Email Server Solution

[Ugo Bellavance]

Steve Buehler wrote:
> At 02:09 PM 8/2/2005, you wrote:
> 
>> > Ok.  I give.  What in the heck is an spf (TXT) record?  Something that
>> > just came out this year?  I have everything that AOL requires now.  If
>> > that is a new term for a PTR or reverse record, then I already have it.
>>
>> It is probably an SPF record. http://spf.pobox.com/.
>>
>> It dictates from which IP a message for a specific domain is supposed to
>> come from.
> 
> 
>         hmmmm.  Is this widely used?

Used by AOL, Google and many other domains.  Not everyone rejects a
message on a FAIL, though (I do, 'cause I have low mail volume).

> I have never heard of it before. 

There is also DomainKeys, used by (at least) Yahoo and Google.  It is a
system based on public-key crypto.

<snip>

SPF strict records needs a domain for wich e-mail will come only from a
specific set of servers/IP addresses.

For example, my users only use Outlook/exchange to send e-mail for our
domain.  If they want to send mail from home with their office e-mail
account, they connect using VPN, so the source is always predictable.
This is the office's policy.  If users don't respect it, their e-mails
may be rejected.  They've been warned.

SPF doesn't need separate DNS servers.  SPF implementation is 2 fold,
and they're not mutually exclusive or reciprocal prerequisites.

1- You can control from which IP e-mail from your domain will come (SPF
TXT-type DNS records)
2- You can perform SPF checks with your MTA and reject/warn/tag as SPAM
messages according to the SPF result.

Hope this helps.

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the
irrelevant parts in your replies.