Need DNS records help for single server (and IP), and multi-domain mail server.

Reindl Harald h.reindl at thelounge.net
Wed Aug 23 23:40:25 UTC 2017


Am 23.08.2017 um 21:58 schrieb John Miller:
> Finally, be _very_ careful about using the SPF qualifier "-all" to
> start out with.  What you're saying there is that the only server
> authorized to _send_ mail for X.TLD is the one listed in the MX.
> Unless people are always logging directly into the mail server to
> send, you're better off with "~all" or "?all" to begin with

for the sake of god don't use "?all"
in that case you can skip SPF completly

why?

because a receiver can't use whitelist based on SPF because 
whitelist_auth in SpamAssassin just skip a "i do not care about SPF" 
record while "~all" qualifies for SPF_PASS and whitelisting while the 
scoring of a SPF_SOFT_FAIL is much lower than SPF_FAIL

"?all" is the same as not have a SPF record at all in reality

and in 2017 people *have* to use the submission server which belongs to 
a domain and not any random one while any random one should not allow to 
send mail with a foreign envelope to start with - all that crap sevrers 
shoukd be banned from the internet and spamfiltering would become so 
much easier


More information about the bind-users mailing list