Mailing List Archive

Hello,

I'm just fining out aobut SPF. And I've already noticed that it requires
a DNS server. However, due to the fact that my server runs on a dynamic
IP which is tracked by a dynamic IP service, in my case NO-IP, which
attached my domainname, dalive.com, to my IP (which for the record does
not change very often).

In such a situation as mine, how would I implement SPF? I'm using
Postfix as my MTA and Linux (Fedora Core 2) as my OS.

Please advise
Thank you


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Tue, Jun 22, 2004 at 07:07:33AM -0400, DALive Editor wrote:
> I'm just fining out aobut SPF. And I've already noticed that it requires
> a DNS server. However, due to the fact that my server runs on a dynamic
> IP which is tracked by a dynamic IP service, in my case NO-IP, which
> attached my domainname, dalive.com, to my IP (which for the record does
> not change very often).
>
> In such a situation as mine, how would I implement SPF? I'm using
> Postfix as my MTA and Linux (Fedora Core 2) as my OS.

The last part is no problem, you can have your MTA checking for SPF with the standard tools no matter your dns.

For publishing spf however, you should ask your DNS provider (NO-IP) to publish the SPF record for your domain.

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Arturo P wrote:

> In such a situation as mine, how would I implement SPF?

Actually there are two independent parts: You can check
incoming mail against the sender policy (= SPF record) of
the domain in the MAIL FROM (resp. the HELO / EHLO if the
MAIL FROM is empty in a bounce).

So if you get MAIL FROM:<spammer@xyzzy.claranet.de> and
the IP is not one of the IPs in my sender policy, then
the SPF check returns FAIL (in the case of my address),
and you could reject it. Whatever you do, don't bounce
it to me, that's the idea... ;-)

Test the 1st part at <http://spf.pobox.com/why.html>

The 2nd part of SPF is your own sender policy published
by you for your outgoing mail. I don't know NO-IP, but
with the "custom DNS" system at DynDNS you could define
a sender policy "v=spf1 a mx ~all", that's just a DNS
TXT record for your domain dalive.com

Now if I get MAIL FROM:<spammer@dalive.com> and the IP
neither matches your actual IP nor a IP of your MX, then
I'd get a "SPF SOFTFAIL" by the ~all at the end of your
sender policy. Good for testing, but as soon as you are
sure what you're doing it would be better to use -all
for a FAIL instead of ~all for a SOFTFAIL

Again the idea is "never bounce after a FAIL", because
the MAIL FROM is forged.

Traps and pitfalls: the sender policy for dalive.com
won't cover www.dalive.com / mail.dalive.com / etc. If
you need a wildcard solution, then you need a separate
wildcard sender policy like "v=spf1 redirect=dalive.com"
or simply copy the "v=spf1 a mx ~all".

And if you use "v=spf1 a mx -all", then you can't use
your MAIL FROM:<valid@dalive.com> with other providers.

For the 2nd part use <http://spf.pobox.com/wizard.html>

Bye, Frank


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Tue, 2004-06-22 at 06:34, Arturo P wrote:
> Hello,
>
> I'm just fining out aobut SPF. And I've already noticed that it requires
> a DNS server.

Just if you want spammers not to use your domain name... your reputation
could answer this ;)

> However, due to the fact that my server runs on a dynamic
> IP which is tracked by a dynamic IP service, in my case NO-IP, which
> attached my domainname, dalive.com, to my IP (which for the record does
> not change very often).

Can't you change your domain's dalive.com DNS registers? Maybe you can
insert TXT registers, so the DNS part could be working in such case.

>
> In such a situation as mine, how would I implement SPF? I'm using
> Postfix as my MTA and Linux (Fedora Core 2) as my OS.

About postfix you've got enough information in spf.pobox.com.

Hope this help you.

>
> Please advise
> Thank you
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com