SPF/TXT records

Jeff Lightner jlightner at water.com
Thu Jun 18 19:06:14 UTC 2009 

I'm assuming you mean it would be rejected if you didn't have an SPF
record for the company mail server in addition to the record for the
home consultancy?

I'll look into the SPF debate - I hadn't heard suggestions NOT to use it
before - simply had never implemented it because it wasn't high
priority.

-----Original Message-----
From: Joseph S D Yao [mailto:jsdy at tux.org] 
Sent: Thursday, June 18, 2009 12:43 PM
To: Jeff Lightner
Cc: bind-users at lists.isc.org
Subject: Re: SPF/TXT records

On Thu, Jun 18, 2009 at 12:22:26PM -0400, Jeff Lightner wrote:
> We don't allow "all servers" to send email at all.  They have to
> specifically be configured to send and relay to the Exchange server
> which itself must be configured to allow them.
> 
> The domain, waterinvoice.com is not in general use but is used by one
> server (and a test server on occasion) to send automated emails to
> customers that request them.  There are no users sending with that
> domain except in test scenarios.  
> 
> My question actually arose in response to a third party marketing
> company that is asking us to set up an SPF record for a third domain
we
> purchased.  The SPF record for them is fairly straight forward but it
> made me wonder if I wanted to implement SPF for internally generated
> emails which hosts should be listed.


If it has not already been mentioned, please see the furious debate over
whether SPF should ever be installed.  I'm sure Google can provide
plenty of references.  The choice is, of course, yours [and your
customer's].

Receiving mail servers configured with SPF will reject all mail listed
in the [easily edited] mail header from X domain that is not listed in
the SPF record for X domain.  E.g., if you want all your e-mail to go to
your home-consultancy e-mail account, so you set up your laptop to use
	From: jeff at home-consultancy.example
but hook it up to the company mail server, and there is an SPF record
for home-consultancy.example [which you don't control] that says mail
ONLY comes from pegasus.home-consultancy.example - then any e-mail you
send via the company's mail server [which has a policy allowing this
OBTW], but sent as if from your home office, will be rejected by said
mail servers.


-- 
/*********************************************************************\
**
** Joe Yao				jsdy at tux.org - Joseph S. D. Yao
**
\*********************************************************************/
 
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

More information about the bind-users mailing list