[PLUG] SPF records in DNS zone files

Russ Johnson russj at dimstar.net
Tue Mar 30 13:27:02 UTC 2004


Rich Shepard wrote:

>  Are folks adding spf records to their dns zone files? Aracnet did so for
>my domain when I asked this morning. The format is simple:
>
>domain_name.tld		IN TXT	"v=spf1 a mx ptr -all"
>
>  With this in place, spf-enabled MTAs can verify that mail supposedly from
>your domain name was sent by a defined mail server at your IP address. Seems
>to me this will help reduce spam once spf records are generally implemented.
>
I like the idea. I just haven't been able to reconcile how it would be 
best to set up in my environment.

All of *MY* email from dimstar.net comes from my server at 
mail.dimstar.net. But this is not the problem.

My kids and my girlfriend live elsewhere in Oregon, and have a different 
connection to the net. They have email addresses on my server, and pick 
up from mail.dimstar.net.

However, due to restrictions, they must send through the provider they 
are connected to. So their dimstar.net email will come from a 
centurytel.net mail server.

It just doesn't seem proper to list a centurytel mail server as one of 
my spf records.

Yes, I could set up a vpn connection from their house to mine. Or I 
could set up a mail server at their house that forwards to the 
centurytel server. Seems like a lot of work.

These folks have very simple networks. Hardware (netgear) firewall, with 
Windows machines behind them. They are 100+ miles from me, so when 
things go bad, I can't just drive over on a whim.

So. My question remains, what's the best thing to do? I'm sticking with 
no spf records for now.

Russ




More information about the PLUG mailing list