Loading ...
Sorry, an error occurred while loading the content.

Re: Implementing SPF in Postfix

Expand Messages
  • Erik Logtenberg
    ... Please note that according to RFC4408 (SPF), section 3.1.1 (DNS Resource Record Types) the preferred DNS RR is SPF (code 99), not TXT . The TXT record
    Message 1 of 4 , Mar 15, 2010
    • 0 Attachment
      On 03/15/2010 06:18 PM, Security Admin (NetSec) wrote:
      > Running Postfix as a mail gateway, version 2.6.5 and am finally getting
      > around to implementing SPF in Postfix. I thought the TXT record in DNS
      > would suffice which is how I have been running it.

      Please note that according to RFC4408 (SPF), section 3.1.1 (DNS Resource
      Record Types) the preferred DNS RR is "SPF" (code 99), not "TXT". The
      TXT record is only meant for temporary use for the time period when
      there are still nameservers operational that don't support the SPF RR yet.

      > An SPF-compliant domain name SHOULD have SPF records of both RR
      > types. A compliant domain name MUST have a record of at least one
      > type. If a domain has records of both types, they MUST have
      > identical content. For example, instead of publishing just one
      > record as in Section 3.1 above, it is better to publish:
      >
      > example.com. IN TXT "v=spf1 +mx a:colo.example.com/28 -all"
      > example.com. IN SPF "v=spf1 +mx a:colo.example.com/28 -all"

      Given current state of things, I would recommend using both. Make sure
      they contain exactly the same information though.
    Your message has been successfully submitted and would be delivered to recipients shortly.