Well, there are two parts of this: 1 - make a decision which servers are allowed to send mail on your behalf - this is entirely up to you. This is expressed in terms of server names, IP addresses etc. You may decide that ONLY <these> servers may send mail or that other servers are allowed to also send mail. One example is a portable computer, may that use a local server to send mail or should that be considered bogus?
2 - express these decisions in an spf statement - this is where the RFC comes into play, explaining how to interpret the statements. You need to make decision #1 yourself. On 18/02/12 18:34, Jonathan Vomacka wrote: > If someone uses a mobile device to send e-mail? Would ~all be better? > I also generated the following SPF using a wizard. Let me know if this > looks correct: > > teamwarfare.com. IN TXT "v=spf1 a mx a:mail.teamwarfare.com > a:mail2.teamwarfare.com ip4:66.90.73.80 ip4:216.250.250.148 ~all" > > I wouldn't need an "include:" or "ptr" statement in this right? I > would told "include:" was to include OTHER domains that are allowed to > send e-mail, but then again I see some people writing the domain again > as an include. Also is PTR good to use or not? > > Sten, > I read over the link but am still a bit confused. > > On 2/18/2012 11:55 AM, Sten Carlsen wrote: >> Hi >> >> I suggest to use the wizards or look in the RFC: >> http://www.ietf.org/rfc/rfc4408.txt >> >> >> >> On 18/02/12 17:51, Jonathan Vomacka wrote: >>> BIND Community Support, >>> >>> I am inquiring about how to setup a proper SPF record? I know there >>> are SPF wizards/generators available but each seem to have a different >>> "opinion" of what should be included and what should not be included. >>> >>> Let me give you a scenario of my setup, and hopefully someone can help >>> me out. >>> >>> My domain is: test.com >>> My mailserver hostname is: mail.host.com which also has a MATCHING PTR >>> record >>> mail.host.com (for example) resolves to 50.1.1.1 and 50.1.1.1 resolves >>> to mail.host.com >>> >>> This is a STANDALONE mail server without any VIP's or load balancing. >>> There is however one additional host that will send out mail from the >>> domain but it wont be receiving mail, it will only be used as an SMTP >>> server attached to a website automailer... It only generates error >>> reports and sends them out... so technically it isn't a full mail >>> server but it will be sending (outbound only) mail on behalf of the >>> domain. >>> >>> The additional host is: mail2.test.com which resolves to 50.2.2.2 and >>> there is a Matching PTR. >>> >>> These are the ONLY mail servers and IP addresses that will be sending >>> out mail from the test.com domain. Some websites say I should use -all >>> and others say -all will cause some MTA's to reject and ~all is better >>> to use even if those are the only two hosts sending out mail. >>> >>> Would you be able to assist with a solid SPF record? >>> _______________________________________________ >>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >>> unsubscribe from this list >>> >>> bind-users mailing list >>> bind-users@lists.isc.org >>> https://lists.isc.org/mailman/listinfo/bind-users >> >> -- >> Best regards >> >> Sten Carlsen >> >> No improvements come from shouting: >> "MALE BOVINE MANURE!!!" >> -- Best regards Sten Carlsen No improvements come from shouting: "MALE BOVINE MANURE!!!"
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
