Email Server Solution

Wed Aug 3 15:04:39 UTC 2005

Steve Buehler wrote:
> At 09:16 AM 8/3/2005, you wrote:
> 
>> Steve Buehler wrote:
>> > At 02:09 PM 8/2/2005, you wrote:
>> >
>> >> > Ok.  I give.  What in the heck is an spf (TXT) record?  Something
>> that
>> >> > just came out this year?  I have everything that AOL requires
>> now.  If
>> >> > that is a new term for a PTR or reverse record, then I already
>> have it.
>> >>
>> >> It is probably an SPF record. http://spf.pobox.com/.
>> >>
>> >> It dictates from which IP a message for a specific domain is
>> supposed to
>> >> come from.
>> >
>> >
>> >         hmmmm.  Is this widely used?
>>
>> Used by AOL, Google and many other domains.  Not everyone rejects a
>> message on a FAIL, though (I do, 'cause I have low mail volume).
>>
>> > I have never heard of it before.
>>
>> There is also DomainKeys, used by (at least) Yahoo and Google.  It is a
>> system based on public-key crypto.
>>
>> <snip>
>>
>> SPF strict records needs a domain for wich e-mail will come only from a
>> specific set of servers/IP addresses.
>>
>> For example, my users only use Outlook/exchange to send e-mail for our
>> domain.  If they want to send mail from home with their office e-mail
>> account, they connect using VPN, so the source is always predictable.
>> This is the office's policy.  If users don't respect it, their e-mails
>> may be rejected.  They've been warned.
>>
>> SPF doesn't need separate DNS servers.  SPF implementation is 2 fold,
>> and they're not mutually exclusive or reciprocal prerequisites.
>>
>> 1- You can control from which IP e-mail from your domain will come (SPF
>> TXT-type DNS records)
>> 2- You can perform SPF checks with your MTA and reject/warn/tag as SPAM
>> messages according to the SPF result.
>>
>> Hope this helps.
> 
> 
> Honestly I would like to see SPF become a standard that is enforced by
> all ISP's.  When it does, that will cut down on the marjority of spam. 
> It will also force the programmers of the control panels to have it
> automatically put it in when a site is setup instead of it being a
> separate process that requires a tech.  Or at least someone other than
> my boss.  If it isn't done automatically, then it defeats the purpose of
> having a control panel that is a one step setup process.  It will all be
> a headache to implement, but might be worth it to get rid of spam and
> the load on servers.  I will have to look into it some more and see if I
> can write a script to automatically add this to dns records for the
> domains that we host.
> Thanks
> Steve
> 
> 

Be careful about your script and what kind of SPF records you write up.
 If you allow pop access and you don't allow SMTP access, you can't set
up a strict SPF record.

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the
irrelevant parts in your replies.