Re: Implementing SPF in Postfix
- On 03/15/2010 06:18 PM, Security Admin (NetSec) wrote:
> Running Postfix as a mail gateway, version 2.6.5 and am finally gettingPlease note that according to RFC4408 (SPF), section 3.1.1 (DNS Resource
> around to implementing SPF in Postfix. I thought the TXT record in DNS
> would suffice which is how I have been running it.
Record Types) the preferred DNS RR is "SPF" (code 99), not "TXT". The
TXT record is only meant for temporary use for the time period when
there are still nameservers operational that don't support the SPF RR yet.
> An SPF-compliant domain name SHOULD have SPF records of both RRGiven current state of things, I would recommend using both. Make sure
> types. A compliant domain name MUST have a record of at least one
> type. If a domain has records of both types, they MUST have
> identical content. For example, instead of publishing just one
> record as in Section 3.1 above, it is better to publish:
> example.com. IN TXT "v=spf1 +mx a:colo.example.com/28 -all"
> example.com. IN SPF "v=spf1 +mx a:colo.example.com/28 -all"
they contain exactly the same information though.