I learned about SPF a few weeks ago. All of my domains (about 200 of them)
now have SPF records in their zone files.
What SPF does is cause a domain to state:
"the only valid servers (ip or domain name) which may send mail for this
domain are ..."
That's all it does.
So let's say you send email for ringlink.com through your ISP's SMTP
server. You just note that in the SPF entry in the zone file. If you also
send it through, say, your own SMTP service on your web server, you simple
add the IP address of the web server to the SPF record. If you used
everyone.net's system to send, you would add that to the SPF record.
It's simply a way to tell the receiving server who may send email
for a domain.
My SPF entry in each of my zone files looks like thus:
v=spf1 ip4:10.10.10.10 a mx a:mail.spamcop.net a:smtp.everyone.net
include:smtp.sbcglobal.yahoo.com -all
(10.10.10.10 is my IP address, I've modified it here).
This says for the zone (say ringlink.com) allow sending from
the specified IP and the specified domains. The "include" says
smtp.sbcglobal.yahoo.com is a server farm and the IP might not always
be the same.
The -ALL says if it's not one of these it's not valid.
The web site you mentioned has all of the details.
As far as I can tell, this should NOT break ringlink. It simply means
the DNS zones must have the proper SPF entries.
Richard
-----Original Message-----
From: ringlink-open-bounces@xxxxxxxxxxxxxxx
[mailto:ringlink-open-bounces@xxxxxxxxxxxxxxx] On Behalf Of
Gunnar Hjalmarsson
Sent: Sunday, October 17, 2004 5:47 PM
To: list@xxxxxxxxxxxx
Subject: [RLopen] Email notifications and SPF
Hi all,
SPF stands for "Sender Policy Framework". It's a new approch for
preventing spammers from sending from forged hosts, and you can read
about it at http://spf.pobox.com/
I don't know about you, but I for one hadn't heard of SPF
until a couple
of hours ago.
This seems to be the principle:
- A host, that wants to benefit from SPF, registers as a special DNS
record all the mail servers that may be used for sending from
that host.
- A receiving mail server may compare the sender with the
just mentioned
DNS record for the sender's host, and reject messages if they
don't match.
As far as I understand, SPF may become a problem with respect to
Ringlink's various email notifications. For instance, if a ringmaster
registers an email address with a host with an SPF record, a Ringlink
notification to a ring member, whose receiving mail server checks for
SPF, may be rejected. (I'm assuming that the server where the copy of
Ringlink is hosted will typically not be included in the SPF
record for
the ringmaster's host.)
SPF focuses normally on the so called MAIL FROM address, i.e. the
address to which a possible bounce message is sent. I
consider it to be
a valuable Ringlink feature that e.g. the bounce resulting from a
notification to a ring member with an invalid address goes to the
ringmaster. Now, with SPF, I fear that the whole concept for sending
email notifications from Ringlink will need to be reconsidered.
As I mentioned, I have just learned about the existence of SPF, and I
may well have misunderstood its consequenses. I'm posting
this to call
your attention to the approach, but also, and not least, to get your
help with analysing the impact of SPF on Ringlink.
Accordingly, any thoughts/information on this topic are most welcome.
/ Gunnar