
You are correct in not seeing the other record yet, I had not published
it with our DNS yet. Because I did have a question regarding the extra
IP addresses I had added, They are either network devices or a server
that sends email alerts out to our staff regarding monitoring issues. I
set them up for SMTP Authentication and then sent test emails out. I
then looked at the headers to find the IP Addresses they send through.
Do I need to include those in the SPF Record (that is where I am
confused)? To allow email alerts to be sent through them? I am waiting
to hear back from our outsourced email provider regarding receiver side
SPF policy.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
|
