Mailing List Archive

Hi Jeff,

The SPF record is "used" when SPF enabled mail servers validate inbound
messages. It is a check to see if the sending server is authorise to send
messages for the purported sending domain.

To publish SPF records the company that hosts the DNS zone for the
customers domain (Zrom.com I believe) must be willing and able to add the
SPF information. You should check with them. If they are unwilling or
unable to add SPF records to the DNS you can move the DNS hosting.

This is unrelated to SPF, but you are correct in that you should get MPower
to set-up a proper reverse PTR. There is a threat from the from the IP
black listing folks and the big e-mail service providers that will not be
accepting the automatically generated DSL provider reverse PTR like you
have on the server IP. I just sent a test message to AOL.COM from an
MPower DSL IP and it went right through with no problem.

If all the outbound messages from the company in question come from the
exchange server at 208.57.82.4 the SPF record would be simple.

Using the Wizard at http://spf.pobox.com I came up with:

"v=spf1 ip4:208.57.82.4 -all"


Regards

Bob Davis








______________________________ Reply Separator _________________________________
Subject: [spf-help] Trying to understand SPF
Author: "Jeff Adzima" <jeff@lasrlink.com> at Internet
Date: 10/2/2004 11:01 AM


I'm trying to understand all this and every time I think I get it, someone
describes something to me and I get all flustered once again.



I have a client that has their email server hosted in their office on an
exchange email server(mail.company.com), that is sitting on a dsl line
provided by mpower. Their domain(HYPERLINK
"http://www.company.com/"www.company.com) is hosted by a different hosting
company so their dns records are stored there. All of their mail is sent out
of their office from the exchange server via mpower. Their leased static IP
address from mpower is 208.57.82.4, which is set in their dns records on the
hosting company(216.70.246.2) to point to their MX record(mail.company.com).
Currently a reverse dns inquiry shows that the IP address 208.57.52.4 is as
follows: 208.57.82.4 PTR record: san-cust-208.57.82.4.mpowercom.net. [TTL
604800s] [A=208.57.82.4]





This is what I'm thinking I need to do. 1) Call mpower and ask them to
create a PTR record to point back to mail.company.com and then I'm confused
as to where I need to put this SPF record; in their dns records at the
hosting company or in the dns records on the exchange server in their
office. Whose benefit is the SPF record supplying? I'm not sure where the
SPF record comes into play, when mail is sent or received?



Thanks for clearing this up for me. I feel lost with this new feature, but
really want to understand it because I think it will put a big dent in spam.



Jeff




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.766 / Virus Database: 513 - Release Date: 9/17/2004


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

You need whoever is holding DNS to add the SPF record. If the exchange
server is the only server that *sends* mail then that's all you need. If
there is a smart host to forward mail from Exchange to Mpower and then
to the internet then you would want Mpowers domain in there as well.

By hand I think your spf would look like this: spf=v1 mx -all

That means that only your MX record can send mail as your domain. If
people are relaying from home or other things you should consider having
them smtp-auth which is always better. Of course with Exchange you get
things like RPC/HTTP and OWA which are very very nice.

-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com] On Behalf Of Jeff Adzima
Sent: Saturday, October 02, 2004 2:02 PM
To: spf-help@v2.listbox.com
Subject: [spf-help] Trying to understand SPF

I'm trying to understand all this and every time I think I get it,
someone describes something to me and I get all flustered once again.



I have a client that has their email server hosted in their office on an
exchange email server(mail.company.com), that is sitting on a dsl line
provided by mpower. Their domain(HYPERLINK
"http://www.company.com/"www.company.com) is hosted by a different
hosting company so their dns records are stored there. All of their mail
is sent out of their office from the exchange server via mpower. Their
leased static IP address from mpower is 208.57.82.4, which is set in
their dns records on the hosting company(216.70.246.2) to point to their
MX record(mail.company.com).
Currently a reverse dns inquiry shows that the IP address 208.57.52.4 is
as
follows: 208.57.82.4 PTR record: san-cust-208.57.82.4.mpowercom.net.
[TTL 604800s] [A=208.57.82.4]





This is what I'm thinking I need to do. 1) Call mpower and ask them to
create a PTR record to point back to mail.company.com and then I'm
confused as to where I need to put this SPF record; in their dns records
at the hosting company or in the dns records on the exchange server in
their office. Whose benefit is the SPF record supplying? I'm not sure
where the SPF record comes into play, when mail is sent or received?



Thanks for clearing this up for me. I feel lost with this new feature,
but really want to understand it because I think it will put a big dent
in spam.



Jeff




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.766 / Virus Database: 513 - Release Date: 9/17/2004


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


--------------------------------------------------------------------------------
This email is intended only for the named recipents. All email is monitored and archived for compliance requirements.
The views or context in this message may not reflect the view or context of the company.
--------------------------------------------------------------------------------



-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

I'm sorry, i haven't read your earlier posts, but i'll try to answer
this one anyway.

If your question is 'what should this client put in their spf record'
it's something like 'v=spf1 mx -all' (or ~all for testing initially), or
they could make it more explicit and put 'v=spf1 ip4:208.57.82.4 -all'.
You don't need actually need ptr if you just put mx or ip4 in there. As
to where to publish the record, you need to publish for each and every
domain you wish to protect. If you have 'company.com' put it on there,
if you also have 'www.company.com' and _never_ send mail from that
domain, put a 'v=spf1 -all' on that domain..

Have you taken a look at http://spf.pobox.com/faq.html and
http://spf.pobox.com/mechanisms.html already ??

Koen

On Sat, Oct 02, 2004 at 11:01:49AM -0700, Jeff Adzima wrote:
> I?m trying to understand all this and every time I think I get it, someone
> describes something to me and I get all flustered once again.
>
>
>
> I have a client that has their email server hosted in their office on an
> exchange email server(mail.company.com), that is sitting on a dsl line
> provided by mpower. Their domain(HYPERLINK
> "http://www.company.com/"www.company.com) is hosted by a different hosting
> company so their dns records are stored there. All of their mail is sent out
> of their office from the exchange server via mpower. Their leased static IP
> address from mpower is 208.57.82.4, which is set in their dns records on the
> hosting company(216.70.246.2) to point to their MX record(mail.company.com).
> Currently a reverse dns inquiry shows that the IP address 208.57.52.4 is as
> follows: 208.57.82.4 PTR record: san-cust-208.57.82.4.mpowercom.net. [TTL
> 604800s] [A=208.57.82.4]
>
>
>
>
>
> This is what I?m thinking I need to do. 1) Call mpower and ask them to
> create a PTR record to point back to mail.company.com and then I?m confused
> as to where I need to put this SPF record; in their dns records at the
> hosting company or in the dns records on the exchange server in their
> office. Whose benefit is the SPF record supplying? I?m not sure where the
> SPF record comes into play, when mail is sent or received?
>
>
>
> Thanks for clearing this up for me. I feel lost with this new feature, but
> really want to understand it because I think it will put a big dent in spam.
>
>
>
> Jeff
>
>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.766 / Virus Database: 513 - Release Date: 9/17/2004
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Sat, Oct 02, 2004 at 02:34:34PM -0400, Benjamin Zachary wrote:
> You need whoever is holding DNS to add the SPF record. If the exchange
> server is the only server that *sends* mail then that's all you need. If
> there is a smart host to forward mail from Exchange to Mpower and then
> to the internet then you would want Mpowers domain in there as well.
>
> By hand I think your spf would look like this: spf=v1 mx -all

That'd be "v=spf1 mx -all" of course..

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Ack! Haha been up too much this weekend :)



-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com] On Behalf Of Koen Martens
Sent: Sunday, October 03, 2004 3:21 AM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Trying to understand SPF

On Sat, Oct 02, 2004 at 02:34:34PM -0400, Benjamin Zachary wrote:
> You need whoever is holding DNS to add the SPF record. If the exchange

> server is the only server that *sends* mail then that's all you need.
> If there is a smart host to forward mail from Exchange to Mpower and
> then to the internet then you would want Mpowers domain in there as
well.
>
> By hand I think your spf would look like this: spf=v1 mx -all

That'd be "v=spf1 mx -all" of course..

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/ Networking, embedded
systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program can't read? Visit
http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


--------------------------------------------------------------------------------
This email is intended only for the named recipents. All email is monitored and archived for compliance requirements.
The views or context in this message may not reflect the view or context of the company.
--------------------------------------------------------------------------------



-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com