Email Server Solution
Ugo Bellavance
ugob at camo-route.com
Wed Aug 3 15:04:39 UTC 2005
Steve Buehler wrote:
> At 09:16 AM 8/3/2005, you wrote:
>
>> Steve Buehler wrote:
>> > At 02:09 PM 8/2/2005, you wrote:
>> >
>> >> > Ok. I give. What in the heck is an spf (TXT) record? Something
>> that
>> >> > just came out this year? I have everything that AOL requires
>> now. If
>> >> > that is a new term for a PTR or reverse record, then I already
>> have it.
>> >>
>> >> It is probably an SPF record. http://spf.pobox.com/.
>> >>
>> >> It dictates from which IP a message for a specific domain is
>> supposed to
>> >> come from.
>> >
>> >
>> > hmmmm. Is this widely used?
>>
>> Used by AOL, Google and many other domains. Not everyone rejects a
>> message on a FAIL, though (I do, 'cause I have low mail volume).
>>
>> > I have never heard of it before.
>>
>> There is also DomainKeys, used by (at least) Yahoo and Google. It is a
>> system based on public-key crypto.
>>
>> <snip>
>>
>> SPF strict records needs a domain for wich e-mail will come only from a
>> specific set of servers/IP addresses.
>>
>> For example, my users only use Outlook/exchange to send e-mail for our
>> domain. If they want to send mail from home with their office e-mail
>> account, they connect using VPN, so the source is always predictable.
>> This is the office's policy. If users don't respect it, their e-mails
>> may be rejected. They've been warned.
>>
>> SPF doesn't need separate DNS servers. SPF implementation is 2 fold,
>> and they're not mutually exclusive or reciprocal prerequisites.
>>
>> 1- You can control from which IP e-mail from your domain will come (SPF
>> TXT-type DNS records)
>> 2- You can perform SPF checks with your MTA and reject/warn/tag as SPAM
>> messages according to the SPF result.
>>
>> Hope this helps.
>
>
> Honestly I would like to see SPF become a standard that is enforced by
> all ISP's. When it does, that will cut down on the marjority of spam.
> It will also force the programmers of the control panels to have it
> automatically put it in when a site is setup instead of it being a
> separate process that requires a tech. Or at least someone other than
> my boss. If it isn't done automatically, then it defeats the purpose of
> having a control panel that is a one step setup process. It will all be
> a headache to implement, but might be worth it to get rid of spam and
> the load on servers. I will have to look into it some more and see if I
> can write a script to automatically add this to dns records for the
> domains that we host.
> Thanks
> Steve
>
>
Be careful about your script and what kind of SPF records you write up.
If you allow pop access and you don't allow SMTP access, you can't set
up a strict SPF record.
--
Ugo
-> Please don't send a copy of your reply by e-mail. I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the
irrelevant parts in your replies.
More information about the redhat-list
mailing list