Re: [spfbis] guidance on SPF record locations
Scott Kitterman <spf2@kitterman.com> Tue, 28 April 2020 20:41 UTC
Return-Path: <spf2@kitterman.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14D723A0CAB for <spfbis@ietfa.amsl.com>; Tue, 28 Apr 2020 13:41:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=iBusyGNK; dkim=pass (2048-bit key) header.d=kitterman.com header.b=asTFi052
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ClvjwJnS0yNX for <spfbis@ietfa.amsl.com>; Tue, 28 Apr 2020 13:41:09 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 746913A0C8F for <spfbis@ietf.org>; Tue, 28 Apr 2020 13:41:09 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id 2ADA7F802BE for <spfbis@ietf.org>; Tue, 28 Apr 2020 16:41:08 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1588106468; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=a+0sZ4+GndFTB1L5ywUHSdlCHCoIsICQWJdf7vA0mXw=; b=iBusyGNKu+9GUPDuIy0IL2WQtThctdLQRIb0fdqIX2ISA2qcObFkn2KjWSIPt1DcMcqu1 JT7vLovkaONANb0Bg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1588106468; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=a+0sZ4+GndFTB1L5ywUHSdlCHCoIsICQWJdf7vA0mXw=; b=asTFi052sbxXSM5tJxlwmweCX6gyVhia87wYVYVgzNMgmABLmCvc+wNFiMBk+nP1Oc32l SmciaS/3B7TdOEtFVpUF/LhK9/iTjFCyJbEGA/4UV3djQKiOBOYvyCDL7gAn4EPiiBM/gR8 5g5tk7QVlMKis8IzhoscoyxIeqwGZl6lVPxdAI3713vFdbSumbIdItdx/rKQNLnvI/6L9he MA2ekFMy6VgZ0EGfjRHJWHnO9Tn4eWobwzAt/sPGVOyZWcz++a/1UPy1Pj9g1L+2dLBISin tdnqGNJc34G7lARKTcae9Gh3NGDwPi3hECJSgQIwKdoVR/tcI9CTqYy/08uQ==
Received: from sk-desktop.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTP id 00EA9F800E7 for <spfbis@ietf.org>; Tue, 28 Apr 2020 16:41:07 -0400 (EDT)
From: Scott Kitterman <spf2@kitterman.com>
To: spfbis@ietf.org
Date: Tue, 28 Apr 2020 16:41:07 -0400
Message-ID: <7636722.4rXxDbLlSY@sk-desktop>
In-Reply-To: <CAC6Wms4_NVC4LXe2X4jEiYnm2dccxTAF+rkF4fWaa2KmubETXw@mail.gmail.com>
References: <CAC6Wms4_NVC4LXe2X4jEiYnm2dccxTAF+rkF4fWaa2KmubETXw@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spfbis/Gbybug5nGWUCqr6-CwClJnUnRTI>
Subject: Re: [spfbis] guidance on SPF record locations
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2020 20:41:11 -0000
On Tuesday, April 28, 2020 1:28:27 PM EDT Danie de Jager wrote: > Hi, > > Our best practise is to add a SPF record to all DNS zones, to either > allow or block the sending of email from that Domain name. This can > create issues when adding SPF records to DKIM selectors so that they > are included. What do you think? Should some domains not have SPF > records? > > Sending domains used: > example.com. IN TXT "v=spf1 ip4:192.0.2.1 ip4:192.0.2.129 -all" > > Domain not sending email. > www.example.com. IN TXT "v=spf1 -all" > ftp.example.com. IN TXT "v=spf1 -all" > > Possible problem domain: > selector._domainkey.example.com IN TXT "v=DKIM1; p=yourPublicKey" > selector._domainkey.example.com IN TXT "v=spf1 -all" It's not a problem: 1. You can have more than one DNS record of type TXT, so publishing that SPF record doesn't hurt anything. 2. Underscored domain names aren't valid host names so they can't be used in mail or for most anything else, so publishing that SPF record isn't necessary. Scott K
- [spfbis] guidance on SPF record locations Danie de Jager
- Re: [spfbis] guidance on SPF record locations Scott Kitterman