SPF / TXT records

[Herb Martin]

Anyone using SPF records for your SMTP?
(Send Policy Framework)

Seems interesting and might cut down on some
spam and many of those bounce messages with
forged headers....

Microsoft DNS doesn't support SPF records
(perhaps neither does BIND) but SPF allows
for a TXT record substitution or supplement
and SPF compliant email systems should check
either (both actually and use the SPF if both
are present) and use the TXT if the SPF is missing.

I wonder if MS is planning on supporting this
record type in a future update or product version?

Here is the draft RFC:
http://www.ozonehouse.com/mark/spf/draft-lentczner-spf-00.txt

Here is a site focused on the SPF concept and explaining
its use -- complete with record creation wizard:
http://spf.pobox.com/

The SPF wizard itself:
http://spf.pobox.com/wizard.html

Here are MS specific instructions:
http://www.michaelbrumm.com/spfwindowsdns/

I found out about it by using www.DNSreport.com
which offered a warning for it being missing.

Please comment or let me know if you have any
successes with SPF records.

 

[DevilsPGD]

Anyone using SPF records for your SMTP?
(Send Policy Framework)
Yes.

Microsoft DNS doesn't support SPF records
(perhaps neither does BIND) but SPF allows
for a TXT record substitution or supplement
and SPF compliant email systems should check
either (both actually and use the SPF if both
are present) and use the TXT if the SPF is missing.

SPF records use a RR type of "TXT" -- There is nothing specific required
of the DNS server other then basic TXT support.

 

[John Coutts]

Anyone using SPF records for your SMTP?
(Send Policy Framework)

Seems interesting and might cut down on some
spam and many of those bounce messages with
forged headers....

Microsoft DNS doesn't support SPF records
(perhaps neither does BIND) but SPF allows
for a TXT record substitution or supplement
and SPF compliant email systems should check
either (both actually and use the SPF if both
are present) and use the TXT if the SPF is missing.
I wonder if MS is planning on supporting this
record type in a future update or product version?

**************** REPLY SEPARATER *****************
Actually, there is no specific RR for SPF at the moment and Microsoft is
planning on using SPF TXT records for it's SenderID
http://www.microsoft.com/mscorp/twc/privacy/spam/senderid/default.mspx
I personally disagree with the Microsoft approach because it will reject after
DATA using the data header information. SPF itself rejects before DATA during
the SMTP session, which eliminates unnecessary traffic and unnecessary bounces
to faked addresses.
**************************************************

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Anyone using SPF records for your SMTP?
(Send Policy Framework)

Seems interesting and might cut down on some
spam and many of those bounce messages with
forged headers....

Microsoft DNS doesn't support SPF records
(perhaps neither does BIND) but SPF allows
for a TXT record substitution or supplement
and SPF compliant email systems should check
either (both actually and use the SPF if both
are present) and use the TXT if the SPF is missing.

I wonder if MS is planning on supporting this
record type in a future update or product version?

Here is the draft RFC:
http://www.ozonehouse.com/mark/spf/draft-lentczner-spf-00.txt

Here is a site focused on the SPF concept and explaining
its use -- complete with record creation wizard:
http://spf.pobox.com/

The SPF wizard itself:
http://spf.pobox.com/wizard.html

Here are MS specific instructions:
http://www.michaelbrumm.com/spfwindowsdns/

I found out about it by using www.DNSreport.com
which offered a warning for it being missing.

Please comment or let me know if you have any
successes with SPF records.

Herb, I'm really surprised this post is coming from you.
Microsoft DNS does support SPF, which is just a TXT record. From the Action
menu select Other New records, then select TXT record type. go to
spf.pobox.com and run the wizard and paste the results to the TXT record.
Understand you having SPF does not protect you much from spam, your SMTP
server may not even query for SPF, your reason for having SPF is to prevent
someone from sending mail using your domain name and not using your mail
server to do it. Even then, the receiving SMTP must query the SPF record you
created. It will help you in sending mail to aol.com and hotmail.com. SPF is
one of those things that for it to be really effective, everyone will need
an SPF record and all SMTP servers will need to query for the SPF for all
incoming mail.

 

[Herb Martin]

Herb, I'm really surprised this post is coming from you.

Microsoft DNS does support SPF, which is just a TXT record. From the Action
menu select Other New records, then select TXT record type. go to
spf.pobox.com and run the wizard and paste the results to the TXT record.

Well, several people said this (MS supports it; SPF is
really just a TXT record) even though those statements
are technically incorrect AND I covered the TXT
record substitution (so it isn't just a picky technical
distinction):

MS does not support the SPF record ITSELF. It supports
the TXT substitute because it supports text records and
the SPF idea offers this as an alternative specifically
for this reason (most DNS servers don't know about SPF
records themselves yet.)

Understand you having SPF does not protect you much from spam, your SMTP
server may not even query for SPF,

The goal is that most SMPT servers over time WILL
do this.

your reason for having SPF is to prevent
someone from sending mail using your domain name and not using your mail
server to do it.

Yes, and this will remove most of those "bounce
spam" message once SMTP servers query for it.

Even then, the receiving SMTP must query the SPF record you
created. It will help you in sending mail to aol.com and hotmail.com. SPF is
one of those things that for it to be really effective, everyone will need
an SPF record and all SMTP servers will need to query for the SPF for all
incoming mail.

Sounds like a good idea.

Maybe we should encourage it, don't you think?

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Well, several people said this (MS supports it; SPF is
really just a TXT record) even though those statements
are technically incorrect AND I covered the TXT
record substitution (so it isn't just a picky technical
distinction):


MS does not support the SPF record ITSELF. It supports
the TXT substitute because it supports text records and
the SPF idea offers this as an alternative specifically
for this reason (most DNS servers don't know about SPF
records themselves yet.)


The goal is that most SMPT servers over time WILL
do this.


Yes, and this will remove most of those "bounce
spam" message once SMTP servers query for it.


Sounds like a good idea.

Maybe we should encourage it, don't you think?

I have my SPF record in all DNS zones I host, there is not a record type
SPF. If you read the wizard at spf.pobox.com it tells you to paste it to a
TXT record type, which is what is queried for.

 

[Herb Martin]

I have my SPF record in all DNS zones I host, there is not a record type

SPF. If you read the wizard at spf.pobox.com it tells you to paste it to a
TXT record type, which is what is queried for.

You didn't read the RFC but assumed that the
way the wizard does it is the only way.

Now, that would be find except you tried to
use your incomplete understanding to claim
I was wrong -- even though my message had
given your the information you needed to check
or query to really understand the SPF record
type.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

You didn't read the RFC but assumed that the
way the wizard does it is the only way.

Now, that would be find except you tried to
use your incomplete understanding to claim
I was wrong -- even though my message had
given your the information you needed to check
or query to really understand the SPF record
type.

No I didn't read the RFC, so I went to the RFCs and search for SPF and
Sender Policy Framework and I found no references.
I also found no reference for an SPF record type anywhere in the RFCs, I
didn't make any claims, I stated a fact, SPF is published in a TXT record.
It is not a record type it is an algorythm used by mail servers.

 

[Herb Martin]

No I didn't read the RFC, so I went to the RFCs and search for SPF and

Sender Policy Framework and I found no references.

Go back and RE-READ my original message the link to
the RFC is included.

I also found no reference for an SPF record type anywhere in the RFCs, I
didn't make any claims, I stated a fact, SPF is published in a TXT record.

The reference to the SPF and the explanation of the
interrim use of the TXT record is clearly indicated.

It is not a record type it is an algorythm used by mail servers.

It is a new draft record type not supported by MS (yet).

 

[Ace Fekay [MVP]]

In

Go back and RE-READ my original message the link to
the RFC is included.


The reference to the SPF and the explanation of the
interrim use of the TXT record is clearly indicated.


It is a new draft record type not supported by MS (yet).

Can you pinpoint in the RFC explaining this instead of us reading the whole
thing thru? (Copy and paste the relevent paragraph).

As far as I know, and basically what spf.pobox.com explains, (and so does
everyone else), is the SPF record is just a PLAIN OLD TEXT record with data
set in a specific format that other servers, if enabled or have the ability
to check the record, to check that specific data that defines the SPF record
for that domain mail servers, PTR, and/or IPs. I believe GFI's tools has a
plug in (if not already added) for their software to check if an SPF text
entry exists, and if so, will check it before accepting mail from a sender.

Here is an easier explanation:

AOL's Take on SPF:
http://postmaster.aol.com/spf/details.html

Ace

 

[Herb Martin]

"Ace Fekay [MVP]"

In


Can you pinpoint in the RFC explaining this instead of us reading the whole
thing thru? (Copy and paste the relevent paragraph).

Of course I can -- I already explained it and posted it.

Go read the FIRST message, and then follow the link
to the RFC and read about the record types. The RFC
is complete with a CONTENTS so it is trivial to find
and search for whatever you wish.

BTW, register.com doesn't seem to support EITHER
TXT or the specific SPF records.

GoDaddy.com supports both the generic TXT record
and the specific SPF.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Go back and RE-READ my original message the link to
the RFC is included.

That is not an RFC, it is an internet draft proposal.

 

[DevilsPGD]

Of course I can -- I already explained it and posted it.

Go read the FIRST message, and then follow the link
to the RFC and read about the record types. The RFC
is complete with a CONTENTS so it is trivial to find
and search for whatever you wish.

The draft supports an RR for SPF. The actual protocol only uses TXT
records.

 

[Ace Fekay [MVP]]

In

Of course I can -- I already explained it and posted it.

Go read the FIRST message, and then follow the link
to the RFC and read about the record types. The RFC
is complete with a CONTENTS so it is trivial to find
and search for whatever you wish.

Herb, I thought you would be able to copy and paste the passage directly for
us. It was just a SIMPLE request.

BTW, register.com doesn't seem to support EITHER
TXT or the specific SPF records.

GoDaddy.com supports both the generic TXT record
and the specific SPF.

Neither does Network Solutions nor Allegiance.

So what's your point? Just follow the text method creating it on your own
DNS server, otherwise, use GoDaddy or someone else.

Ace

 

[neo [mvp outlook]]

Yes, I use an SPF record.

Don't follow MS's DNS, but rumour has it that SP2 for Exchange will
introduce support for Microsoft's Caller ID/SPF since Edge services is no
more.

 

[Herb Martin]

Yes, I use an SPF record.

Don't follow MS's DNS, but rumour has it that SP2 for Exchange will
introduce support for Microsoft's Caller ID/SPF since Edge services is no
more.

Excellent news. That is far more important than the
DNS since MS does support the TXT record and this
can be used to fake/substiture-for the SPF record type.

Getting the email servers to USE it is new behavior
and much more important for MS to add.

Apparently SpamAssassin 3.0 supports SPF as well.