M
MN
Hi.
Can anyone describe the function of SPFand how to implement that
//Mariah
Can anyone describe the function of SPFand how to implement that
//Mariah
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
K
Kevin D. Goodknecht Sr. [MVP]
In
When a mail server that supports SPF lookups receives mail from a mail
server, it looks in the domain zone for the SPF text record to see if the
sending mail server has authority by either its IP address or MX record to
send mail for the domain name in the senders E-mail address.
If the mail server supports rejecting mail and you have configured it to do
so based on the SPF or MX lookup failure, then your mail server will reject
the E-mail with this error "Failed authorisation: Sender IP xxx.xxx.xxx.xxx
does not legitimately deliver for domain xxxx.org - rejecting"
Whether your mail server supports this or not, you should configure an SPF
record for your mail domain so other mail servers can verify SPF.
Go to http://spf.pobox.com and run the SPF wizard and add this to your
domain. This will prevent others from using your domain name to spoof an
e-mail address.
Can anyone describe the function of SPFand how to
implement that
When a mail server that supports SPF lookups receives mail from a mail
server, it looks in the domain zone for the SPF text record to see if the
sending mail server has authority by either its IP address or MX record to
send mail for the domain name in the senders E-mail address.
If the mail server supports rejecting mail and you have configured it to do
so based on the SPF or MX lookup failure, then your mail server will reject
the E-mail with this error "Failed authorisation: Sender IP xxx.xxx.xxx.xxx
does not legitimately deliver for domain xxxx.org - rejecting"
Whether your mail server supports this or not, you should configure an SPF
record for your mail domain so other mail servers can verify SPF.
Go to http://spf.pobox.com and run the SPF wizard and add this to your
domain. This will prevent others from using your domain name to spoof an
e-mail address.
M
MN
How do I know if my mailserver (gateway to internet) supports SPF.
Where do I configure this. I am afraid that I could cause my mailgates to
totally
block mails. Is there a risk that thus could be the result of a wrong setup.
//Mariah
Where do I configure this. I am afraid that I could cause my mailgates to
totally
block mails. Is there a risk that thus could be the result of a wrong setup.
//Mariah
K
Kevin D. Goodknecht Sr. [MVP]
In
You would have to check your software documentation to see if it supports
SPF lookups.
Having a SPF record for your domain has no affect on your mail server,
unless some one sends an e-mail to you using your own email address.
But another mail server that checks SPF, may not accept mail from your
domain _UNLESS_ it comes from your mail server listed in your SPF. Using SPF
is supposed to guarantee that the sending mail server is authorized to
accept e-mail for the address in the "from" line.
MN said:How do I know if my mailserver (gateway to internet)
supports SPF.
Where do I configure this. I am afraid that I could cause
my mailgates to totally
block mails. Is there a risk that thus could be the
result of a wrong setup.
You would have to check your software documentation to see if it supports
SPF lookups.
Having a SPF record for your domain has no affect on your mail server,
unless some one sends an e-mail to you using your own email address.
But another mail server that checks SPF, may not accept mail from your
domain _UNLESS_ it comes from your mail server listed in your SPF. Using SPF
is supposed to guarantee that the sending mail server is authorized to
accept e-mail for the address in the "from" line.
J
John Coutts
***************** REPLY SEPARATER *****************How do I know if my mailserver (gateway to internet) supports SPF.
Where do I configure this. I am afraid that I could cause my mailgates to
totally
block mails. Is there a risk that thus could be the result of a wrong setup.
//Mariah
There are two parts to this equation. The first part involves publishing an SPF
txt record. This is done by adding a record to your public DNS servers for
your domain, That tells the world which servers are authorized to send mail for
your domain.
The second part is in the Mail Transport Agent (MTA) itself (ie. receiving
server). All implementations to-date are somewhat experimental, as the
standards have not solidified yet. These are generally implemented as add-ins
to existing mail servers.
For further information see:
http://spf.pobox.com/
J.A. Coutts
J
Jonathan de Boyne Pollard
M> Can anyone describe the function of SPFand how to implement that?
Yes. Quite a few people can describe the function of SPF and how to
implement it. Do you want them to?
Note that SPF mainly involves your SMTP Relay server. You've posted in
a DNS newsgroup, but the meat of SPF is in configuring your SMTP Relay
server to support it, not in providing your content DNS server with SPF
data to publish. Just publishing SPF data is only paying lip service to
SPF. Make your SMTP Relay server implement SPF, and break SMTP-based
Internet mail properly.
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/smtp-spf-is-harmful.html>
Yes. Quite a few people can describe the function of SPF and how to
implement it. Do you want them to?
Note that SPF mainly involves your SMTP Relay server. You've posted in
a DNS newsgroup, but the meat of SPF is in configuring your SMTP Relay
server to support it, not in providing your content DNS server with SPF
data to publish. Just publishing SPF data is only paying lip service to
SPF. Make your SMTP Relay server implement SPF, and break SMTP-based
Internet mail properly.
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/smtp-spf-is-harmful.html>
J
Jonathan de Boyne Pollard
KDGS> Using SPF is supposed to guarantee that the sending mail server is
KDGS> authorized to accept e-mail for the address in the "from" line.
No. Using SPF is purported to guarantee that the sending mail system
(which is a *client*, by the way, not a server) is permitted to *send*
electronic mail with the address in the envelope sender.
It doesn't, of course. (Not least because whilst it is purported to be
a mechanism for "publishing policies", SPF doesn't actually provide any
way to encode the kinds of policies that actually occur in the real world.)
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/smtp-spf-is-harmful.html>
KDGS> authorized to accept e-mail for the address in the "from" line.
No. Using SPF is purported to guarantee that the sending mail system
(which is a *client*, by the way, not a server) is permitted to *send*
electronic mail with the address in the envelope sender.
It doesn't, of course. (Not least because whilst it is purported to be
a mechanism for "publishing policies", SPF doesn't actually provide any
way to encode the kinds of policies that actually occur in the real world.)
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/smtp-spf-is-harmful.html>
J
Jonathan de Boyne Pollard
JC> All implementations to-date are somewhat experimental, as the
JC> standards have not solidified yet.
The standards aren't going to solidify in the near future, either. The
IETF MARID working group, which was working on standardising "MTA
Authorisation Records In DNS", has been disbanded. The working group
draft documents are now no longer headed for "standard" status.
<URL:http://ietf.org./mail-archive/web/ietf-announce/current/msg00505.html>
And, in the mean time, Microsoft's patent applications, filed last year
but only recently published, have turned out to cover SPF, in addition
to what it was previously thought they covered.
JC> These are generally implemented as add-ins to existing mail servers.
Ironically, one of the major reasons that MARID foundered was that
Microsoft's patent licence was incompatible with the copyright licences
of many MTS softwares, presenting a barrier to actual deployment that
would result in a largely useless standard. Since Microsoft's patent
applications seem set to be allowed as-is (no-one who has cried "prior
art" has reported putting their money where their mouth is and actually
attempting to convince the patent examiner of this), and since SPF will
then be covered by Microsoft's patents and thus subject to Microsoft's
patent licence, one wonders whether those who reported that they won't
be implementing Sender ID in their softwares because of Microsoft's
patent licence will also refuse to implement SPF on exactly the same
grounds.
JC> standards have not solidified yet.
The standards aren't going to solidify in the near future, either. The
IETF MARID working group, which was working on standardising "MTA
Authorisation Records In DNS", has been disbanded. The working group
draft documents are now no longer headed for "standard" status.
<URL:http://ietf.org./mail-archive/web/ietf-announce/current/msg00505.html>
And, in the mean time, Microsoft's patent applications, filed last year
but only recently published, have turned out to cover SPF, in addition
to what it was previously thought they covered.
JC> These are generally implemented as add-ins to existing mail servers.
Ironically, one of the major reasons that MARID foundered was that
Microsoft's patent licence was incompatible with the copyright licences
of many MTS softwares, presenting a barrier to actual deployment that
would result in a largely useless standard. Since Microsoft's patent
applications seem set to be allowed as-is (no-one who has cried "prior
art" has reported putting their money where their mouth is and actually
attempting to convince the patent examiner of this), and since SPF will
then be covered by Microsoft's patents and thus subject to Microsoft's
patent licence, one wonders whether those who reported that they won't
be implementing Sender ID in their softwares because of Microsoft's
patent licence will also refuse to implement SPF on exactly the same
grounds.
J
Jonathan de Boyne Pollard
KDGS> Go to http://spf.pobox.com and run the SPF wizard and add this to
KDGS> your domain. This will prevent others from using your domain name
KDGS> to spoof an e-mail address.
.... and a lot more besides.
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/smtp-spf-is-harmful.html>
KDGS> your domain. This will prevent others from using your domain name
KDGS> to spoof an e-mail address.
.... and a lot more besides.
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/smtp-spf-is-harmful.html>