Mailing List Archive

Do I need IP addresses
I am talking about the domain truro-ma.gov



All of our mail is sent through one server which we host and have identified
in our MX record.



Several people send email using a POP3 client (Outlook, Thunderbird) which
send mail through that server.



Do we need to identify the machines (internal addresses) which create and
send their email via our 1 mailserver?



I think our spf record would be:



"v=spf1 mx ~all"



Or



"v=spf1 a mx ~all" if we send email from our web server



Thanks, Bill



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Do I need IP addresses [ In reply to ]
~all means 'please ignore our SPF record, we are testing.'

-all means drop anything that is not defined by our SPF record.



-john


At 08:31 PM 9/22/2009, you wrote:
>
>
>I am talking about the domain truro-ma.gov
>
>
>
>All of our mail is sent through one server which we host and have identified
>in our MX record.
>
>
>
>Several people send email using a POP3 client (Outlook, Thunderbird) which
>send mail through that server.
>
>
>
>Do we need to identify the machines (internal addresses) which create and
>send their email via our 1 mailserver?
>
>
>
>I think our spf record would be:
>
>
>
>"v=spf1 mx ~all"
>
>
>
>Or
>
>
>
>"v=spf1 a mx ~all" if we send email from our web server
>
>
>
>Thanks, Bill
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org
>Modify Your Subscription: http://www.listbox.com/member/
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>No virus found in this incoming message.
>Checked by AVG - www.avg.com
>Version: 8.5.409 / Virus Database: 270.13.112/2387 - Release Date: 09/21/09 17:55:00
Re: Do I need IP addresses [ In reply to ]
At 02:31 23/09/2009 Wednesday, William K. Goodbody wrote:
>
>
>I am talking about the domain truro-ma.gov
>
>All of our mail is sent through one server which we host and have identified
>in our MX record.

relevant to incomming only

>Several people send email using a POP3 client (Outlook, Thunderbird) which
>send mail through that server.
>Do we need to identify the machines (internal addresses) which create and
>send their email via our 1 mailserver?

no
spf only needs to identify the IP's that others should accept your email from

and also the ip's that your servers HELO greeting should be accepted from

>I think our spf record would be:
>"v=spf1 mx ~all"
>Or
>"v=spf1 a mx ~all" if we send email from our web server

any mention of mx in spf seems a waste of time especially if only 1 or 2 servers are involved why make others lookup your mx's etc

faster is for your domains spf record assuming your mailserver is xx.xx.xx.xx
"v=spf1 ipv4:xx.xx.xx.xx ~all" assuming you want to terminate ~all instead of -all
and for your mail servers helo identities spf record you need "v=spf1 A -all" or "v=spf1 ipv4:xx.xx.xx.xx -all"
{any all helo identities have no reason for ever terminating with anything other than -all}

if your webserver also sends emails {say from ip yy.yy.yy.yy}
then the domains spf would be altered to be
"v=spf1 ipv4:xx.xx.xx.xx ipv4:yy.yy.yy.yy ~all"
the mailservers helo identities spf would still be "v=spf1 A -all" or "v=spf1 ipv4:xx.xx.xx.xx -all"
the webservers helo identities spf would still be "v=spf1 A -all" or "v=spf1 ipv4:yy.yy.yy.yy -all"


all other names not used in smtp helo greetings or in email addresses sould have "v=spf1 -all"


>
>
>Thanks, Bill
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org
>Modify Your Subscription: http://www.listbox.com/member/
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com