[119951] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

SPF Configurations

daemon@ATHENA.MIT.EDU (Jeffrey Negro)
Fri Dec 4 11:26:48 2009

Date: Fri, 4 Dec 2009 11:25:43 -0500
From: "Jeffrey Negro" <jnegro@billtrust.com>
To: "NANOG" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

I'm wondering if a few DNS experts out there could give me some input on
SPF record configuration.  Our company sends out about 50k - 100k emails
a day, and most emails are on behalf of customers to their end users at
various domains (no, we're not spammers, these are email notifications
the end users have requested to receive).  Some customers insist on
making the FROM address use their domain name, but the emails leave our
mail servers on our domain.  SPF seems to be the way we could possibly
avoid more spam filters, and delivery rate is very important to our
company.

=20

The server configuration consists of a mail server that sends outbound
only, out of a specific IP with proper MX, A, and PTR records.  This is
a sample of the SPF configuration I believe would be correct:

=20

Our company (example.com) records:

=20

IN           MX         10 mail.example.com

mail                                        IN           A
<ip address>

example.com                   IN           TXT         "v=3Dspf1 mx =
-all"

example.com                    IN           SPF         "v=3Dspf1 mx =
-all"

mail                                        IN           TXT
"v=3Dspf1 a -all"

mail                                        IN           SPF
"v=3Dspf1 a -all"

=20

customer.com                   IN           TXT         "v=3Dspf1
include:example.com -all"

customer.com                   IN           SPF         "v=3Dspf1
include:example.com -all"

=20

Our customer's (customer.com) records:

=20

                                                IN           MX
10 mail.customer.com

mail                                        IN           A
<ip address>

customer.com                   IN           TXT         "v=3Dspf1 mx =
-all"

customer.com                   IN           SPF         "v=3Dspf1 mx =
-all"

mail                                        IN           TXT
"v=3Dspf1 a -all"

mail                                        IN           SPF
"v=3Dspf1 a -all"

=20

customer.com                   IN           TXT         "v=3Dspf1
include:example.com -all"

customer.com                   IN           SPF         "v=3Dspf1
include:example.com -all"

=20

I derived this from this tutorial:
http://www.zytrax.com/books/dns/ch9/spf.html .=20

=20

The other part of this that may be of importance would be the NATing.
The FQDN that the world sees for the outside address of the NAT is not
the same as the inside FQDN that Postfix is using internally.  Does this
cause any problems with SPF?

=20

Any comments or suggestions would be great.  Thanks in advance!

=20

Jeffrey


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[119951] in North American Network Operators' Group

SPF Configurations

daemon@ATHENA.MIT.EDU (Jeffrey Negro)Fri Dec 4 11:26:48 2009

daemon@ATHENA.MIT.EDU (Jeffrey Negro)
Fri Dec 4 11:26:48 2009