We intend to use SPF initially as a "whitelist" tool, but are interested
in publishing our SPF records soon
after implementation here.
We have one sendmail server with SPF set up. This server operates as an
MTA, receiving mail from the
internet, and transferring mail out as well.
Incoming connections can come from any IP address, which SPF should handle
just fine. However, mail
originating from the inside going out will always come from a 192.168.x.y
address, and will contain our
domain (srs.gov) in the senders address. To me, this means I would need
to publish an SPF record to include
the 192.168.x.y address as a legit mail server address, just to allow our
outbound email to pass. I'm afraid if
I do that, it would be easy for someone to pick that 192.168 address out
of DNS and use it to defeat SPF.
Am I missing something here?
Thanks!
-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
in publishing our SPF records soon
after implementation here.
We have one sendmail server with SPF set up. This server operates as an
MTA, receiving mail from the
internet, and transferring mail out as well.
Incoming connections can come from any IP address, which SPF should handle
just fine. However, mail
originating from the inside going out will always come from a 192.168.x.y
address, and will contain our
domain (srs.gov) in the senders address. To me, this means I would need
to publish an SPF record to include
the 192.168.x.y address as a legit mail server address, just to allow our
outbound email to pass. I'm afraid if
I do that, it would be easy for someone to pick that 192.168 address out
of DNS and use it to defeat SPF.
Am I missing something here?
Thanks!
-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com