Mailing List Archive

Hello Wayne,
>I work for a small company, and SPF is new to me. We have our own domain,
> and email we send has our domain in the address, but that's about as far
> as
> my company has gone in terms of email strategy. We can send email through
> our ISP's SMTP server (sbcglobal.net) from within the office, and
> employees
> are using whatever they want when they are out of the office. I was asked
> by my boss to come up with something more workable.

Depending on which SMTP server you are using, you may be able to have all
employees everywhere use the same outgoing SMTP server config by using
authenticated SMTP (Possibly on a port other than 25). Doing this would
make generating an SPF record much easier.

> His big concern is that he does not want our email to appear to be spam.

SPF does NOT necessarily make other people see your legitimate email as less
likely to be spam. It does, however, make spammers who forge your domain
possibly appear as more likely to be spam. It all depends on how you craft
your SPF record.

> Currently, there are a handful of servers not under our control that our
> employees are using. It's not clear to me what the TXT record would have
> to
> look like in this case.

This is a problem, which is why I recommend having your own outgoing SMTP
server for all to use.

> More likely, I will suggest something more rational
> such as having all mail go though sbcglobal.net, which can be done with
> authentication,

If you did this, and sbcglobal.net had an SPF record of their own (they do
not), then you could have included their record in yours, but since they do
not have an SPF record, you would be forced to guess all the various
outgoing SMTP servers they use, which would be next to impossible.

> or perhaps look into having somebody host an email server for us,
> or set up our own.

Either one of these is probably the most appropriate for you.

Since you have your own domain (Basically required for SPF anyway), someone
has to be hosting your email unless you are forwarding the various addresses
to other email accounts. That hosting company might offer outgoing SMTP
services as well, which may be the best choice for you.

Hope this helps...

Michael Breton

-------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&user_secret=cbdbbc81

On Wednesday 29 November 2006 19:37, Wayne Resnick wrote:
> I work for a small company, and SPF is new to me. We have our own domain,
> and email we send has our domain in the address, but that's about as far as
> my company has gone in terms of email strategy. We can send email through
> our ISP's SMTP server (sbcglobal.net) from within the office, and employees
> are using whatever they want when they are out of the office. I was asked
> by my boss to come up with something more workable. His big concern is
> that he does not want our email to appear to be spam.

The best way to do this is to send standards compliant mail through mail
servers that don't send significant amounts of what some people consider to
be spam. Finding a provider that can do this for you reliably is not always
easy (I am one of those providers, but that's for a different conversation).

> Currently, there are a handful of servers not under our control that our
> employees are using. It's not clear to me what the TXT record would have to
> look like in this case. More likely, I will suggest something more
> rational such as having all mail go though sbcglobal.net, which can be done
> with authentication, or perhaps look into having somebody host an email
> server for us, or set up our own. But since it's the outgoing SMTP server
> that's ultimately relevant now, that's more of an immediate issue than a
> full blown email server. I'd like to know how to work SPF into these
> scenarios, and would appreciate any advice on the relative merits of
> different solutions.

The best way to deal with SPF is, as you expect, bring people outside the
office to send mail through your server. Everyone sends through their own
ISP is very difficult to manage from an SPF perspective (what the TXT record
looks like in this case is you don't want to know).

Running your own mail server is not something to do if you don't know what you
are doing. This is true whether you are sending or receiving. Small
businesses are, in my opinion, better off finding an appropriate service
provider unless they have the relevant technical expertise on hand.

SPF is meant to help deter spammers from using your domain and to give
receivers a better way to know that you are really you when your domain sends
mail. It doesn't directly deal with the spam/not spam question.

Scott Kitterman
controlledmail.com

-------
Archives at http://archives.listbox.com/spf-help/current/ or
http://www.gossamer-threads.com/lists/spf/help/ (easier to search)
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?member_id=1311530&user_secret=cbdbbc81

On Tue, 16 Dec 2008 16:55:55 -0500 "Martin Wills" <martinw@mvssol.com>
wrote:
>I'm entirely new to the idea of SPF but I'm reacting to spammers spoofing
our domain name, causing our server to receive thousands of non-delivery
messages.
>From what I've read, it seems there are two sides to SPF: the sending
side, which requires an entry in DNS; and the receiving side, which
requires a mail server that supports SPF.
>Does that mean that if I'm only concerned about other servers' ability to
verify that mail from my domain is really from my domain I just need to add
a DNS entry?
>Can I avoid doing something to my mail server until they have native
support?

Yes.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On Tue, Dec 16, 2008 at 21:55, Martin Wills <martinw@mvssol.com> wrote:
> I'm entirely new to the idea of SPF but I'm reacting to spammers spoofing our domain name, causing our server to receive thousands of non-delivery messages.
> From what I've read, it seems there are two sides to SPF: the sending side, which requires an entry in DNS; and the receiving side, which requires a mail server that supports SPF.
> Does that mean that if I'm only concerned about other servers' ability to verify that mail from my domain is really from my domain I just need to add a DNS entry?

Yes.

> Can I avoid doing something to my mail server until they have native support?

Should you choose. Of course there are others in the same situation
as you who are also relying on others to implement the checking. If
everybody only publishes a record and never checks them, there's no
point in publishing the record...

I'd also suggest you look at DKIM, a complimentary solution.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

You need to setup a rdns ptr record for your mx so you cannot be spoofed.

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This communication may contain material protected by the attorney-client privilege or other privileges or protections from discovery, such as California Evidence Code Section 1157, et seq.
If you are not the named addressee you should not disseminate, distribute or copy this e-mail, but should instead destroy it. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.


----- Original Message -----
From: Rob MacGregor <rob.macgregor@gmail.com>
To: spf-help@v2.listbox.com <spf-help@v2.listbox.com>
Sent: Tue Dec 16 14:23:20 2008
Subject: Re: [spf-help] Getting started

On Tue, Dec 16, 2008 at 21:55, Martin Wills <martinw@mvssol.com> wrote:
> I'm entirely new to the idea of SPF but I'm reacting to spammers spoofing our domain name, causing our server to receive thousands of non-delivery messages.
> From what I've read, it seems there are two sides to SPF: the sending side, which requires an entry in DNS; and the receiving side, which requires a mail server that supports SPF.
> Does that mean that if I'm only concerned about other servers' ability to verify that mail from my domain is really from my domain I just need to add a DNS entry?

Yes.

> Can I avoid doing something to my mail server until they have native support?

Should you choose. Of course there are others in the same situation
as you who are also relying on others to implement the checking. If
everybody only publishes a record and never checks them, there's no
point in publishing the record...

I'd also suggest you look at DKIM, a complimentary solution.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.176 / Virus Database: 270.9.18/1851 - Release Date: 12/16/2008 8:53 AM


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Make sure your not an open relay too.

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This communication may contain material protected by the attorney-client privilege or other privileges or protections from discovery, such as California Evidence Code Section 1157, et seq.
If you are not the named addressee you should not disseminate, distribute or copy this e-mail, but should instead destroy it. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.


----- Original Message -----
From: Rob MacGregor <rob.macgregor@gmail.com>
To: spf-help@v2.listbox.com <spf-help@v2.listbox.com>
Sent: Tue Dec 16 14:23:20 2008
Subject: Re: [spf-help] Getting started

On Tue, Dec 16, 2008 at 21:55, Martin Wills <martinw@mvssol.com> wrote:
> I'm entirely new to the idea of SPF but I'm reacting to spammers spoofing our domain name, causing our server to receive thousands of non-delivery messages.
> From what I've read, it seems there are two sides to SPF: the sending side, which requires an entry in DNS; and the receiving side, which requires a mail server that supports SPF.
> Does that mean that if I'm only concerned about other servers' ability to verify that mail from my domain is really from my domain I just need to add a DNS entry?

Yes.

> Can I avoid doing something to my mail server until they have native support?

Should you choose. Of course there are others in the same situation
as you who are also relying on others to implement the checking. If
everybody only publishes a record and never checks them, there's no
point in publishing the record...

I'd also suggest you look at DKIM, a complimentary solution.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.176 / Virus Database: 270.9.18/1851 - Release Date: 12/16/2008 8:53 AM


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Thanks for the response, Rob. Of course you're correct that if we don't
implement the checking we're subverting the whole process. We will get to it
but I'd like to get the DNS entries done as fast as possible.

Martin


----- Original Message -----
From: "Rob MacGregor" <rob.macgregor@gmail.com>
To: <spf-help@v2.listbox.com>
Sent: Tuesday, December 16, 2008 5:23 PM
Subject: Re: [spf-help] Getting started


On Tue, Dec 16, 2008 at 21:55, Martin Wills <martinw@mvssol.com> wrote:
> I'm entirely new to the idea of SPF but I'm reacting to spammers spoofing
> our domain name, causing our server to receive thousands of non-delivery
> messages.
> From what I've read, it seems there are two sides to SPF: the sending
> side, which requires an entry in DNS; and the receiving side, which
> requires a mail server that supports SPF.
> Does that mean that if I'm only concerned about other servers' ability to
> verify that mail from my domain is really from my domain I just need to
> add a DNS entry?

Yes.

> Can I avoid doing something to my mail server until they have native
> support?

Should you choose. Of course there are others in the same situation
as you who are also relying on others to implement the checking. If
everybody only publishes a record and never checks them, there's no
point in publishing the record...

I'd also suggest you look at DKIM, a complimentary solution.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com