Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SPF>
  3. Deployment
Question on Deployment
dtannatt at britemoon
Aug 24, 2004, 12:12 PM
Post #1 of 5 (5286 views)
Permalink
Hello,

I am trying to update my DNS with a wildcard to include all subdomains
in my SPF record. I am using BIND my root domain is something like
abc.org and in my zone I create

* IN TXT "place info here"

Am I doing this correctly?

Dana Tannatt
781-569-6500 x228
dtannatt@britemoon.com


-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com
Re: Question on Deployment [ In reply to ]
spf at metro
Aug 24, 2004, 12:21 PM
Post #2 of 5 (5036 views)
Permalink
Please not that if you have any domain that has some other record (eg.
A, MX), than that domain will not match the * IN TXT anymore. You'll
have to explicitly add the TXT record for every subdomain for which
there is another record (with the exception of CNAME records, which
don't allow other records for the same domain, in this case SPF will use
the TXT record for the CNAME's destination).

Hope this helps,

Koen

On Tue, Aug 24, 2004 at 03:12:01PM -0400, Dana Tannatt wrote:
> Hello,
>
>
>
> I am trying to update my DNS with a wildcard to include all subdomains
> in my SPF record. I am using BIND my root domain is something like
> abc.org and in my zone I create
>
>
>
> * IN TXT "place info here"
>
>
>
> Am I doing this correctly?
>
>
>
> Dana Tannatt
>
> 781-569-6500 x228
>
> dtannatt@britemoon.com
>
>
> _________________________________________________________________
>
> To unsubscribe, change your address, or temporarily deactivate your
> subscription, please go to
> http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com
Re: Question on Deployment [ In reply to ]
adam at terraband
Aug 24, 2004, 12:37 PM
Post #3 of 5 (5030 views)
Permalink
Yes. my domain have an SPF record as follows:


domain.org. 3600 IN TXT "v=spf1 +a +mx +ptr all"

I believe this should auth mail coming from your MX as well as A records
and not Auth anything else.

Adam Goodman

> Hello,
>
> I am trying to update my DNS with a wildcard to include all subdomains
> in my SPF record. I am using BIND my root domain is something like
> abc.org and in my zone I create
>
> * IN TXT "place info here"
>
> Am I doing this correctly?
>
> Dana Tannatt
> 781-569-6500 x228
> dtannatt@britemoon.com
>
>
> -------
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to
> http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com
>

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com
Re: Question on Deployment [ In reply to ]
ethomas at lambdares
Aug 24, 2004, 12:41 PM
Post #4 of 5 (5038 views)
Permalink
Adding "ptr" into the SPF record tells it to accept for all
subdomains under your main domain. A wildcard isn't necessary.

ptr Any server whose name ends in domain.com is allowed to send mail
from domain.com.

------------------------------------------------------------------------
Edward L Thomas Jr. ethomas@lambdares.com
Webmaster / Network Admin ethomas@tales.net
978-486-0766x20 (Office) 781-608-5379 (Cell)
------------------------------------------------------------------------

On Tue, 24 Aug 2004, Dana Tannatt wrote:

> Hello,
>
> I am trying to update my DNS with a wildcard to include all subdomains
> in my SPF record. I am using BIND my root domain is something like
> abc.org and in my zone I create
>
> * IN TXT "place info here"
>
> Am I doing this correctly?
>
> Dana Tannatt
> 781-569-6500 x228
> dtannatt@britemoon.com
>
>
> -------
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com
>
>
> !DSPAM:412b91a016251818248875!
>

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com
RE: Question on Deployment [ In reply to ]
spf at kitterman
Aug 24, 2004, 12:49 PM
Post #5 of 5 (5038 views)
Permalink
> -----Original Message-----
> From: owner-spf-deployment@v2.listbox.com
> [mailto:owner-spf-deployment@v2.listbox.com]On Behalf Of
> Adam Goodman
> Sent: Tuesday, August 24, 2004 3:37 PM
> To: spf-deployment@v2.listbox.com
> Subject: Re: [spf-deployment] Question on Deployment
>
>
>
> Yes. my domain have an SPF record as follows:
>
>
> domain.org. 3600 IN TXT "v=spf1 +a +mx +ptr all"
>
> I believe this should auth mail coming from your MX as well as A records
> and not Auth anything else.
>
> Adam Goodman
>
That will cause anything that fails to match the a, mx, and ptr will match
the all and since the default prefix is +, your all = +all. Currently
everything will pass. I believe you want ?all or ~all until you are
confident you are ready to go -all.

In the latest SPF spec it says:

A missing prefix for a mechanism is the same as a prefix of "+".

The possible prefixes are:
+ pass
- fail
~ softfail
? neutral

See http://spf.pobox.com/spf-draft-200406.txt paragraph 3.2.

Scott Kitterman

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal