On 08/09/2010 05:15 PM, Noel Jones wrote:
On 8/9/2010 9:29 AM, Nicolas Michel wrote:
Hello,
I want to know if there is a way to reject connections from
host not listed in the MX records of the domain it claims to be.
For example : a host with IP WWW.XXX.YYY.ZZZ try so send a
mail to my domain (we'll call it mydomain.be) and claims that
the sender is u...@otherdomain.com
If WWW.XXX.YYY.ZZZ is not a MX server of otherdomain.com my
mail server will reject the connection.
If it is possible, will it cause some troubles? Will I loose
some legitimate mails? Because of misconfiguration or an other
reason?
Not a good plan, you'll lose lots of legit mail. Many organizations use
split systems -- an MX for incoming only and a separate server is used
for outgoing.
The larger the organization, the more likely they use a split system.
The legit outgoing server may not even be in the same netblock or same
geographic region as the MX.
This is why SPF was invented.
-- Noel Jones
I already heard about SPF but never used it. Is it working well? Is it
hard to configure?
