Mailing List Archive

The Ip address sould be sufficient I believe. We have a mail.Landvest.com
and a mail-server.Landvest.com I believe. Is this what you found.

-----Original Message-----
From: owner-spf-help@v2.listbox.com [mailto:owner-spf-help@v2.listbox.com]
On Behalf Of Kathy Lees
Sent: Wednesday, August 04, 2004 3:42 PM
To: spf-help@v2.listbox.com
Subject: [spf-help] Virtual Domains

We have more than one domain pointing to the same IP address. Will I need to
make an SPF entry for every domain or just the IP address?

Kathy Lees

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Yes these are the 2 mx records that were created for us by AT&T

-----Original Message-----
From: owner-spf-help@v2.listbox.com [mailto:owner-spf-help@v2.listbox.com]
On Behalf Of Patterson, Scott
Sent: Wednesday, August 04, 2004 2:39 PM
To: 'spf-help@v2.listbox.com'
Subject: RE: [spf-help] Virtual Domains

The Ip address sould be sufficient I believe. We have a mail.Landvest.com
and a mail-server.Landvest.com I believe. Is this what you found.

-----Original Message-----
From: owner-spf-help@v2.listbox.com [mailto:owner-spf-help@v2.listbox.com]
On Behalf Of Kathy Lees
Sent: Wednesday, August 04, 2004 3:42 PM
To: spf-help@v2.listbox.com
Subject: [spf-help] Virtual Domains

We have more than one domain pointing to the same IP address. Will I need to
make an SPF entry for every domain or just the IP address?

Kathy Lees

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

There are only 2. There will never be more than that.

-----Original Message-----
From: owner-spf-help@v2.listbox.com [mailto:owner-spf-help@v2.listbox.com]
On Behalf Of Kathy Lees
Sent: Wednesday, August 04, 2004 3:54 PM
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] Virtual Domains

So if we have hundreds of domains pointing to the same IP, it is going to be
long and tedious, especially adding and removing those that we don't use
anymore.

-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com]On Behalf Of Per Thomsen
Sent: Wednesday, August 04, 2004 11:55 AM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Virtual Domains


On 8/4/04 12:41 PM, Kathy Lees wrote:

>We have more than one domain pointing to the same IP address. Will I need
to
>make an SPF entry for every domain or just the IP address?
>
>
Kathy,
If your mail server is sending mail for multiple domains, you will need
one record for each domain.

So if you send mail for a.com and b.com from 1.23.45.67, you could have
the following SPF records:

a.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"
b.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"

Or, you could use your MX records (if that makes sense in your case):

a.com. IN TXT "v=spf1 mx -all"
b.com. IN TXT "v=spf1 mx -all"

Hope this helps.

Thanks,
Per

--
Per Reedtz Thomsen | The Reedtz Corporation | F: 209 883 4119
V: 209 883 4102 | pthomsen@reedtz.com | C: 415 425 4025
GPG ID: 1209784F | Yahoo! Chat: pthomsen | AIM: pthomsen

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On 8/4/04 12:41 PM, Kathy Lees wrote:

>We have more than one domain pointing to the same IP address. Will I need to
>make an SPF entry for every domain or just the IP address?
>
>
Kathy,
If your mail server is sending mail for multiple domains, you will need
one record for each domain.

So if you send mail for a.com and b.com from 1.23.45.67, you could have
the following SPF records:

a.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"
b.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"

Or, you could use your MX records (if that makes sense in your case):

a.com. IN TXT "v=spf1 mx -all"
b.com. IN TXT "v=spf1 mx -all"

Hope this helps.

Thanks,
Per

--
Per Reedtz Thomsen | The Reedtz Corporation | F: 209 883 4119
V: 209 883 4102 | pthomsen@reedtz.com | C: 415 425 4025
GPG ID: 1209784F | Yahoo! Chat: pthomsen | AIM: pthomsen

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hola - I'm a newbie and just joined.

I've added the mx record to my zonefile by writing a short php script which
did it for all the domains for me. I restarted bind with no hiccups and I
just want to know if I need to do anything else?

I added:-
idimo.com. IN TXT "v=spf1 mx -all"
on *not* the last line (Bind bug apparently?).

Thanks in advance :-)


Slainte,

JohnP.
johnp@idimo.com
ICQ 313355492


----- Original Message -----
From: "Kathy Lees" <klees@ltcconnection.com>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, August 04, 2004 9:53 PM
Subject: RE: [spf-help] Virtual Domains


> So if we have hundreds of domains pointing to the same IP, it is going to
be
> long and tedious, especially adding and removing those that we don't use
> anymore.
>
> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Per Thomsen
> Sent: Wednesday, August 04, 2004 11:55 AM
> To: spf-help@v2.listbox.com
> Subject: Re: [spf-help] Virtual Domains
>
>
> On 8/4/04 12:41 PM, Kathy Lees wrote:
>
> >We have more than one domain pointing to the same IP address. Will I need
> to
> >make an SPF entry for every domain or just the IP address?
> >
> >
> Kathy,
> If your mail server is sending mail for multiple domains, you will need
> one record for each domain.
>
> So if you send mail for a.com and b.com from 1.23.45.67, you could have
> the following SPF records:
>
> a.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"
> b.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"
>
> Or, you could use your MX records (if that makes sense in your case):
>
> a.com. IN TXT "v=spf1 mx -all"
> b.com. IN TXT "v=spf1 mx -all"
>
> Hope this helps.
>
> Thanks,
> Per
>
> --
> Per Reedtz Thomsen | The Reedtz Corporation | F: 209 883 4119
> V: 209 883 4102 | pthomsen@reedtz.com | C: 415 425 4025
> GPG ID: 1209784F | Yahoo! Chat: pthomsen | AIM: pthomsen
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
subscription,
> please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Kathy,

Yes, you will need one SPF TXT record for each and every domain that you want to 'protect'.

> a.com. IN TXT "v=spf1 mx -all"
> b.com. IN TXT "v=spf1 mx -all"
> c.com. IN TXT "v=spf1 mx -all"
> d.com. IN TXT "v=spf1 mx -all"
etc.

Marc
>
> From: "Kathy Lees" <klees@ltcconnection.com>
> Date: 2004/08/04 Wed PM 03:53:37 EDT
> To: <spf-help@v2.listbox.com>
> Subject: RE: [spf-help] Virtual Domains
>
> So if we have hundreds of domains pointing to the same IP, it is going to be
> long and tedious, especially adding and removing those that we don't use
> anymore.
>
> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Per Thomsen
> Sent: Wednesday, August 04, 2004 11:55 AM
> To: spf-help@v2.listbox.com
> Subject: Re: [spf-help] Virtual Domains
>
>
> On 8/4/04 12:41 PM, Kathy Lees wrote:
>
> >We have more than one domain pointing to the same IP address. Will I need
> to
> >make an SPF entry for every domain or just the IP address?
> >
> >
> Kathy,
> If your mail server is sending mail for multiple domains, you will need
> one record for each domain.
>
> So if you send mail for a.com and b.com from 1.23.45.67, you could have
> the following SPF records:
>
> a.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"
> b.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"
>
> Or, you could use your MX records (if that makes sense in your case):
>
> a.com. IN TXT "v=spf1 mx -all"
> b.com. IN TXT "v=spf1 mx -all"
>
> Hope this helps.
>
> Thanks,
> Per
>
> --
> Per Reedtz Thomsen | The Reedtz Corporation | F: 209 883 4119
> V: 209 883 4102 | pthomsen@reedtz.com | C: 415 425 4025
> GPG ID: 1209784F | Yahoo! Chat: pthomsen | AIM: pthomsen
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

So if we have hundreds of domains pointing to the same IP, it is going to be
long and tedious, especially adding and removing those that we don't use
anymore.

-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com]On Behalf Of Per Thomsen
Sent: Wednesday, August 04, 2004 11:55 AM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Virtual Domains


On 8/4/04 12:41 PM, Kathy Lees wrote:

>We have more than one domain pointing to the same IP address. Will I need
to
>make an SPF entry for every domain or just the IP address?
>
>
Kathy,
If your mail server is sending mail for multiple domains, you will need
one record for each domain.

So if you send mail for a.com and b.com from 1.23.45.67, you could have
the following SPF records:

a.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"
b.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"

Or, you could use your MX records (if that makes sense in your case):

a.com. IN TXT "v=spf1 mx -all"
b.com. IN TXT "v=spf1 mx -all"

Hope this helps.

Thanks,
Per

--
Per Reedtz Thomsen | The Reedtz Corporation | F: 209 883 4119
V: 209 883 4102 | pthomsen@reedtz.com | C: 415 425 4025
GPG ID: 1209784F | Yahoo! Chat: pthomsen | AIM: pthomsen

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Scott, What I mean is say we have 3 domains

www.scott.com
www.kathy.com
www.jane.com

They all point to one IP on our system cause our websites are in a database.
They all have email set up on our system. Do I need a seperate SPF record
for each one?

-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com]On Behalf Of Patterson, Scott
Sent: Wednesday, August 04, 2004 11:51 AM
To: 'spf-help@v2.listbox.com'
Subject: RE: [spf-help] Virtual Domains


There are only 2. There will never be more than that.

-----Original Message-----
From: owner-spf-help@v2.listbox.com [mailto:owner-spf-help@v2.listbox.com]
On Behalf Of Kathy Lees
Sent: Wednesday, August 04, 2004 3:54 PM
To: spf-help@v2.listbox.com
Subject: RE: [spf-help] Virtual Domains

So if we have hundreds of domains pointing to the same IP, it is going to be
long and tedious, especially adding and removing those that we don't use
anymore.

-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com]On Behalf Of Per Thomsen
Sent: Wednesday, August 04, 2004 11:55 AM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] Virtual Domains


On 8/4/04 12:41 PM, Kathy Lees wrote:

>We have more than one domain pointing to the same IP address. Will I need
to
>make an SPF entry for every domain or just the IP address?
>
>
Kathy,
If your mail server is sending mail for multiple domains, you will need
one record for each domain.

So if you send mail for a.com and b.com from 1.23.45.67, you could have
the following SPF records:

a.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"
b.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"

Or, you could use your MX records (if that makes sense in your case):

a.com. IN TXT "v=spf1 mx -all"
b.com. IN TXT "v=spf1 mx -all"

Hope this helps.

Thanks,
Per

--
Per Reedtz Thomsen | The Reedtz Corporation | F: 209 883 4119
V: 209 883 4102 | pthomsen@reedtz.com | C: 415 425 4025
GPG ID: 1209784F | Yahoo! Chat: pthomsen | AIM: pthomsen

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Scott,

I'm not sure what you are saying, but she will need one TXT record for each and every domain that she owns. Furthermore, to be covered properly, she should have a TXT record for each and every HOST that she has defined. (Sorry for the bad news, Kathy). What I mean by that is if you have (before SPF):
www.scott.com IN A 1.2.3.4
scott.com IN MX commonmx.hoster.com
www.kathy.com IN A 1.2.3.4
kathy.com IN MX commonmx.hoster.com
www.jane.com IN A 1.2.3.4
jane.com IN MX commonmx.hoster.com

You should have an SPF record for each and every one of the above domains so that (after):
www.scott.com IN A 1.2.3.4
www.scott.com IN TXT "v=spf1 -all"
scott.com IN MX commonmx.hoster.com
scott.com IN TXT "v=spf1 mx -all"
www.kathy.com IN A 1.2.3.4
www.kathy.com IN TXT "v=spf1 -all"
kathy.com IN MX commonmx.hoster.com
kathy.com IN TXT "v=spf1 mx -all"
www.jane.com IN A 1.2.3.4
www.jane.com IN TXT "v=spf1 -all"
jane.com IN MX commonmx.hoster.com
jane.com IN TXT "v=spf1 mx -all"

notice that the 'domain.com' records are "v=spf1 mx -all" to allow the mx records to send mail, but the 'www.domain.com' records are "v=spf1 -all" so that NO mail is permitted from john@www.domain.com.

Hope that helps....

Marc
>
> From: "Patterson, Scott" <SPatterson@Landvest.com>
> Date: 2004/08/04 Wed PM 02:50:53 EDT
> To: "'spf-help@v2.listbox.com'" <spf-help@v2.listbox.com>
> Subject: RE: [spf-help] Virtual Domains
>
> There are only 2. There will never be more than that.
>
> -----Original Message-----
> From: owner-spf-help@v2.listbox.com [mailto:owner-spf-help@v2.listbox.com]
> On Behalf Of Kathy Lees
> Sent: Wednesday, August 04, 2004 3:54 PM
> To: spf-help@v2.listbox.com
> Subject: RE: [spf-help] Virtual Domains
>
> So if we have hundreds of domains pointing to the same IP, it is going to be
> long and tedious, especially adding and removing those that we don't use
> anymore.
>
> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Per Thomsen
> Sent: Wednesday, August 04, 2004 11:55 AM
> To: spf-help@v2.listbox.com
> Subject: Re: [spf-help] Virtual Domains
>
>
> On 8/4/04 12:41 PM, Kathy Lees wrote:
>
> >We have more than one domain pointing to the same IP address. Will I need
> to
> >make an SPF entry for every domain or just the IP address?
> >
> >
> Kathy,
> If your mail server is sending mail for multiple domains, you will need
> one record for each domain.
>
> So if you send mail for a.com and b.com from 1.23.45.67, you could have
> the following SPF records:
>
> a.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"
> b.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"
>
> Or, you could use your MX records (if that makes sense in your case):
>
> a.com. IN TXT "v=spf1 mx -all"
> b.com. IN TXT "v=spf1 mx -all"
>
> Hope this helps.
>
> Thanks,
> Per
>
> --
> Per Reedtz Thomsen | The Reedtz Corporation | F: 209 883 4119
> V: 209 883 4102 | pthomsen@reedtz.com | C: 415 425 4025
> GPG ID: 1209784F | Yahoo! Chat: pthomsen | AIM: pthomsen
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

John,

What you have just done will help protect your domain(s) from being forged, but you also probably need to begin running SPF checks on your inbound email. There's good information at http://spf.pobox.com/whatdoes.html. Read "check SPF for incoming mail"

Marc
>
> From: "jpinkerton" <johnp@idimo.com>
> Date: 2004/08/04 Wed PM 03:07:53 EDT
> To: <spf-help@v2.listbox.com>
> Subject: Re: [spf-help] Virtual Domains
>
> Hola - I'm a newbie and just joined.
>
> I've added the mx record to my zonefile by writing a short php script which
> did it for all the domains for me. I restarted bind with no hiccups and I
> just want to know if I need to do anything else?
>
> I added:-
> idimo.com. IN TXT "v=spf1 mx -all"
> on *not* the last line (Bind bug apparently?).
>
> Thanks in advance :-)
>
>
> Slainte,
>
> JohnP.
> johnp@idimo.com
> ICQ 313355492
>
>
> ----- Original Message -----
> From: "Kathy Lees" <klees@ltcconnection.com>
> To: <spf-help@v2.listbox.com>
> Sent: Wednesday, August 04, 2004 9:53 PM
> Subject: RE: [spf-help] Virtual Domains
>
>
> > So if we have hundreds of domains pointing to the same IP, it is going to
> be
> > long and tedious, especially adding and removing those that we don't use
> > anymore.
> >
> > -----Original Message-----
> > From: owner-spf-help@v2.listbox.com
> > [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Per Thomsen
> > Sent: Wednesday, August 04, 2004 11:55 AM
> > To: spf-help@v2.listbox.com
> > Subject: Re: [spf-help] Virtual Domains
> >
> >
> > On 8/4/04 12:41 PM, Kathy Lees wrote:
> >
> > >We have more than one domain pointing to the same IP address. Will I need
> > to
> > >make an SPF entry for every domain or just the IP address?
> > >
> > >
> > Kathy,
> > If your mail server is sending mail for multiple domains, you will need
> > one record for each domain.
> >
> > So if you send mail for a.com and b.com from 1.23.45.67, you could have
> > the following SPF records:
> >
> > a.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"
> > b.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"
> >
> > Or, you could use your MX records (if that makes sense in your case):
> >
> > a.com. IN TXT "v=spf1 mx -all"
> > b.com. IN TXT "v=spf1 mx -all"
> >
> > Hope this helps.
> >
> > Thanks,
> > Per
> >
> > --
> > Per Reedtz Thomsen | The Reedtz Corporation | F: 209 883 4119
> > V: 209 883 4102 | pthomsen@reedtz.com | C: 415 425 4025
> > GPG ID: 1209784F | Yahoo! Chat: pthomsen | AIM: pthomsen
> >
> > -------
> > Archives at http://archives.listbox.com/spf-help/current/
> > Donate! http://spf.pobox.com/donations.html
> > To unsubscribe, change your address, or temporarily deactivate your
> > subscription,
> > please go to
> http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
> >
> >
> > -------
> > Archives at http://archives.listbox.com/spf-help/current/
> > Donate! http://spf.pobox.com/donations.html
> > To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> > please go to
> http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Many thanks Marc - I'll need to liaise with the other users of our server
before I go messing with sendmail ;-) At least my domains can't be spoofed
to now, isn't that it?


Slainte,

JohnP.
johnp@idimo.com
ICQ 313355492


----- Original Message -----
From: <marc@alaia.net>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, August 04, 2004 9:29 PM
Subject: Re: Re: [spf-help] Virtual Domains


> John,
>
> What you have just done will help protect your domain(s) from being
forged, but you also probably need to begin running SPF checks on your
inbound email. There's good information at
http://spf.pobox.com/whatdoes.html. Read "check SPF for incoming mail"
>
> Marc
> >
> > From: "jpinkerton" <johnp@idimo.com>
> > Date: 2004/08/04 Wed PM 03:07:53 EDT
> > To: <spf-help@v2.listbox.com>
> > Subject: Re: [spf-help] Virtual Domains
> >
> > Hola - I'm a newbie and just joined.
> >
> > I've added the mx record to my zonefile by writing a short php script
which
> > did it for all the domains for me. I restarted bind with no hiccups and
I
> > just want to know if I need to do anything else?
> >
> > I added:-
> > idimo.com. IN TXT "v=spf1 mx -all"
> > on *not* the last line (Bind bug apparently?).
> >
> > Thanks in advance :-)
> >
> >
> > Slainte,
> >
> > JohnP.
> > johnp@idimo.com
> > ICQ 313355492
> > @v2.listbox.com

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Wed, Aug 04, 2004 at 12:53:37PM -0700,
Kathy Lees <klees@ltcconnection.com> wrote
a message of 57 lines which said:

> So if we have hundreds of domains pointing to the same IP, it is
> going to be long and tedious, especially adding and removing those
> that we don't use anymore.

People who manages hundreds of domains do not do it by hand! They know
how to write a script in Perl/Python/Ruby/whatever and they use this
program to generate the zone files. (Or they use a templating system
like M4 or Cheetah.)

It is specially important if you use SPF mechanisms like ip4. Because
you put actual IP addresses in the SPF record and you have to remember
to change them when you renumber. Either you automate the creation of
the SPF record or you use only a or mx, which are more convenient.

Two other tricks:

1) (Works with BIND). Make all your zone files but one be symbolic
links to the "master" one:

/etc/bind/zones% ls -l
-rw-r--r-- 1 root root 353 Jun 18 09:38 a.com
lrwxrwxrwx 1 root root 13 Aug 12 2003 b.com -> a.com
lrwxrwxrwx 1 root root 13 Aug 12 2003 c.com -> a.com

It works perfectly if you have only relative names in the zone files,
for instance:

@ IN NS my.name.server.
IN TXT "v=spf1 mx ?all"
www IN A 192.168.1.1

But not:

www.a.com. IN A 192.168.1.1

which would prevent this technique to work.

With this method, you only have one file to edit to add SPF records to
all your domains.

2) A SPF-specific trick: SPF records can refer to other records, for
instance with the include or redirect mechanism. It helps to factor
your definitions, which is useful if they are complicated.

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Yes,

You need spf for each (sub-) domain you want to protect from forgery.
If you send out mail from scott.com, you need spf on scott.com saying
which server is allowed to send mail from @scott.com. Same goes for
kathy.com, you'll need spf record on kathy.com saying which server is
allowed to send mail from kathy.com.

You'll probably also want an spf record that says you _never_ send mail
from @www.scott.com, same for kathy.com etc..

If you also have some other explicit domains (not wildcards), like
webcam.jane.com, you'll need an spf record for webcam.jane.com,
specifying whether or not you want to send mail from it and if yes from
which servers.

See also: http://spf.pobox.com/faq#allsmtp

Koen


On Wed, Aug 04, 2004 at 01:10:41PM -0700, Kathy Lees wrote:
> Scott, What I mean is say we have 3 domains
>
> www.scott.com
> www.kathy.com
> www.jane.com
>
> They all point to one IP on our system cause our websites are in a database.
> They all have email set up on our system. Do I need a seperate SPF record
> for each one?
>
> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Patterson, Scott
> Sent: Wednesday, August 04, 2004 11:51 AM
> To: 'spf-help@v2.listbox.com'
> Subject: RE: [spf-help] Virtual Domains
>
>
> There are only 2. There will never be more than that.
>
> -----Original Message-----
> From: owner-spf-help@v2.listbox.com [mailto:owner-spf-help@v2.listbox.com]
> On Behalf Of Kathy Lees
> Sent: Wednesday, August 04, 2004 3:54 PM
> To: spf-help@v2.listbox.com
> Subject: RE: [spf-help] Virtual Domains
>
> So if we have hundreds of domains pointing to the same IP, it is going to be
> long and tedious, especially adding and removing those that we don't use
> anymore.
>
> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Per Thomsen
> Sent: Wednesday, August 04, 2004 11:55 AM
> To: spf-help@v2.listbox.com
> Subject: Re: [spf-help] Virtual Domains
>
>
> On 8/4/04 12:41 PM, Kathy Lees wrote:
>
> >We have more than one domain pointing to the same IP address. Will I need
> to
> >make an SPF entry for every domain or just the IP address?
> >
> >
> Kathy,
> If your mail server is sending mail for multiple domains, you will need
> one record for each domain.
>
> So if you send mail for a.com and b.com from 1.23.45.67, you could have
> the following SPF records:
>
> a.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"
> b.com. IN TXT "v=spf1 ip4:1.23.45.67 -all"
>
> Or, you could use your MX records (if that makes sense in your case):
>
> a.com. IN TXT "v=spf1 mx -all"
> b.com. IN TXT "v=spf1 mx -all"
>
> Hope this helps.
>
> Thanks,
> Per
>
> --
> Per Reedtz Thomsen | The Reedtz Corporation | F: 209 883 4119
> V: 209 883 4102 | pthomsen@reedtz.com | C: 415 425 4025
> GPG ID: 1209784F | Yahoo! Chat: pthomsen | AIM: pthomsen
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
> subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Again a quick note, it's been mentioned a couple of times already:

you will need spf records on all domains and subdomains.

If you have for example an explicit IN A record in your dns for
something.idimo.com, you'll have to publish an IN TXT with spf info for
that subdomein too.

Koen

On Wed, Aug 04, 2004 at 09:38:52PM +0200, jpinkerton wrote:
> Many thanks Marc - I'll need to liaise with the other users of our server
> before I go messing with sendmail ;-) At least my domains can't be spoofed
> to now, isn't that it?
>
>
> Slainte,
>
> JohnP.
> johnp@idimo.com
> ICQ 313355492
>
>
> ----- Original Message -----
> From: <marc@alaia.net>
> To: <spf-help@v2.listbox.com>
> Sent: Wednesday, August 04, 2004 9:29 PM
> Subject: Re: Re: [spf-help] Virtual Domains
>
>
> > John,
> >
> > What you have just done will help protect your domain(s) from being
> forged, but you also probably need to begin running SPF checks on your
> inbound email. There's good information at
> http://spf.pobox.com/whatdoes.html. Read "check SPF for incoming mail"
> >
> > Marc
> > >
> > > From: "jpinkerton" <johnp@idimo.com>
> > > Date: 2004/08/04 Wed PM 03:07:53 EDT
> > > To: <spf-help@v2.listbox.com>
> > > Subject: Re: [spf-help] Virtual Domains
> > >
> > > Hola - I'm a newbie and just joined.
> > >
> > > I've added the mx record to my zonefile by writing a short php script
> which
> > > did it for all the domains for me. I restarted bind with no hiccups and
> I
> > > just want to know if I need to do anything else?
> > >
> > > I added:-
> > > idimo.com. IN TXT "v=spf1 mx -all"
> > > on *not* the last line (Bind bug apparently?).
> > >
> > > Thanks in advance :-)
> > >
> > >
> > > Slainte,
> > >
> > > JohnP.
> > > johnp@idimo.com
> > > ICQ 313355492
> > > @v2.listbox.com
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Ah - getting more complicated then. I have cnames on idimo.com, but they do
not send or receive emails. They all use the main name - like a website
called www.client.idimo.com will use an email address of client@idimo.com to
send and receive mails (*not* client@client.idimo.com ). So - do I have to
bother with the cnames when they don't send mail anyway, or is their some
wildcard trick like *.idimo.com? And I obviously have www.idimo.com - but
the mail address is not johnp@www.idimo.com, so do I have to do that one
too?


Slainte,

JohnP.
johnp@idimo.com
ICQ 313355492


----- Original Message -----
From: "Koen Martens" <spf@metro.cx>
To: <spf-help@v2.listbox.com>
Sent: Wednesday, August 04, 2004 10:08 PM
Subject: Re: Re: [spf-help] Virtual Domains


> Again a quick note, it's been mentioned a couple of times already:
>
> you will need spf records on all domains and subdomains.
>
> If you have for example an explicit IN A record in your dns for
> something.idimo.com, you'll have to publish an IN TXT with spf info for
> that subdomein too.
>
> Koen
>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

> you will need spf records on all domains and subdomains.
>
> If you have for example an explicit IN A record in your dns
> for something.idimo.com, you'll have to publish an IN TXT
> with spf info for that subdomein too.
>
> Koen

Why would you need to do that if you never intend to send mail from those
subdomains? If someone is spoofing the subdomain name, then I would expect
the lack of an SPF record to result in a fail.


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Ok,

For cname's it's simple: you can't even put any other record on a
(sub)domain that is a CNAME. What happens is that for CNAME's the spf
record of the domain the CNAME points to is used.

About your www., if it is a cname, the above applies. If it is an A
record, you'll have to put spf on it. If it's a wildcard, you should
also publish spf on the wildcard (*) domain.

Note that if you have *.idimo.com IN A and www.idimo.com, publishging
spf for *.idimo.com does not carry over to www.idimo.com, you'll have to
explicitly create a TXT for www.idimo.com then..

Koen

On Wed, Aug 04, 2004 at 10:21:28PM +0200, jpinkerton wrote:
> Ah - getting more complicated then. I have cnames on idimo.com, but they do
> not send or receive emails. They all use the main name - like a website
> called www.client.idimo.com will use an email address of client@idimo.com to
> send and receive mails (*not* client@client.idimo.com ). So - do I have to
> bother with the cnames when they don't send mail anyway, or is their some
> wildcard trick like *.idimo.com? And I obviously have www.idimo.com - but
> the mail address is not johnp@www.idimo.com, so do I have to do that one
> too?
>
>
> Slainte,
>
> JohnP.
> johnp@idimo.com
> ICQ 313355492
>
>
> ----- Original Message -----
> From: "Koen Martens" <spf@metro.cx>
> To: <spf-help@v2.listbox.com>
> Sent: Wednesday, August 04, 2004 10:08 PM
> Subject: Re: Re: [spf-help] Virtual Domains
>
>
> > Again a quick note, it's been mentioned a couple of times already:
> >
> > you will need spf records on all domains and subdomains.
> >
> > If you have for example an explicit IN A record in your dns for
> > something.idimo.com, you'll have to publish an IN TXT with spf info for
> > that subdomein too.
> >
> > Koen
> >
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Wed, Aug 04, 2004 at 09:25:38PM +0100, Mark Smith wrote:
> > you will need spf records on all domains and subdomains.
> >
> > If you have for example an explicit IN A record in your dns
> > for something.idimo.com, you'll have to publish an IN TXT
> > with spf info for that subdomein too.
> >
> > Koen
>
> Why would you need to do that if you never intend to send mail from those
> subdomains? If someone is spoofing the subdomain name, then I would expect
> the lack of an SPF record to result in a fail.

You can not reject because of a lack of spf records, simply because
there are not enough published spf records yet. It is not adviced to
reject due to a lack of spf records, as this will most certainly reject
valid mail at this time.

In the (hopefully near) future, when most (or all) domains do publish
spf, rejecting due to a lack of spf records becomes feasible. Before
that, be sure to only reject on FAIL and nothing else.

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

From: "Koen Martens" <spf@metro.cx>

>
> For cname's it's simple: you can't even put any other record on a
> (sub)domain that is a CNAME. What happens is that for CNAME's the spf
> record of the domain the CNAME points to is used.

That's a pity - I use A records when a client wants a website, because it
dns is happier with that rather than a cname, so I'll have to go through the
list and selectively add the spf record to each A record - including www and
*.


> In the (hopefully near) future, when most (or all) domains do publish
> spf, rejecting due to a lack of spf records becomes feasible. Before
> that, be sure to only reject on FAIL and nothing else.

Heh - that explains it - thanks Koen. When the rest of the world have woken
up and are using spf, then we can reject on a lack of spf record - cool -
roll on the day !! Meantime I'll cover all my A records with spf records,
and reject only on FAIL.



Slainte,

JohnP.
johnp@idimo.com
ICQ 313355492

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Wed, 4 Aug 2004, Kathy Lees wrote:

> So if we have hundreds of domains pointing to the same IP, it is going to be
> long and tedious, especially adding and removing those that we don't use
> anymore.

It's no more tedious or laborious than publishing MX records for those
domains to point to the same IP address. In fact, it can be automated
with the same tools.

--

Nico Kadel-Garcia
Systems Engineer
Mitsubish Electric Research Lab
<nkadel@merl.com>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Wed, 4 Aug 2004, Stephane Bortzmeyer wrote:

> On Wed, Aug 04, 2004 at 12:53:37PM -0700,
> Kathy Lees <klees@ltcconnection.com> wrote
> a message of 57 lines which said:
>
>> So if we have hundreds of domains pointing to the same IP, it is
>> going to be long and tedious, especially adding and removing those
>> that we don't use anymore.
>
> People who manages hundreds of domains do not do it by hand! They know
> how to write a script in Perl/Python/Ruby/whatever and they use this
> program to generate the zone files. (Or they use a templating system
> like M4 or Cheetah.)

I use "make" to keep the dependencies straight. Getting "$GENERATE" to
do the right thing was a bitch and a half, and I bless the author of
"mkrdns" for building a tool that automagically does the reverse DNS
with sanity checks.

--

Nico Kadel-Garcia
Systems Engineer
Mitsubish Electric Research Lab
<nkadel@merl.com>

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com