Home | Sitemap | Recent Changes | Login
SPF Logo

Sender Policy Framework

History of FAQ/Common mistakes


Revision 31 . . 2009-03-13 15:31 (UTC) by Alex van den Bogaerdt [Extra example for HELO, using webservers sending out mail]
Revision 30 . . (edit) 2008-04-23 8:37 (UTC) by Frank Ellermann
Revision 29 . . 2008-04-23 8:29 (UTC) by Frank Ellermann [senderid wizard confuses users about mx]
Revision 28 . . 2008-04-14 3:08 (UTC) by Frank Ellermann [include magic for ISPs]
Revision 27 . . (edit) 2008-04-05 21:08 (UTC) by Frank Ellermann [s/for for/for/ also in ToC, remove EHLO explaining only once what it is]
Revision 26 . . (edit) 2008-04-05 21:03 (UTC) by Frank Ellermann [Typo reported on the Webmaster list + s/for for/for/]
Revision 25 . . (edit) 2008-04-03 23:07 (UTC) by Julian Mehnle
Revision 24 . . 2008-04-03 18:57 (UTC) by Frank Ellermann [Better explanation of HELO proposed on the webmaster list]
Revision 23 . . (edit) 2008-04-03 18:35 (UTC) by Frank Ellermann [sufficient TO check ]
Revision 22 . . 2008-04-03 18:32 (UTC) by Frank Ellermann [MX fixes proposed on the Webmaster list (split section)]
Revision 21 . . (edit) 2007-04-09 20:32 (UTC) by Stuart Gathman
Revision 20 . . 2007-04-09 20:30 (UTC) by Stuart Gathman [*Tell users]
Revision 19 . . (edit) 2007-03-12 13:21 (UTC) by Alex van den Bogaerdt [made index]
Revision 18 . . (edit) 2007-03-09 19:10 (UTC) by Alex van den Bogaerdt [adding an anchor]
Revision 17 . . (edit) 2007-02-28 2:29 (UTC) by Alex van den Bogaerdt
Revision 16 . . 2007-02-20 19:22 (UTC) by Alex van den Bogaerdt [Added entry about listing domains]
Revision 15 . . (edit) 2007-01-22 8:09 (UTC) by Steve Yates
Revision 14 . . (edit) 2007-01-19 23:39 (UTC) by Steve Yates [clarified mx:]
Revision 13 . . 2007-01-04 20:30 (UTC) by Scott Kitterman [Pointed testing discussion to the Tools page and removed redundant information.]
Revision 12 . . 2007-01-04 20:28 (UTC) by Scott Kitterman [Added recommendation to publish SPF for non-mail domains]
Revision 11 . . 2007-01-04 19:55 (UTC) by Scott Kitterman [Added HELO/EHLO records]
Revision 10 . . 2006-12-09 21:38 (UTC) by Steve Yates [added comment on "mx:mailserver.example.com" usage]
Revision 9 . . 2006-12-05 4:28 (UTC) by Scott Kitterman [Added spf-test@openspf.org to the test options]
Revision 8 . . (edit) 2006-12-02 11:16 (UTC) by Steve Yates
Revision 7 . . (edit) 2006-12-02 11:10 (UTC) by Steve Yates [*now* I find the style guide]
Revision 6 . . (edit) 2006-12-02 10:50 (UTC) by Steve Yates
Revision 5 . . 2006-12-02 10:42 (UTC) by Steve Yates [Various edits for clarity, and info on publishing in DNS]
Revision 4 . . 2006-12-01 9:23 (UTC) by Steve Yates
Revision 3 . . (edit) 2006-12-01 8:28 (UTC) by Steve Yates
Revision 2 . . 2006-12-01 8:27 (UTC) by Steve Yates
Revision 1 . . 2006-12-01 8:14 (UTC) by Steve Yates [new article]
  
Difference (from prior major revision) (no other diffs)
Paragraph 50Paragraph 50

The first rule would be activated by any from address ending with "@example.com", and would validate such an email only if it comes from an IP address associated with an MX record for "example.com". The second rule would be activated by a HELO identification of "mailserver.example.com", and would validate the email only if it comes from the IP address associated with that server.

The first rule would be activated by any from address ending with "@example.com", and would validate such an email only if it comes from an IP address associated with an MX record for "example.com". The second rule would be activated by a HELO identification of "mailserver.example.com", and would validate the email only if it comes from the IP address associated with that server.

Another reason to take HELO names into account has to do with [[#all-domains|Publish null SPF records for your domains that don't send mail]]. Suppose you follow the advice in that FAQ but don't think about HELO names, you could inadvertently deny servers the right to send email. An example: a cloud of webservers send email forms out, using "webform@example.com" as the sender's address.  Each webserver uses (as it should) its own name as the HELO parameter.

> <pre>www.example.com.     IN  TXT  "v=spf1 -all"
web01.example.com.   IN  TXT  "v=spf1 a -all"
web02.example.com.   IN  TXT  "v=spf1 a -all"
web03.example.com.   IN  TXT  "v=spf1 a -all"</pre>

Eventhough there are no email addresses like "user@web03.example.com", the name "web03.example.com" <strong>is</strong> used for email!

If you don't publish an SPF policy for such domains, they are game for spoofers. And if you do publish an SPF policy, you better allow your host to use its own name.


=== [[##all-domains]] Publish null SPF records for your domains that don't send mail

=== [[##all-domains]] Publish null SPF records for your domains that don't send mail