Following a recent flood of bounces triggered by a pharmacy spammer
forging random addresses at two of my domains in their 'From:' lines,
I decided to move to SPF.
As a newbie to SPF and a non-expert in DNS, I used the SPF Wizard to
generate the relevant records. My zone file looks something like:
example.net. IN SOA ns.foobar.com. hostmaster.foobar.com. (
1068820938
10800
3600
604800
1D )
example.net. IN NS ns.foobar.com.
example.net. IN A 123.123.123.123
mail.example.net. IN CNAME example.net.
www.example.net. IN CNAME example.net.
example.net. IN MX 10 mail.example.net.
example.net. IN NS ns3.example.org.
and the SPF wizard recommended adding:
example.net. IN TXT "v=spf1 a mx -all"
mail.example.net. IN TXT "v=spf1 a -all"
ns.foobar.com. IN TXT "v=spf1 a -all"
('example.net' and 'ns.foobar.com' live at the same IP; 'example.net'
and 'foobar.com' are, of course, not their real names).
I added the TXT records, duly respecting the Wizard's warnings about
not making a TXT record the last thing in the zone file, and reloaded
the zone file.
This appeared to cause problems; the primary server for the domain
('ns.foobar.com') didn't seem to be giving back useful information
for that domain, and - to judge by the various SPF testers - the SPF
record didn't seem to have 'taken'.
I rolled back the zone file and re-inserted the records, this time
using a web-based DNS administration tool instead of 'vi'. When I
attempted to save the record:
mail.example.net. IN TXT "v=spf1 a -all"
The web-based tool objected, telling me that I couldn't create a TXT
record with the same identifier as an alias (i.e. a CNAME).
Leaving that record out and reloading the file appeared to resolve
the DNS issues and allow SPF to work correctly (according to the SPF
testers linked from POBox's SPF pages).
My questions are: was the Wizard wrong to recommend that particular
TXT record, and is my SPF setup complete without it? It seems -
thinking about it - as if the record would be redundant, and the
trace from the SPF tools appears to confirm this. But I'd like to be
sure that this is the case and that I have everything right before I
go SPF'ing my other domains.
Thanks, Angus
-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
forging random addresses at two of my domains in their 'From:' lines,
I decided to move to SPF.
As a newbie to SPF and a non-expert in DNS, I used the SPF Wizard to
generate the relevant records. My zone file looks something like:
example.net. IN SOA ns.foobar.com. hostmaster.foobar.com. (
1068820938
10800
3600
604800
1D )
example.net. IN NS ns.foobar.com.
example.net. IN A 123.123.123.123
mail.example.net. IN CNAME example.net.
www.example.net. IN CNAME example.net.
example.net. IN MX 10 mail.example.net.
example.net. IN NS ns3.example.org.
and the SPF wizard recommended adding:
example.net. IN TXT "v=spf1 a mx -all"
mail.example.net. IN TXT "v=spf1 a -all"
ns.foobar.com. IN TXT "v=spf1 a -all"
('example.net' and 'ns.foobar.com' live at the same IP; 'example.net'
and 'foobar.com' are, of course, not their real names).
I added the TXT records, duly respecting the Wizard's warnings about
not making a TXT record the last thing in the zone file, and reloaded
the zone file.
This appeared to cause problems; the primary server for the domain
('ns.foobar.com') didn't seem to be giving back useful information
for that domain, and - to judge by the various SPF testers - the SPF
record didn't seem to have 'taken'.
I rolled back the zone file and re-inserted the records, this time
using a web-based DNS administration tool instead of 'vi'. When I
attempted to save the record:
mail.example.net. IN TXT "v=spf1 a -all"
The web-based tool objected, telling me that I couldn't create a TXT
record with the same identifier as an alias (i.e. a CNAME).
Leaving that record out and reloading the file appeared to resolve
the DNS issues and allow SPF to work correctly (according to the SPF
testers linked from POBox's SPF pages).
My questions are: was the Wizard wrong to recommend that particular
TXT record, and is my SPF setup complete without it? It seems -
thinking about it - as if the record would be redundant, and the
trace from the SPF tools appears to confirm this. But I'd like to be
sure that this is the case and that I have everything right before I
go SPF'ing my other domains.
Thanks, Angus
-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com