Mailing List Archive

On Tue, Sep 14, 2004 at 01:48:31PM -0400, Rschamp wrote:
> Dear SPF forum:
>
> DNSReports.com says we do not have an SPF record but we do have an SPF2 text record. TXT (v=spf2.0/pra wks include ... -all)
>
> I followed the directions from Microsoft DNS to create TXT records on each of our DNS servers.
>
> I created WKS records with an SMTP description for each of the SMTP servers our developers want to maintain.
>
> Are we now SPF compliant?

v=spf2.0/pra is not a valid tag, no matter what microsoft says (note that
their wizard says that it is experimental to give you a feel of how spf
records will look like, for actual use the wizard is just unusable).

Now what is WKS ?

Here are some resources for setting up and validating spf records:

http://spf.pobox.com/wizard.html

http://spf.sonologic.nl/

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Koen Martens wrote:

>On Tue, Sep 14, 2004 at 01:48:31PM -0400, Rschamp wrote:
>
>
>>Dear SPF forum:
>>
>>DNSReports.com says we do not have an SPF record but we do have an SPF2 text record. TXT (v=spf2.0/pra wks include ... -all)
>>
>>I followed the directions from Microsoft DNS to create TXT records on each of our DNS servers.
>>
>>I created WKS records with an SMTP description for each of the SMTP servers our developers want to maintain.
>>
>>Are we now SPF compliant?
>>
>>
>
>v=spf2.0/pra is not a valid tag, no matter what microsoft says (note that
>their wizard says that it is experimental to give you a feel of how spf
>records will look like, for actual use the wizard is just unusable).
>
>Now what is WKS ?
>
>
>

Well Known Service records in DNS...

I didn't realise anyone still used them...


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Dear Koen:

I revised my SPF TXT record on all 3 of our eMedicine DNS servers to have a text file:

type: TXT
Name: SPF
Data: v=spf1 MX WKS include:server.czyz.net -all

The well known services records (WKS) all point to port 25 / SMTP. This way, I can have many SMTP servers (which is not under my control) and still keep the DNS record under 1000 bytes.

However, I still cannot get the test sites to believe I have an SPF record.

What am I doing wrong?

Rick Schamp

http://www.dnsreport.com
SPF record Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record before October 1, 2004, the target date for domains to have SPF records in place.


the standard reference why.html page
An email system which uses SPF rejected a message claiming to be from emedicine.com.
An email system which uses SPF saw a message coming from the IP address 204.168.118.41; the sender claimed to be emedicine.com.

emedicine.com does not publish SPF records. It is possible that the recipient domain refuses all mail from domains which do not publish SPF data.

----- Original Message -----
From: "Koen Martens" <spf@metro.cx>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, September 15, 2004 4:56 AM
Subject: Re: [spf-help] SPR2 records in Microsoft


> On Tue, Sep 14, 2004 at 01:48:31PM -0400, Rschamp wrote:
> > Dear SPF forum:
> >
> > DNSReports.com says we do not have an SPF record but we do have an SPF2 text record. TXT (v=spf2.0/pra wks include ... -all)
> >
> > I followed the directions from Microsoft DNS to create TXT records on each of our DNS servers.
> >
> > I created WKS records with an SMTP description for each of the SMTP servers our developers want to maintain.
> >
> > Are we now SPF compliant?
>
> v=spf2.0/pra is not a valid tag, no matter what microsoft says (note that
> their wizard says that it is experimental to give you a feel of how spf
> records will look like, for actual use the wizard is just unusable).
>
> Now what is WKS ?
>
> Here are some resources for setting up and validating spf records:
>
> http://spf.pobox.com/wizard.html
>
> http://spf.sonologic.nl/
>
> Koen
>
> --
> K.F.J. Martens, Sonologic, http://www.sonologic.nl/
> Networking, embedded systems, unix expertise, artificial intelligence.
> Public PGP key: http://www.metro.cx/pubkey-gmc.asc
> Wondering about the funny attachment your mail program
> can't read? Visit http://www.openpgp.org/
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.762 / Virus Database: 510 - Release Date: 9/13/2004

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

First, I'm new at this.

Second, I did go to Microsoft's site for direction on how to create the SPF
(since I don't run bind, etc) and found an obscure reference to WKS.

Third, we do mailing lists and I didn't want to give the MX record to these
SMTP servers since they do not accept email.

Fourth, there is a 1024 character limit on DNS record and attaching a text
file seemed "out of character" for the interface.

I'm all ears.

Richard Schamp


----- Original Message -----
From: "Medievalist" <spoof@HBCS.Org>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, September 15, 2004 2:23 PM
Subject: Re: [spf-help] SPR2 records in Microsoft


> On 15 Sep 2004 at 10:56, Koen Martens wrote:
> >
> > Now what is WKS ?
> >
>
> "Well Known Services" which was a commonly used DNS resource record type
in the
> days of the dinosaurs. You would list the services running on a host
(such as
> telnet, FTP, etc) so that people didn't have to port-scan you to find out
what
> you were running... bandwidth being precious in those days, it made
sense.
>
> Today those that still use WKS and HINFO records (as I occasionally do)
> typically use them for a disinformation service, to confuse kiddie
scripts.
>
> RFC1127 discourages any use of WKS records whatsoever and RFC1123 says "An
> application SHOULD NOT rely on the ability to locate a WKS record
containing an
> accurate listing of all services at a particular host address, since the
WKS RR
> type is not often used by Internet sites. To confirm that a service is
> present, simply attempt to use it."
>
> Yet, for some reason Microsoft seems to think that this record type
warrants
> support... see
>
http://www.microsoft.com/technet/community/scriptcenter/network/scnet157.mspx
> for example. I'm wondering about their logic here, if anyone knows (this
is
> not an invitation to MS-bashing) I'd appreciate it if they'd pass the
> information along. Rschamp - why did you think WKS was needed for your
SPF
> implementation?
>
> --Charlie
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
subscription,
> please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.762 / Virus Database: 510 - Release Date: 9/13/2004

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On 15 Sep 2004 at 10:56, Koen Martens wrote:
>
> Now what is WKS ?
>

"Well Known Services" which was a commonly used DNS resource record type in the
days of the dinosaurs. You would list the services running on a host (such as
telnet, FTP, etc) so that people didn't have to port-scan you to find out what
you were running... bandwidth being precious in those days, it made sense.

Today those that still use WKS and HINFO records (as I occasionally do)
typically use them for a disinformation service, to confuse kiddie scripts.

RFC1127 discourages any use of WKS records whatsoever and RFC1123 says "An
application SHOULD NOT rely on the ability to locate a WKS record containing an
accurate listing of all services at a particular host address, since the WKS RR
type is not often used by Internet sites. To confirm that a service is
present, simply attempt to use it."

Yet, for some reason Microsoft seems to think that this record type warrants
support... see
http://www.microsoft.com/technet/community/scriptcenter/network/scnet157.mspx
for example. I'm wondering about their logic here, if anyone knows (this is
not an invitation to MS-bashing) I'd appreciate it if they'd pass the
information along. Rschamp - why did you think WKS was needed for your SPF
implementation?

--Charlie

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hi,

I did a check:

[gmc@dave gmc]$ dig @ns1.emedicine.com emedicine.com txt

; <<>> DiG 9.2.3rc2 <<>> @ns1.emedicine.com emedicine.com txt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57939
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;emedicine.com. IN TXT

;; AUTHORITY SECTION:
emedicine.com. 3600 IN SOA ns1.emedicine.com.
postmaster.emedicine.com. 503 3600 3600 1296000 900

;; Query time: 99 msec
;; SERVER: 204.168.118.101#53(ns1.emedicine.com)
;; WHEN: Wed Sep 15 20:39:35 2004
;; MSG SIZE rcvd: 82


As you can see, ns1.emedicine.com did not return a TXT record for
emedicine.com. I also checked for ns2.emedicine.com, etc.. It seems your
problem is not with spf perse, but that you have trouble getting your
nameserver to do what you want.

What software are you using on ns?.emedicine.com ??

Koen

On Wed, Sep 15, 2004 at 02:03:20PM -0400, Rschamp wrote:
> Dear Koen:
>
> I revised my SPF TXT record on all 3 of our eMedicine DNS servers to have a text file:
>
> type: TXT
> Name: SPF
> Data: v=spf1 MX WKS include:server.czyz.net -all
>
> The well known services records (WKS) all point to port 25 / SMTP. This way, I can have many SMTP servers (which is not under my control) and still keep the DNS record under 1000 bytes.
>
> However, I still cannot get the test sites to believe I have an SPF record.
>
> What am I doing wrong?
>
> Rick Schamp

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Wed, Sep 15, 2004 at 08:41:34PM +0200, Koen Martens wrote:
> > type: TXT
> > Name: SPF
> > Data: v=spf1 MX WKS include:server.czyz.net -all

Btw, wks is not part of spf syntax, see:

http://spf.sonologic.nl/index.php?record=v%3Dspf1+MX+WKS+include%3Aserver.czyz.net+-all

Furthermore, server.czyz.net does not publish an spf record, meaning
that the include will always fail.

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Microsoft DNS on Windows 2000 for all 3 servers.





----- Original Message -----
From: "Koen Martens" <spf@metro.cx>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, September 15, 2004 2:41 PM
Subject: Re: [spf-help] SPR2 records in Microsoft


> Hi,
>
> I did a check:
>
> [gmc@dave gmc]$ dig @ns1.emedicine.com emedicine.com txt
>
> ; <<>> DiG 9.2.3rc2 <<>> @ns1.emedicine.com emedicine.com txt
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57939
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;emedicine.com. IN TXT
>
> ;; AUTHORITY SECTION:
> emedicine.com. 3600 IN SOA ns1.emedicine.com.
> postmaster.emedicine.com. 503 3600 3600 1296000 900
>
> ;; Query time: 99 msec
> ;; SERVER: 204.168.118.101#53(ns1.emedicine.com)
> ;; WHEN: Wed Sep 15 20:39:35 2004
> ;; MSG SIZE rcvd: 82
>
>
> As you can see, ns1.emedicine.com did not return a TXT record for
> emedicine.com. I also checked for ns2.emedicine.com, etc.. It seems your
> problem is not with spf perse, but that you have trouble getting your
> nameserver to do what you want.
>
> What software are you using on ns?.emedicine.com ??
>
> Koen
>
> On Wed, Sep 15, 2004 at 02:03:20PM -0400, Rschamp wrote:
> > Dear Koen:
> >
> > I revised my SPF TXT record on all 3 of our eMedicine DNS servers to
have a text file:
> >
> > type: TXT
> > Name: SPF
> > Data: v=spf1 MX WKS include:server.czyz.net -all
> >
> > The well known services records (WKS) all point to port 25 / SMTP. This
way, I can have many SMTP servers (which is not under my control) and still
keep the DNS record under 1000 bytes.
> >
> > However, I still cannot get the test sites to believe I have an SPF
record.
> >
> > What am I doing wrong?
> >
> > Rick Schamp
>
> --
> K.F.J. Martens, Sonologic, http://www.sonologic.nl/
> Networking, embedded systems, unix expertise, artificial intelligence.
> Public PGP key: http://www.metro.cx/pubkey-gmc.asc
> Wondering about the funny attachment your mail program
> can't read? Visit http://www.openpgp.org/
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
subscription,
> please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.762 / Virus Database: 510 - Release Date: 9/13/2004

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

I was told the wizard at MS is kind of buggy but it seems to be working ok for me and most of my clients. We dont do alot of crazy stuff, most of it is only inbound/outbound from the same IP. When I did mine in MS and in SPF site they came out the same...

________________________________

From: owner-spf-help@v2.listbox.com on behalf of Medievalist
Sent: Wed 9/15/2004 4:25 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] SPR2 records in Microsoft



I'm new at SPF too, so don't take my word as gospel! :)

I'd recommend against having anything to do with WKS records since they are
depreciated as per the RFCs and obsolete in real life anyway.

Also, since Microsoft is pushing a competing approach to SPF, I would not take
their advice on the internal structure of SPF records. Obviously, since they
are your DNS software vendor, they are the experts on how to *publish* the
appropriate TXT records on your systems, but you will be better off using
spf.pobox.com as your primary source of info on SPF. You can use the wizard at
http://spf.pobox.com/wizard.html to create your "first draft" of an SPF TXT
record; it worked for me!

Don't forget to give your nameservers whatever kick-in-the-head is necessary to
make them re-read their configuration files and increment their zone serial
numbers.

--Charlie

PS - If you document how to put a TXT record in your DNS software, Meng and
compatriots might put it on the web page to help others in your situation.

--C


On 15 Sep 2004 at 14:09, Rschamp wrote:
>
> First, I'm new at this.
>
> Second, I did go to Microsoft's site for direction on how to create the SPF
> (since I don't run bind, etc) and found an obscure reference to WKS.
>
> Third, we do mailing lists and I didn't want to give the MX record to these
> SMTP servers since they do not accept email.
>
> Fourth, there is a 1024 character limit on DNS record and attaching a text
> file seemed "out of character" for the interface.
>
> I'm all ears.
>
> Richard Schamp
>
>
> ----- Original Message -----
> From: "Medievalist" <spoof@HBCS.Org>
> To: <spf-help@v2.listbox.com>
> Sent: Wednesday, September 15, 2004 2:23 PM
> Subject: Re: [spf-help] SPR2 records in Microsoft
>
>
> > On 15 Sep 2004 at 10:56, Koen Martens wrote:
> > >
> > > Now what is WKS ?
> > >
> >
> > "Well Known Services" which was a commonly used DNS resource record type
> in the
> > days of the dinosaurs. You would list the services running on a host
> (such as
> > telnet, FTP, etc) so that people didn't have to port-scan you to find out
> what
> > you were running... bandwidth being precious in those days, it made
> sense.
> >
> > Today those that still use WKS and HINFO records (as I occasionally do)
> > typically use them for a disinformation service, to confuse kiddie
> scripts.
> >
> > RFC1127 discourages any use of WKS records whatsoever and RFC1123 says "An
> > application SHOULD NOT rely on the ability to locate a WKS record
> containing an
> > accurate listing of all services at a particular host address, since the
> WKS RR
> > type is not often used by Internet sites. To confirm that a service is
> > present, simply attempt to use it."
> >
> > Yet, for some reason Microsoft seems to think that this record type
> warrants
> > support... see
> >
> http://www.microsoft.com/technet/community/scriptcenter/network/scnet157.mspx
> > for example. I'm wondering about their logic here, if anyone knows (this
> is
> > not an invitation to MS-bashing) I'd appreciate it if they'd pass the
> > information along. Rschamp - why did you think WKS was needed for your
> SPF
> > implementation?
> >
> > --Charlie
> >

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com




--------------------------------------------------------------------------------
This email is intended only for the named recipents. All email is monitored and archived for compliance requirements.
The views or context in this message may not reflect the view or context of the company.
--------------------------------------------------------------------------------



-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Actually as a test I went back and looked at the ms site and they are using an spf2.0 record now whereas pobox is using spf1. The records are pretty different so ignore my initial post.

________________________________

From: owner-spf-help@v2.listbox.com on behalf of Benjamin Zachary
Sent: Wed 9/15/2004 4:01 PM
To: spf-help@v2.listbox.com
Subject: [SPF-FAIL] - RE: [spf-help] SPR2 records in Microsoft - Sender is probably forged (SPF Softfail)



I was told the wizard at MS is kind of buggy but it seems to be working ok for me and most of my clients. We dont do alot of crazy stuff, most of it is only inbound/outbound from the same IP. When I did mine in MS and in SPF site they came out the same...

________________________________

From: owner-spf-help@v2.listbox.com on behalf of Medievalist
Sent: Wed 9/15/2004 4:25 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] SPR2 records in Microsoft



I'm new at SPF too, so don't take my word as gospel! :)

I'd recommend against having anything to do with WKS records since they are
depreciated as per the RFCs and obsolete in real life anyway.

Also, since Microsoft is pushing a competing approach to SPF, I would not take
their advice on the internal structure of SPF records. Obviously, since they
are your DNS software vendor, they are the experts on how to *publish* the
appropriate TXT records on your systems, but you will be better off using
spf.pobox.com as your primary source of info on SPF. You can use the wizard at
http://spf.pobox.com/wizard.html to create your "first draft" of an SPF TXT
record; it worked for me!

Don't forget to give your nameservers whatever kick-in-the-head is necessary to
make them re-read their configuration files and increment their zone serial
numbers.

--Charlie

PS - If you document how to put a TXT record in your DNS software, Meng and
compatriots might put it on the web page to help others in your situation.

--C


On 15 Sep 2004 at 14:09, Rschamp wrote:
>
> First, I'm new at this.
>
> Second, I did go to Microsoft's site for direction on how to create the SPF
> (since I don't run bind, etc) and found an obscure reference to WKS.
>
> Third, we do mailing lists and I didn't want to give the MX record to these
> SMTP servers since they do not accept email.
>
> Fourth, there is a 1024 character limit on DNS record and attaching a text
> file seemed "out of character" for the interface.
>
> I'm all ears.
>
> Richard Schamp
>
>
> ----- Original Message -----
> From: "Medievalist" <spoof@HBCS.Org>
> To: <spf-help@v2.listbox.com>
> Sent: Wednesday, September 15, 2004 2:23 PM
> Subject: Re: [spf-help] SPR2 records in Microsoft
>
>
> > On 15 Sep 2004 at 10:56, Koen Martens wrote:
> > >
> > > Now what is WKS ?
> > >
> >
> > "Well Known Services" which was a commonly used DNS resource record type
> in the
> > days of the dinosaurs. You would list the services running on a host
> (such as
> > telnet, FTP, etc) so that people didn't have to port-scan you to find out
> what
> > you were running... bandwidth being precious in those days, it made
> sense.
> >
> > Today those that still use WKS and HINFO records (as I occasionally do)
> > typically use them for a disinformation service, to confuse kiddie
> scripts.
> >
> > RFC1127 discourages any use of WKS records whatsoever and RFC1123 says "An
> > application SHOULD NOT rely on the ability to locate a WKS record
> containing an
> > accurate listing of all services at a particular host address, since the
> WKS RR
> > type is not often used by Internet sites. To confirm that a service is
> > present, simply attempt to use it."
> >
> > Yet, for some reason Microsoft seems to think that this record type
> warrants
> > support... see
> >
> http://www.microsoft.com/technet/community/scriptcenter/network/scnet157.mspx
> > for example. I'm wondering about their logic here, if anyone knows (this
> is
> > not an invitation to MS-bashing) I'd appreciate it if they'd pass the
> > information along. Rschamp - why did you think WKS was needed for your
> SPF
> > implementation?
> >
> > --Charlie
> >

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com




--------------------------------------------------------------------------------
This email is intended only for the named recipents. All email is monitored and archived for compliance requirements.
The views or context in this message may not reflect the view or context of the company.
--------------------------------------------------------------------------------



-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Benjamin Zachary
> Sent: Wednesday, September 15, 2004 4:01 PM
> To: spf-help@v2.listbox.com
> Subject: RE: [spf-help] SPR2 records in Microsoft
>
>
> I was told the wizard at MS is kind of buggy but it seems to be
> working ok for me and most of my clients. We dont do alot of
> crazy stuff, most of it is only inbound/outbound from the same
> IP. When I did mine in MS and in SPF site they came out the same...
>
What did the MS site suggest that you publish?

Scott Kitterman

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

I'm new at SPF too, so don't take my word as gospel! :)

I'd recommend against having anything to do with WKS records since they are
depreciated as per the RFCs and obsolete in real life anyway.

Also, since Microsoft is pushing a competing approach to SPF, I would not take
their advice on the internal structure of SPF records. Obviously, since they
are your DNS software vendor, they are the experts on how to *publish* the
appropriate TXT records on your systems, but you will be better off using
spf.pobox.com as your primary source of info on SPF. You can use the wizard at
http://spf.pobox.com/wizard.html to create your "first draft" of an SPF TXT
record; it worked for me!

Don't forget to give your nameservers whatever kick-in-the-head is necessary to
make them re-read their configuration files and increment their zone serial
numbers.

--Charlie

PS - If you document how to put a TXT record in your DNS software, Meng and
compatriots might put it on the web page to help others in your situation.

--C


On 15 Sep 2004 at 14:09, Rschamp wrote:
>
> First, I'm new at this.
>
> Second, I did go to Microsoft's site for direction on how to create the SPF
> (since I don't run bind, etc) and found an obscure reference to WKS.
>
> Third, we do mailing lists and I didn't want to give the MX record to these
> SMTP servers since they do not accept email.
>
> Fourth, there is a 1024 character limit on DNS record and attaching a text
> file seemed "out of character" for the interface.
>
> I'm all ears.
>
> Richard Schamp
>
>
> ----- Original Message -----
> From: "Medievalist" <spoof@HBCS.Org>
> To: <spf-help@v2.listbox.com>
> Sent: Wednesday, September 15, 2004 2:23 PM
> Subject: Re: [spf-help] SPR2 records in Microsoft
>
>
> > On 15 Sep 2004 at 10:56, Koen Martens wrote:
> > >
> > > Now what is WKS ?
> > >
> >
> > "Well Known Services" which was a commonly used DNS resource record type
> in the
> > days of the dinosaurs. You would list the services running on a host
> (such as
> > telnet, FTP, etc) so that people didn't have to port-scan you to find out
> what
> > you were running... bandwidth being precious in those days, it made
> sense.
> >
> > Today those that still use WKS and HINFO records (as I occasionally do)
> > typically use them for a disinformation service, to confuse kiddie
> scripts.
> >
> > RFC1127 discourages any use of WKS records whatsoever and RFC1123 says "An
> > application SHOULD NOT rely on the ability to locate a WKS record
> containing an
> > accurate listing of all services at a particular host address, since the
> WKS RR
> > type is not often used by Internet sites. To confirm that a service is
> > present, simply attempt to use it."
> >
> > Yet, for some reason Microsoft seems to think that this record type
> warrants
> > support... see
> >
> http://www.microsoft.com/technet/community/scriptcenter/network/scnet157.mspx
> > for example. I'm wondering about their logic here, if anyone knows (this
> is
> > not an invitation to MS-bashing) I'd appreciate it if they'd pass the
> > information along. Rschamp - why did you think WKS was needed for your
> SPF
> > implementation?
> >
> > --Charlie
> >

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

When I first did the MS SPF record they recommended v=spf2.0/cra mx wks -all

Then I found out that revision is not legal yet.
So my SPF TXT record became v=spf1 mx wks -all

Now, I've removed the WKS files and replaced them with all records.
So any of my servers can broadcast SMTP.
And my SPF TXT reads v=spf1 mx a -all

But the test sites say I don't have an SPF record.

How did you get them to see your SPF record?
I took out the text file saying email to postmaster.emedicine.com so that it
wouldn't be confused.

Richard Schamp
eMedicine Technical Team


----- Original Message -----
From: <spf2@kitterman.com>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, September 15, 2004 4:16 PM
Subject: RE: [spf-help] SPR2 records in Microsoft


> > -----Original Message-----
> > From: owner-spf-help@v2.listbox.com
> > [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Benjamin Zachary
> > Sent: Wednesday, September 15, 2004 4:01 PM
> > To: spf-help@v2.listbox.com
> > Subject: RE: [spf-help] SPR2 records in Microsoft
> >
> >
> > I was told the wizard at MS is kind of buggy but it seems to be
> > working ok for me and most of my clients. We dont do alot of
> > crazy stuff, most of it is only inbound/outbound from the same
> > IP. When I did mine in MS and in SPF site they came out the same...
> >
> What did the MS site suggest that you publish?
>
> Scott Kitterman
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
subscription,
> please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.762 / Virus Database: 510 - Release Date: 9/13/2004

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Here is the difference(s) between each one they are similar except version and on pobox they only say MX whereas MS version says mx:mail.networthco.com. Im mostly concerned with the version of spf, I think when I originally did the spf on MS site it was spf1 now its spf2.0

networthco.com / MS
--------------
spf2.0/pra
ptr
mx:mail.networthco.com
mx
mx:networthco.net
mx:networthco.org
mx:networthsystems.com
mx:networthsystems.net
mx:networthsystems.co.uk
-all

networthco.com / SPF
--------------------
v=spf1
mx
ptr
mx:networthco.net
mx:networthco.org
mx:networthsystems.com
mx:networthsystems.net
mx:networthsystems.co.uk
-all


--------------------------------------------------------------------------------
This email is intended only for the named recipents. All email is monitored and archived for compliance requirements.
The views or context in this message may not reflect the view or context of the company.
--------------------------------------------------------------------------------



-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Are your DNS servers available to the internet or are they internal port
forwarding? If they are port forwarding then no change you make on your
internal servers will be published to the internet.

-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com] On Behalf Of Rschamp
Sent: Wednesday, September 15, 2004 3:30 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] SPR2 records in Microsoft

When I first did the MS SPF record they recommended v=spf2.0/cra mx wks
-all

Then I found out that revision is not legal yet.
So my SPF TXT record became v=spf1 mx wks -all

Now, I've removed the WKS files and replaced them with all records.
So any of my servers can broadcast SMTP.
And my SPF TXT reads v=spf1 mx a -all

But the test sites say I don't have an SPF record.

How did you get them to see your SPF record?
I took out the text file saying email to postmaster.emedicine.com so
that it wouldn't be confused.

Richard Schamp
eMedicine Technical Team


----- Original Message -----
From: <spf2@kitterman.com>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, September 15, 2004 4:16 PM
Subject: RE: [spf-help] SPR2 records in Microsoft


> > -----Original Message-----
> > From: owner-spf-help@v2.listbox.com
> > [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Benjamin Zachary
> > Sent: Wednesday, September 15, 2004 4:01 PM
> > To: spf-help@v2.listbox.com
> > Subject: RE: [spf-help] SPR2 records in Microsoft
> >
> >
> > I was told the wizard at MS is kind of buggy but it seems to be
> > working ok for me and most of my clients. We dont do alot of
> > crazy stuff, most of it is only inbound/outbound from the same
> > IP. When I did mine in MS and in SPF site they came out the same...
> >
> What did the MS site suggest that you publish?
>
> Scott Kitterman
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
subscription,
> please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.762 / Virus Database: 510 - Release Date: 9/13/2004

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Have you published your TXT records in your DNS? Meaning:

emedicine.com. 3584 NS ns2.emedicine.com.
emedicine.com. 3584 NS ns3.emedicine.com.
emedicine.com. 3584 NS tower1.schwartz.emed.com.
emedicine.com. 3584 NS ns1.emedicine.com.

If so, it may take some time for them to propogate.

If not, publishing TXT records for Windows 2000 has been discussed on this
list before. Searching the archives may be fruitful.

Scott Kitterman

> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Rschamp
> Sent: Wednesday, September 15, 2004 4:30 PM
> To: spf-help@v2.listbox.com
> Subject: Re: [spf-help] SPR2 records in Microsoft
>
>
> When I first did the MS SPF record they recommended v=spf2.0/cra
> mx wks -all
>
> Then I found out that revision is not legal yet.
> So my SPF TXT record became v=spf1 mx wks -all
>
> Now, I've removed the WKS files and replaced them with all records.
> So any of my servers can broadcast SMTP.
> And my SPF TXT reads v=spf1 mx a -all
>
> But the test sites say I don't have an SPF record.
>
> How did you get them to see your SPF record?
> I took out the text file saying email to postmaster.emedicine.com
> so that it
> wouldn't be confused.
>
> Richard Schamp
> eMedicine Technical Team
>
>
> ----- Original Message -----
> From: <spf2@kitterman.com>
> To: <spf-help@v2.listbox.com>
> Sent: Wednesday, September 15, 2004 4:16 PM
> Subject: RE: [spf-help] SPR2 records in Microsoft
>
>
> > > -----Original Message-----
> > > From: owner-spf-help@v2.listbox.com
> > > [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Benjamin Zachary
> > > Sent: Wednesday, September 15, 2004 4:01 PM
> > > To: spf-help@v2.listbox.com
> > > Subject: RE: [spf-help] SPR2 records in Microsoft
> > >
> > >
> > > I was told the wizard at MS is kind of buggy but it seems to be
> > > working ok for me and most of my clients. We dont do alot of
> > > crazy stuff, most of it is only inbound/outbound from the same
> > > IP. When I did mine in MS and in SPF site they came out the same...
> > >
> > What did the MS site suggest that you publish?
> >
> > Scott Kitterman

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com