Mailing List Archive: The SPF Setup Wizard questions

I want to create the SPF IN TXT that simply says email from our
domains (nacm-bcs.org nacm-or.org creditemps.com pnwcc2004.com etc)
come only from 63.255.174.160/28

The wizard questions are confusing to me. If I specify our IP range
in the ip4 field, will it matter how I answer the a, mx, and ptr
yes/no questions and the "any other servers" fields? In other words,
are these fields "true if a OR b are true", "true if a AND b are
true", or "true only if a is true"? For example, if I specify no to
the first question asking if nacm-bcs.org using 63.255.174.163 sends
mail yet specify in the ip4 field that mail can "otherly" come from
63.255.174.160/28, will my answer to the first question mean that I
absolutely do not send through 63.255.174.163 regardless if the
address is in the range I specified?

If this is correct...

"v=spf1 a mx ip4:63.255.174.160/28 -all"

...should I be able to ask my ISP to add this record for each of our
domain names that we use for email?

Thanks,
C. Frank Bernard

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hi,

On Fri, Jul 23, 2004 at 01:02:36PM -0700, Frank Bernard wrote:
> I want to create the SPF IN TXT that simply says email from our
> domains (nacm-bcs.org nacm-or.org creditemps.com pnwcc2004.com etc)
> come only from 63.255.174.160/28

"v=spf1 ip4:63.255.174.160/28 -all" or "v=spf1 ip4:63.255.174.160/28
~all" if you want to test it out first will suffice for your domains
then. Note that you'll want "v=spf1 -all" on all your other defined
domains from which you never plan to send mail, eg: www.creditemps.com.

> The wizard questions are confusing to me. If I specify our IP range
> in the ip4 field, will it matter how I answer the a, mx, and ptr
> yes/no questions and the "any other servers" fields? In other words,
> are these fields "true if a OR b are true", "true if a AND b are
> true", or "true only if a is true"? For example, if I specify no to
> the first question asking if nacm-bcs.org using 63.255.174.163 sends
> mail yet specify in the ip4 field that mail can "otherly" come from
> 63.255.174.160/28, will my answer to the first question mean that I
> absolutely do not send through 63.255.174.163 regardless if the
> address is in the range I specified?

The answer to your first question will merely imply there will be no a
mechanism in your spf record.

> If this is correct...
>
> "v=spf1 a mx ip4:63.255.174.160/28 -all"
>
> ...should I be able to ask my ISP to add this record for each of our
> domain names that we use for email?

If the IN A of your domains are in 63.255.174.160/28 and if the A
records of your MXes are in 63.255.174.160/28, you can safely leave out
the a and mx options. spf checks from left to right, and stops at the
first accepting mechanism it finds. So for example, if one of your
outgoing email servers contacts mine, and says 'i have mail from bla@xyz.com
with ip 1.2.3.4' and xyz.com IN A is not 1.2.3.4 but xyz.com has MX
m1.xyz.com and m1.xyz.com has IN A 1.2.3.4, it will stop further
checking and PASS the mail.

You might want to check out http://spf.pobox.com/mechanisms.html too.

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com