On Wed, 3 Aug 2005, Steve Buehler wrote:
Honestly I would like to see SPF become a standard that is enforced by all
ISP's. When it does, that will cut down on the marjority of spam. It will
also force the programmers of the control panels to have it automatically put
it in when a site is setup instead of it being a separate process that
requires a tech. Or at least someone other than my boss. If it isn't done
automatically, then it defeats the purpose of having a control panel that is
a one step setup process. It will all be a headache to implement, but might
be worth it to get rid of spam and the load on servers. I will have to look
into it some more and see if I can write a script to automatically add this
to dns records for the domains that we host.
I think you have missread the SPF descriptions somewhat and don't really
understand how it fits in with sending e-mail and how it relates to spam.
SPF is designed, not to stop spam, but to ensure that the domain you are
sending mail from is indeed authorized to act on your behalf. This will in
turn prevent domain hijacking by spammers as well as phishing attacks by
people sending mail out as if they were a third party you have an existing
relationship with.
The SPF record requires NO configuration on the mail server (tho turning
on such facilities as SMTP Auth is generally considered a good thing [tm])
but is rather entirely DNS based, the _only_ thing you need to know is the
outbound IP addresses of the servers that will send mail for your
domain(s) and these are added to the DNS TXT record setting up the SPF
filter.
As a result, most of your supposed problems with setup go away, all you
need to do is add a new TXT field to all zones saying something like "All
mail for this domain will come from 1.2.3.4 and soft fail otherwise"
"v=spf1 a:wibble.focb.co.nz ~all"
This is an example of the sort of record you need to add, tho the wizard
at pobox will set one up for you as well.
If your customer uses their ISP mail server to send out mail then simply
add this into the SPF record and things will work quite happily.
As for sending outgoing mail bound to a specific IP, this will be pretty
much impossible with sendmail unless you bind individual copies of
sendmail to every IP and allocate each copy to each individual customer.
Not really that practical. You may find something in postfix that could
potentially do this but dont quote me on that.
--
Steve.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
