[nzlug] What's spamhaus on about?
Mark Foster
blakjak at blakjak.net
Sat Dec 30 14:00:37 NZDT 2006
On Sat, 30 Dec 2006, yuri wrote:
> On 29/12/06, Robin Sheat wrote:
>> The problem with SPF is that if you have people sending mail from hosts not
>> yours (say, their gmail 'from' is set to your domain where they get their
>> email from, or they send mail through their ISP with the from set to their
>> email account on your domain), then you can't use SPF (AIUI).
>
> AIUI you can set up SPF records for, say, gmail's mail servers and/or
> another ISP's mail servers. The SPF simply tells which IP addresses
> can validly send on behalf of that domain.
>
> Of course if you create an SPF record for gmail, then any other gmail
> user can spoof your domain, although it's unlikely that gmail would
> allow their mail servers to relay spam.
>
> Someone please correct me if I am mistaken.
>
You're quite right - you can add the IP networks or hostnames for any MTA
'approved' to be sending mail on your domains behalf - this can include
Gmail or any alternate ISPs you use for mail sending.
You can also specify (bad, but accept) or (bad, and fail) in terms of
response to it, too.
This is all admin-intensive and updates become subject to TTL's on the
record/zone too.
Google for SPF - the response is pretty good.
Mark.
More information about the NZLUG
mailing list