IETF Logo Mail Archive

Re: [spfbis] Clarity on location of SPF records

Scott Kitterman <spf2@kitterman.com> Tue, 16 September 2014 12:50 UTC

Return-Path: <spf2@kitterman.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B74D1A06E7 for <spfbis@ietfa.amsl.com>; Tue, 16 Sep 2014 05:50:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jeaLHPv2Af1U for <spfbis@ietfa.amsl.com>; Tue, 16 Sep 2014 05:50:35 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BBB41A06E6 for <spfbis@ietf.org>; Tue, 16 Sep 2014 05:50:35 -0700 (PDT)
Received: from mailout03.controlledmail.com (localhost [127.0.0.1]) by mailout03.controlledmail.com (Postfix) with ESMTP id BFE27956031; Tue, 16 Sep 2014 08:50:33 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2014-01; t=1410871833; bh=Xv+zivPzRsmJNByqtAOPfyp5XIxI7FjZj/uLBoCkoWs=; h=In-Reply-To:References:Subject:From:Date:To:From; b=RokOH1CXuCqbArTe8g76Z/PQUzrP88yLVxhseAHCwSta8UVX06H8zmt+iXu6BICF0 NJhWWx+o8VHCiINflcsLRHZGUQ/MFjSmmUU+1WA64sKi30w8LMRWFY0+DH03odTalb EhZAm+m5SjIvDhyangrcz3qLHkZkD2g4KhVar9As=
Received: from [10.191.253.177] (41.sub-70-192-201.myvzw.com [70.192.201.41]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 4AC4ED04672; Tue, 16 Sep 2014 08:50:33 -0400 (EDT)
User-Agent: K-9 Mail for Android
In-Reply-To: <54182EDD.7030508@dcrocker.net>
References: <CAC6Wms59cN0+v87dL69o10uZ7B5TnmbiX6WZf7J9C+vE11PgDw@mail.gmail.com> <54182EDD.7030508@dcrocker.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
From: Scott Kitterman <spf2@kitterman.com>
Date: Tue, 16 Sep 2014 08:50:29 -0400
To: spfbis@ietf.org
Message-ID: <81eb5aa8-b6fc-471f-b25f-eb8e3cbd572f@email.android.com>
X-AV-Checked: ClamAV using ClamSMTP
Archived-At: http://mailarchive.ietf.org/arch/msg/spfbis/DKG8-N0bL0w9NRq7ir-WkcWoMeo
Subject: Re: [spfbis] Clarity on location of SPF records
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Sep 2014 12:50:37 -0000

On September 16, 2014 8:36:45 AM EDT, Dave Crocker <dhc@dcrocker.net> wrote:
>On 9/16/2014 4:27 AM, Danie de Jager wrote:
>> I need ​clarity with the ​ possible​ location of the SPF record.>
>> As example. If I have a domain abc.123.example.com
>> <http://abc.123.example.com> with a MX record of
>
>
>MX records are for hosts to /receive/ mail.
>
>SPF is for registering hosts that /send/.
>
>You need a record for any domain name that shows up in an
>rfc5321.MailFrom command.  (I'm being simplistic, but this will
>suffice.)
>
>Under that domain, you need an SPF record that lists the IP addresses
>of
>every machine that will be an SMTP client, sending mail using that
>domain name in the Mail From.

Additionally, you should publish records for any domain that show up in an rfc5321.ehelo command. This is, however, rather less commonly done.   The fact that SPF checking can be done for multiple identities does add complexity and  is probably a source of the confusion. 

Scott K

v2.23.0 | Report a Bug | By Email