SPF and domain keys

John Levine johnl at iecc.com
Tue Aug 30 02:15:28 UTC 2016

In article <mailman.116.1472481590.74444.bind-users at lists.isc.org> you write:
>Awesome, Actually one more question. If we allow folks from another domain
>to send as us is there a chance anywhere in any of the email "from" headers
>it would reveal the "true" domian?

The names of their servers will show up in Received headers.  It is a
poor idea to assume that people can't tell where mail is really coming

>> Ideally it is best to use both technologies and then put DMARC on top to
>> ensure reporting and enforcement of the policies.

I agree that it's a good idea to use SPF and DKIM, but unless your
domain is a phish target, which it probably isn't unless you are a
large ISP, mail provider, or bank, DMARC policies are likely to lose
more legitimate mail than fake.

DMARC for reporting only is fine.  You learn all sorts of interesting
stuff that way.


More information about the bind-users mailing list