I can't answer all your questions, but I'll give it a shot.
Scott Kitterman
> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Alex Yantifovich
> Sent: Tuesday, August 24, 2004 10:32 AM
> To: spf-help@v2.listbox.com
> Subject: Re: [spf-help] Multiple sending domains
>
>
> Thank you, I am sorry , I reallized that I asked a really stupid
> question ;) I am really new to this
> I guess what I really want to know is how to prevent people from
> spoofing my users email addresses?
All the SPF record tries to do is to define where legimate mail from your
domain comes from. That is exactly what SPF is intended to do.
> I went through the wizard on the site. I got a little confused.
You aren't the only one. The wizard can be confusing. Myself, I've found
reading the spec a lot clearer than trying to follow the condensed version
on the web site. That's here:
http://spf.pobox.com/spf-draft-200406.txt The bottom line goal is to define all the legitimate servers that can send
mail on behalf of your domain. This is often a non-trivial list, even for a
small domain.
> I am not
> sure how to specify multiple servers in the include: ,
If you need to include: the record of multiple domains, you need to use
multiple includes, but you can only use include for another domain that has
an SPF record. If you use include: and there is no SPF record, the result
will be an error. My SPF record has multiple includes:
"v=spf1 include:webmail.pair.com ?ip4:204.127.202.0/24 ?ip4:204.127.198.0/24
?ip4:216.148.227.0/24 ?a:relay.pair.com ?mx ?include:megapathdsl.net
?include:verizon.net ?ptr:mail2web.com -all"
> and where exactly
> do i need to paste the line in my DNS? I run BIND. Will it be ok if I
> paste the lines some where at the top of my current "A" records?
I can't answer this one entirely. It needs to be in a TXT record. If it's
the last record, you need to make sure it ends in an eol.
> Also,
> is it wise to approve any host whose name ends in myDomain.com (PTR),
> why or why not would I want to do it?
The general advice on the list has been, IIRC, to avoid it if you can (I
don't know all the reasons). One concern would be that PTR would match
anything in that domain. For example, ptr:comcast.net would match not only
the comcast mail servers, but every cable modem user (many of which have
been taken over by spammers), so that would not be a good place to use ptr.
>
> Thank you for all your help
>
> Alex
>
>
>
> Bob Escher wrote:
>
> >I don't understand your comment
> >A user if he is even sitting in a starbucks, doesn't use a
> starbucks email
> >server
> >to send mail. He just uses smtp auth on his own mail server and
> he can get
> >his mail from anywhere
> >or he can use his mail servers webmail. Same thing thing.
> >
> >
> >Bob E
> >----- Original Message -----
> >From: "Jason 'XenoPhage' Frisvold" <friz@godshell.com>
> >To: <spf-help@v2.listbox.com>
> >Sent: Tuesday, August 24, 2004 7:39 AM
> >Subject: Re: [spf-help] Multiple sending domains
> >
> >
> >
> >
> >>Alex Yantifovich wrote:
> >>
> >>
> >>
> >>>Hello, I have a question about having multiple random domains sending
> >>>email.
> >>>Example, I user is sitting at Starbucks and is trying to send an email
> >>>back to the office using his/hers Outlook.
> >>>Their From: address will be user@b-swing.com but the sending domain
> >>>belongs to, let's say, starbucks.com or what ever he/she has their
> >>>outgoing email server configured as. Remote users that travel often
> >>>send email from diff. locations using diff. email servers. There is no
> >>>way i can track down every SMTP server that they use to send email
> >>>from around the world to allow to send email using b-swing.com. How
> >>>do I make sure that their email is coming through to the recipient
> >>>from user@b-swing.com although they are sending it from
> >>>whatever.com???? I am new to this so forgive me if I am fundamentally
> >>>missing something here.
> >>>
> >>>
> >>Use SMTP AUTH on the b-swing.com mailserver and the end-user will
> >>(usually) never have to change mail servers, thus ensuring that the mail
> >>always originates from b-swing.com
> >>
> >>
> >>
> >>>Thank you,
> >>>
> >>>Alex
> >>>
-------
Archives at
http://archives.listbox.com/spf-help/current/ Donate!
http://spf.pobox.com/donations.html To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com