Mailing List Archive

If the syntax is right, I think it's a good idea. You could also,
depending on the client, use their smtp server and relay through so as
to not change the spf records (less work) but I like your idea better. I
suppose on your side you could setup spf.relay.com to be inactive except
when doing your mailings. In that way you don't have to modify dns
entries all the time

-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com] On Behalf Of Josh Hildebrand
Sent: Monday, October 11, 2004 3:07 PM
To: spf-help@v2.listbox.com
Subject: [spf-help] will include work for this scenario?

This list has been a tremendous help thus far. I just wanted to run
this by the community before I publish a specification to our customers.

We occasionally send email out for our customers. They have requested
that the bounces go back to them, so we must use their domain in the
Sender header (among others).

My idea is to create an SPF record that I will have control over to
change as necessary. Such as:
spf.mycompany.com IN TXT "v=spf1 ip4:x.x.x.x/26 -all"

Then in the specification that we publish to our customers, we'll ask
them to add an "include:spf.mycompany.com" to their SPF records.

I understand this will add a little more latency to all of their emails
since SPF engines will have to do some more queries to approve each
message.
But this is a small price to pay for the ability for us to change our
IPs w/o scheduling a mass SPF change with all of our customers.

Am I missing something here? I appreciate all feedback. Good or bad.
Feel free to email me directly or reply to the list.

Thank you so much!

--
Josh Hildebrand

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


--------------------------------------------------------------------------------
This email is intended only for the named recipents. All email is monitored and archived for compliance requirements.
The views or context in this message may not reflect the view or context of the company.
--------------------------------------------------------------------------------



-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Yes - I have to use an include in my spf record and it's the way to go.
Includes work well - *provided* you get the syntax perfect and the included
domains spf record is also perfectly correct.

You'll probably be safer to write your clients spf records youself. If you
host them yourself that would be a doddle for you to do, and ensures less
"fumble-factor". If they're doing it themselves - I hope they are all using
a dns provider which will allow them to modify their TXT records - and
they'll be well advised to use a record creator to reduce the risk of syntax
errors. The one on www.spf.pobox.com is quite good, but you might have to
do some hand-holding, if your customers are anything like as naiive as mine
;-)


Slainte,

JohnP.
johnp@idimo.com
ICQ 313355492


----- Original Message -----
From: "Josh Hildebrand" <josh@newgistics.com>
To: <spf-help@v2.listbox.com>
Sent: Monday, October 11, 2004 9:06 PM
Subject: [spf-help] will include work for this scenario?


> This list has been a tremendous help thus far. I just wanted to run this
by
> the community before I publish a specification to our customers.
>
> We occasionally send email out for our customers. They have requested
that
> the bounces go back to them, so we must use their domain in the Sender
> header (among others).
>
> My idea is to create an SPF record that I will have control over to change
> as necessary. Such as:
> spf.mycompany.com IN TXT "v=spf1 ip4:x.x.x.x/26 -all"
>
> Then in the specification that we publish to our customers, we'll ask them
> to add an "include:spf.mycompany.com" to their SPF records.
>
> I understand this will add a little more latency to all of their emails
> since SPF engines will have to do some more queries to approve each
message.
> But this is a small price to pay for the ability for us to change our IPs
> w/o scheduling a mass SPF change with all of our customers.
>
> Am I missing something here? I appreciate all feedback. Good or bad.
Feel
> free to email me directly or reply to the list.
>
> Thank you so much!
>
> --
> Josh Hildebrand
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
subscription,
> please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

I don't quite follow your idea about making the spf.relay.com to be
"inactive". I don't plan on modifying DNS entries all the time, either way.

The spf.mycompany.comwould not have an A record, or any other record except
for the TXT spf record. It will eventually have multiple TXT records to
work with senderID or spf2 or whatever comes around.

Emails spoofed with our customer addresses will go out periodically
throughout the day, so there is no certain time of the day that we send out
the mailings.

Thanks.

-----Original Message-----
From: owner-spf-help@v2.listbox.com [mailto:owner-spf-help@v2.listbox.com]
On Behalf Of Benjamin Zachary
Sent: Monday, October 11, 2004 2:11 PM
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] will include work for this scenario?

If the syntax is right, I think it's a good idea. You could also,
depending on the client, use their smtp server and relay through so as
to not change the spf records (less work) but I like your idea better. I
suppose on your side you could setup spf.relay.com to be inactive except
when doing your mailings. In that way you don't have to modify dns
entries all the time

-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com] On Behalf Of Josh Hildebrand
Sent: Monday, October 11, 2004 3:07 PM
To: spf-help@v2.listbox.com
Subject: [spf-help] will include work for this scenario?

This list has been a tremendous help thus far. I just wanted to run
this by the community before I publish a specification to our customers.

We occasionally send email out for our customers. They have requested
that the bounces go back to them, so we must use their domain in the
Sender header (among others).

My idea is to create an SPF record that I will have control over to
change as necessary. Such as:
spf.mycompany.com IN TXT "v=spf1 ip4:x.x.x.x/26 -all"

Then in the specification that we publish to our customers, we'll ask
them to add an "include:spf.mycompany.com" to their SPF records.

I understand this will add a little more latency to all of their emails
since SPF engines will have to do some more queries to approve each
message.
But this is a small price to pay for the ability for us to change our
IPs w/o scheduling a mass SPF change with all of our customers.

Am I missing something here? I appreciate all feedback. Good or bad.
Feel free to email me directly or reply to the list.

Thank you so much!

--
Josh Hildebrand

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


----------------------------------------------------------------------------
----
This email is intended only for the named recipents. All email is monitored
and archived for compliance requirements.
The views or context in this message may not reflect the view or context of
the company.
----------------------------------------------------------------------------
----



-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Ahh ok, I misunderstood. I thought you were going to mod the SPF record
for spf.mycompany.com and then after the mailing take it out and then
put it back for the next mailing. I don't know why I interpreted your
email that way :-)

-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com] On Behalf Of Josh Hildebrand
Sent: Monday, October 11, 2004 3:54 PM
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] will include work for this scenario?

I don't quite follow your idea about making the spf.relay.com to be
"inactive". I don't plan on modifying DNS entries all the time, either
way.

The spf.mycompany.comwould not have an A record, or any other record
except for the TXT spf record. It will eventually have multiple TXT
records to work with senderID or spf2 or whatever comes around.

Emails spoofed with our customer addresses will go out periodically
throughout the day, so there is no certain time of the day that we send
out the mailings.

Thanks.

-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com]
On Behalf Of Benjamin Zachary
Sent: Monday, October 11, 2004 2:11 PM
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] will include work for this scenario?

If the syntax is right, I think it's a good idea. You could also,
depending on the client, use their smtp server and relay through so as
to not change the spf records (less work) but I like your idea better. I
suppose on your side you could setup spf.relay.com to be inactive except
when doing your mailings. In that way you don't have to modify dns
entries all the time

-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com] On Behalf Of Josh Hildebrand
Sent: Monday, October 11, 2004 3:07 PM
To: spf-help@v2.listbox.com
Subject: [spf-help] will include work for this scenario?

This list has been a tremendous help thus far. I just wanted to run
this by the community before I publish a specification to our customers.

We occasionally send email out for our customers. They have requested
that the bounces go back to them, so we must use their domain in the
Sender header (among others).

My idea is to create an SPF record that I will have control over to
change as necessary. Such as:
spf.mycompany.com IN TXT "v=spf1 ip4:x.x.x.x/26 -all"

Then in the specification that we publish to our customers, we'll ask
them to add an "include:spf.mycompany.com" to their SPF records.

I understand this will add a little more latency to all of their emails
since SPF engines will have to do some more queries to approve each
message.
But this is a small price to pay for the ability for us to change our
IPs w/o scheduling a mass SPF change with all of our customers.

Am I missing something here? I appreciate all feedback. Good or bad.
Feel free to email me directly or reply to the list.

Thank you so much!

--
Josh Hildebrand

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


------------------------------------------------------------------------
----
----
This email is intended only for the named recipents. All email is
monitored and archived for compliance requirements.
The views or context in this message may not reflect the view or context
of the company.
------------------------------------------------------------------------
----
----



-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Josh Hildebrand wrote:

> in the specification that we publish to our customers, we'll
> ask them to add an "include:spf.mycompany.com" to their SPF
> records.

That's the most flexible solution, they can have more than one
include. include:spf.mycompay.com matches whenever your sender
results in a PASS (ip4:x.x.x.x/26 in your example). That match
then results in a PASS for the include. As expected.

It's a bit different if you'd use other results in your sender
policy: ~ (softfail), ? (unknown), and - (fail) don't match,
and then the include has no effect. The interpretation of the
sender policies for your customers would simply continue with
the next directive (e.g. another include:somebody.else.example).

> this is a small price to pay for the ability for us to change
> our IPs w/o scheduling a mass SPF change with all of our
> customers.

Yes, that's the point of include: resp. redirect=. The latter
is less flexible, because you can have only one redirect= in a
sender policy without "all" (normally at the end), and it never
"returns" (unlike include). But otherwise it's the same idea.

Bye, Frank


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com