Email Server Solution

Steve Buehler steve at ibapp.com
Wed Aug 3 14:58:39 UTC 2005 

At 09:16 AM 8/3/2005, you wrote:
>Steve Buehler wrote:
> > At 02:09 PM 8/2/2005, you wrote:
> >
> >> > Ok.  I give.  What in the heck is an spf (TXT) record?  Something that
> >> > just came out this year?  I have everything that AOL requires now.  If
> >> > that is a new term for a PTR or reverse record, then I already have it.
> >>
> >> It is probably an SPF record. http://spf.pobox.com/.
> >>
> >> It dictates from which IP a message for a specific domain is supposed to
> >> come from.
> >
> >
> >         hmmmm.  Is this widely used?
>
>Used by AOL, Google and many other domains.  Not everyone rejects a
>message on a FAIL, though (I do, 'cause I have low mail volume).
>
> > I have never heard of it before.
>
>There is also DomainKeys, used by (at least) Yahoo and Google.  It is a
>system based on public-key crypto.
>
><snip>
>
>SPF strict records needs a domain for wich e-mail will come only from a
>specific set of servers/IP addresses.
>
>For example, my users only use Outlook/exchange to send e-mail for our
>domain.  If they want to send mail from home with their office e-mail
>account, they connect using VPN, so the source is always predictable.
>This is the office's policy.  If users don't respect it, their e-mails
>may be rejected.  They've been warned.
>
>SPF doesn't need separate DNS servers.  SPF implementation is 2 fold,
>and they're not mutually exclusive or reciprocal prerequisites.
>
>1- You can control from which IP e-mail from your domain will come (SPF
>TXT-type DNS records)
>2- You can perform SPF checks with your MTA and reject/warn/tag as SPAM
>messages according to the SPF result.
>
>Hope this helps.

Honestly I would like to see SPF become a standard that is enforced 
by all ISP's.  When it does, that will cut down on the marjority of 
spam.  It will also force the programmers of the control panels to 
have it automatically put it in when a site is setup instead of it 
being a separate process that requires a tech.  Or at least someone 
other than my boss.  If it isn't done automatically, then it defeats 
the purpose of having a control panel that is a one step setup 
process.  It will all be a headache to implement, but might be worth 
it to get rid of spam and the load on servers.  I will have to look 
into it some more and see if I can write a script to automatically 
add this to dns records for the domains that we host.
Thanks
Steve

More information about the redhat-list mailing list