Mailing List Archive

sfp records help on how to ?
Hi all,

Thank you first for this forum to exist.

I want to configure an spf record for a new domain and i want to know the
best way to do it without being complicated.

My email domain is : vt.com

my MX records is only : mail.vt.com

I have a lot of outgoing email server that I don't manage directly I mean,
IP addresses, FQDN and EHLO names.

What I wanted to do was to create a dedicated domain like : _spf.vt.dom

and just create A records in this zone with all allowed outgoing smtp
server.

So create a TXT to include _spf.vt.dom for all A records

so If I need to create new allowed email server, I will just have to create
a record with a dedicated name but with the real public IP address.

Do you know if it's possible to do that or if there is a way to manage it
without having to change TXT records each time ?

THank you.


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e
Powered by Listbox: http://www.listbox.com
Re: sfp records help on how to ? [ In reply to ]
At 08:31 31/08/2010 Tuesday, Yann GMAIL wrote:
>Hi all,
>
>Thank you first for this forum to exist.
>
>I want to configure an spf record for a new domain and i want to know the
>best way to do it without being complicated.
>
>My email domain is : vt.com
>
>my MX records is only : mail.vt.com
>
>I have a lot of outgoing email server that I don't manage directly I mean,
>IP addresses, FQDN and EHLO names.

not so good but also non issue with regard to spf


>What I wanted to do was to create a dedicated domain like : _spf.vt.dom
>
>and just create A records in this zone with all allowed outgoing smtp
>server.

seems pointless as A records are nothing to do with spf?
if you can get/make a list of ips used by the servers you then set your spf to "v=spf1 ip4:x.x.x.x ip4:y.y.y.y ip4:z.z.z.z/x
etc

and your done there is no point obscuring ips further than that


>So create a TXT to include _spf.vt.dom for all A records
>
>so If I need to create new allowed email server, I will just have to create
>a record with a dedicated name but with the real public IP address.
>
>Do you know if it's possible to do that or if there is a way to manage it
>without having to change TXT records each time ?

txt record(s) are just updated when you add /remove an ip/server from the list, which is hardly often unless your up to something unseemly


>THank you.
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Modify Your Subscription: https://www.listbox.com/member/?&
>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e
Powered by Listbox: http://www.listbox.com
Re: sfp records help on how to ? [ In reply to ]
Thank you for your quick reply.

so for me I need to :

- create dedicated zone like : _spf.vt.dom
- add a TXT record in vt.dom zone like : redirect:_spf.vt.com
- in _spf.vt.dom I need to create another TXT record vith all the ipv4:
addresses

So you can't create a TXT redirect:_spf.vt.dom for vt.dom that will match
all A records in the _spf.vt.dom zone ?

thanks

2010/8/31 alan <spfdiscuss@alandoherty.net>

> At 08:31 31/08/2010 Tuesday, Yann GMAIL wrote:
> >Hi all,
> >
> >Thank you first for this forum to exist.
> >
> >I want to configure an spf record for a new domain and i want to know the
> >best way to do it without being complicated.
> >
> >My email domain is : vt.com
> >
> >my MX records is only : mail.vt.com
> >
> >I have a lot of outgoing email server that I don't manage directly I mean,
> >IP addresses, FQDN and EHLO names.
>
> not so good but also non issue with regard to spf
>
>
> >What I wanted to do was to create a dedicated domain like : _spf.vt.dom
> >
> >and just create A records in this zone with all allowed outgoing smtp
> >server.
>
> seems pointless as A records are nothing to do with spf?
> if you can get/make a list of ips used by the servers you then set your spf
> to "v=spf1 ip4:x.x.x.x ip4:y.y.y.y ip4:z.z.z.z/x
> etc
>
> and your done there is no point obscuring ips further than that
>
>
> >So create a TXT to include _spf.vt.dom for all A records
> >
> >so If I need to create new allowed email server, I will just have to
> create
> >a record with a dedicated name but with the real public IP address.
> >
> >Do you know if it's possible to do that or if there is a way to manage it
> >without having to change TXT records each time ?
>
> txt record(s) are just updated when you add /remove an ip/server from the
> list, which is hardly often unless your up to something unseemly
>
>
> >THank you.
> >
> >
> >-------------------------------------------
> >Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> >Modify Your Subscription: http://www.listbox.com/member/ [
> http://www.listbox.com/member/]
> >
> >Archives: https://www.listbox.com/member/archive/1020/=now
> >RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> >Modify Your Subscription: https://www.listbox.com/member/?&
> >Unsubscribe Now: https://www.listbox.com/unsubscribe/?&
> >Powered by Listbox: http://www.listbox.com
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [
> http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Modify Your Subscription:
> https://www.listbox.com/member/?&
> Unsubscribe Now:
> https://www.listbox.com/unsubscribe/?&
> Powered by Listbox: http://www.listbox.com
>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e
Powered by Listbox: http://www.listbox.com
Re: sfp records help on how to ? [ In reply to ]
At 12:29 31/08/2010 Tuesday, Yann GMAIL wrote:
>Thank you for your quick reply.
>
>so for me I need to :
>
>- create dedicated zone like : _spf.vt.dom
>- add a TXT record in vt.dom zone like : redirect:_spf.vt.com
>- in _spf.vt.dom I need to create another TXT record vith all the ipv4:
>addresses

that will work {though equally you could put the text record directly in vt.com but it is nicer to have them seperated

>So you can't create a TXT redirect:_spf.vt.dom for vt.dom that will match
>all A records in the _spf.vt.dom zone ?

again with the a records???

a records allow you to lookup a name and get an ip, what possible use could they be in this scenario or any in spf?

{they are only useful if the machine is operated by a 3rd party and has a fixed name but changable ip, in this case instead of ip4:x.x.x.x you would write A:the-3rd-parties.name.domain {but bear in mind this is 1 more dns lookup thus wasteful when unneeded, and spf clients only have a limited number of dns lookups allowed {10 or summit like this}}

the client machine knows 2 pieces of information only the ip that connected to him, and the domain it is sending him a mail from
{ok it also knows the helo name it used but you claim to have no control over this}

so where and how would it get an name to lookup one of these a records for??

why would you want to when its easier to just list all the ips in an spf record{s} so that the client can quickly lookup the sending domain and match it against the one ip it is receiving from at the moment

{domains: as sometimes its necessary to have really long records split into

_spf1.domain "v=spf1 ip4:..................really long list include:_spf2.domain -all"
_spf2.domain "v=spf1 ip4:........rest of long list..........etc"

some have in the past had enough ip's to require 5 chained records like this but its unusual


>thanks
>
>2010/8/31 alan <spfdiscuss@alandoherty.net>
>
>> At 08:31 31/08/2010 Tuesday, Yann GMAIL wrote:
>> >Hi all,
>> >
>> >Thank you first for this forum to exist.
>> >
>> >I want to configure an spf record for a new domain and i want to know the
>> >best way to do it without being complicated.
>> >
>> >My email domain is : vt.com
>> >
>> >my MX records is only : mail.vt.com
>> >
>> >I have a lot of outgoing email server that I don't manage directly I mean,
>> >IP addresses, FQDN and EHLO names.
>>
>> not so good but also non issue with regard to spf
>>
>>
>> >What I wanted to do was to create a dedicated domain like : _spf.vt.dom
>> >
>> >and just create A records in this zone with all allowed outgoing smtp
>> >server.
>>
>> seems pointless as A records are nothing to do with spf?
>> if you can get/make a list of ips used by the servers you then set your spf
>> to "v=spf1 ip4:x.x.x.x ip4:y.y.y.y ip4:z.z.z.z/x
>> etc
>>
>> and your done there is no point obscuring ips further than that
>>
>>
>> >So create a TXT to include _spf.vt.dom for all A records
>> >
>> >so If I need to create new allowed email server, I will just have to
>> create
>> >a record with a dedicated name but with the real public IP address.
>> >
>> >Do you know if it's possible to do that or if there is a way to manage it
>> >without having to change TXT records each time ?
>>
>> txt record(s) are just updated when you add /remove an ip/server from the
>> list, which is hardly often unless your up to something unseemly
>>
>>
>> >THank you.
>> >
>> >
>> >-------------------------------------------
>> >Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>> >Modify Your Subscription: http://www.listbox.com/member/ [
>> http://www.listbox.com/member/]
>> >
>> >Archives: https://www.listbox.com/member/archive/1020/=now
>> >RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>> >Modify Your Subscription: https://www.listbox.com/member/?&
>> >Unsubscribe Now: https://www.listbox.com/unsubscribe/?&
>> >Powered by Listbox: http://www.listbox.com
>>
>>
>>
>> -------------------------------------------
>> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>> Modify Your Subscription: http://www.listbox.com/member/ [
>> http://www.listbox.com/member/]
>>
>> Archives: https://www.listbox.com/member/archive/1020/=now
>> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>> Modify Your Subscription:
>> https://www.listbox.com/member/?&
>> Unsubscribe Now:
>> https://www.listbox.com/unsubscribe/?&
>> Powered by Listbox: http://www.listbox.com
>>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Modify Your Subscription: https://www.listbox.com/member/?&
>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e
Powered by Listbox: http://www.listbox.com
Re: sfp records help on how to ? [ In reply to ]
sorry for the delay but thank you for everything I think I understand better
now how it works...

2010/8/31 alan <spfdiscuss@alandoherty.net>

> At 12:29 31/08/2010 Tuesday, Yann GMAIL wrote:
> >Thank you for your quick reply.
> >
> >so for me I need to :
> >
> >- create dedicated zone like : _spf.vt.dom
> >- add a TXT record in vt.dom zone like : redirect:_spf.vt.com
> >- in _spf.vt.dom I need to create another TXT record vith all the ipv4:
> >addresses
>
> that will work {though equally you could put the text record directly in
> vt.com but it is nicer to have them seperated
>
> >So you can't create a TXT redirect:_spf.vt.dom for vt.dom that will match
> >all A records in the _spf.vt.dom zone ?
>
> again with the a records???
>
> a records allow you to lookup a name and get an ip, what possible use could
> they be in this scenario or any in spf?
>
> {they are only useful if the machine is operated by a 3rd party and has a
> fixed name but changable ip, in this case instead of ip4:x.x.x.x you would
> write A:the-3rd-parties.name.domain {but bear in mind this is 1 more dns
> lookup thus wasteful when unneeded, and spf clients only have a limited
> number of dns lookups allowed {10 or summit like this}}
>
> the client machine knows 2 pieces of information only the ip that connected
> to him, and the domain it is sending him a mail from
> {ok it also knows the helo name it used but you claim to have no control
> over this}
>
> so where and how would it get an name to lookup one of these a records
> for??
>
> why would you want to when its easier to just list all the ips in an spf
> record{s} so that the client can quickly lookup the sending domain and match
> it against the one ip it is receiving from at the moment
>
> {domains: as sometimes its necessary to have really long records split into
>
> _spf1.domain "v=spf1 ip4:..................really long list
> include:_spf2.domain -all"
> _spf2.domain "v=spf1 ip4:........rest of long list..........etc"
>
> some have in the past had enough ip's to require 5 chained records like
> this but its unusual
>
>
> >thanks
> >
> >2010/8/31 alan <spfdiscuss@alandoherty.net>
> >
> >> At 08:31 31/08/2010 Tuesday, Yann GMAIL wrote:
> >> >Hi all,
> >> >
> >> >Thank you first for this forum to exist.
> >> >
> >> >I want to configure an spf record for a new domain and i want to know
> the
> >> >best way to do it without being complicated.
> >> >
> >> >My email domain is : vt.com
> >> >
> >> >my MX records is only : mail.vt.com
> >> >
> >> >I have a lot of outgoing email server that I don't manage directly I
> mean,
> >> >IP addresses, FQDN and EHLO names.
> >>
> >> not so good but also non issue with regard to spf
> >>
> >>
> >> >What I wanted to do was to create a dedicated domain like : _spf.vt.dom
> >> >
> >> >and just create A records in this zone with all allowed outgoing smtp
> >> >server.
> >>
> >> seems pointless as A records are nothing to do with spf?
> >> if you can get/make a list of ips used by the servers you then set your
> spf
> >> to "v=spf1 ip4:x.x.x.x ip4:y.y.y.y ip4:z.z.z.z/x
> >> etc
> >>
> >> and your done there is no point obscuring ips further than that
> >>
> >>
> >> >So create a TXT to include _spf.vt.dom for all A records
> >> >
> >> >so If I need to create new allowed email server, I will just have to
> >> create
> >> >a record with a dedicated name but with the real public IP address.
> >> >
> >> >Do you know if it's possible to do that or if there is a way to manage
> it
> >> >without having to change TXT records each time ?
> >>
> >> txt record(s) are just updated when you add /remove an ip/server from
> the
> >> list, which is hardly often unless your up to something unseemly
> >>
> >>
> >> >THank you.
> >> >
> >> >
> >> >-------------------------------------------
> >> >Sender Policy Framework: http://www.openspf.org [
> http://www.openspf.org]
> >> >Modify Your Subscription: http://www.listbox.com/member/ [
> >> http://www.listbox.com/member/]
> >> >
> >> >Archives: https://www.listbox.com/member/archive/1020/=now
> >> >RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> >> >Modify Your Subscription: https://www.listbox.com/member/?&
> >> >Unsubscribe Now: https://www.listbox.com/unsubscribe/?&
> >> >Powered by Listbox: http://www.listbox.com
> >>
> >>
> >>
> >> -------------------------------------------
> >> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org
> ]
> >> Modify Your Subscription: http://www.listbox.com/member/ [
> >> http://www.listbox.com/member/]
> >>
> >> Archives: https://www.listbox.com/member/archive/1020/=now
> >> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> >> Modify Your Subscription:
> >> https://www.listbox.com/member/?&
> >> Unsubscribe Now:
> >> https://www.listbox.com/unsubscribe/?&
> >> Powered by Listbox: http://www.listbox.com
> >>
> >
> >
> >-------------------------------------------
> >Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> >Modify Your Subscription: http://www.listbox.com/member/ [
> http://www.listbox.com/member/]
> >
> >Archives: https://www.listbox.com/member/archive/1020/=now
> >RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> >Modify Your Subscription: https://www.listbox.com/member/?&
> >Unsubscribe Now: https://www.listbox.com/unsubscribe/?&
> >Powered by Listbox: http://www.listbox.com
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [
> http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Modify Your Subscription:
> https://www.listbox.com/member/?&
> Unsubscribe Now:
> https://www.listbox.com/unsubscribe/?&
> Powered by Listbox: http://www.listbox.com
>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e
Powered by Listbox: http://www.listbox.com