SPF for home mail servers (was Re: [TriLUG] Securing Recursive DNS)

Rick DeNatale rick.denatale at gmail.com
Tue Mar 21 14:09:14 EST 2006


On 3/21/06, Jeremy Portzer <jeremyp at pobox.com> wrote:
> On Tue, 21 Mar 2006, Christopher L Merrill wrote:
>
> > For the MX record it says "ERROR: I couldn't find any MX records for
> > christophermerrill.net...<snip>....so I'm assuming you don't receive
> > mail on this domain."
> >
> > My DNS is through dyndns.org and I've been receiving mail just fine for
> > many years.  I'm not claiming the report is wrong, or even that I
> > understand half of what the report said, but it seems to be a little to
> > strict in its interpretation of this particular item. C
>
> Certainly, MX records are only required if you wish to specify an
> alternate mail exchanger.  If you are happy with using the default A
> record for mail, everything will function fine.  It's fine for something
> small like your dyndns-based home server.

This exchange got me thinking about SPF again.  Have any Triluggers
published SPF records for a home server?

I'm not sure that I completely understand all the subtleties of SPF,
but I think that in the case of a home dynamic dns setup this would be
another use of an MX record, along with a TXT spf record which used
the mx: option to validate the sending id.

For example, I've got postfix set up to forward outgoing mail with an
address my isp's domain to the isp, but to send mail from one of my
own domains directly.  My mx record in zonedit points to my wan
address, but of course a reverse lookup of that address gets the isp's
name for the link. As far as I can tell if you publish an spf record
with the mx: option your sending ip address just needs to match the ip
address of the mx record for the domain you specify in the sending
domain's spf record to pass.

--
Rick DeNatale

Visit the Project Mercury Wiki Site
http://www.mercuryspacecraft.com/



More information about the TriLUG mailing list