what is a SPF (type 99) record and who do I implement?

G.W. Haywood bind at jubileegroup.co.uk
Sat Mar 27 07:48:08 UTC 2010 

Hi there,

On Wed, 24 Mar 2010 Security Admin (NetSec) wrote:

> Struggled to find anything explicit on this subject via google

The subject line should probably read "how..." not "who...". :)

It seems that your first language is not English, and unfortunately
that is a disadvantage, but you probably need to work on your search
skills and you might want to subscribe to a low-traffic list and lurk
there (simply read all the messages without replying:) for a while.

mailto:subscribe-spf-help at v2.listbox.com

....

On Thu, 25 Mar 2010 the same author wrote:

> Correction.  I found many sites which discuss what it is, but none
> that explicitly tell me how to implement in my hosts file.

One of us seems to be very confused.

You might need to read the book "DNS and BIND" or something similar.
Do you really mean your 'hosts' file, as in '/etc/hosts'?

Please phrase your question more clearly.  What operating system are
you using?  Please say exactly what and where the files are.  SPF is
not (and BIND is not) configured by changing the 'hosts' file although
you can give information to a local resolver that way, as a short-cut,
instead of configuring a nameserver to do so.

> Currently hosts file looks like:
>
> Mydomain.com       172800  IN TXT  "v=spf1 mx -all"
> Mydomain.com       172800  IN SPF  "v=spf1 mx -all"
> Mydomain.com       172800  IN MX   10 Mail.Mydomain.com
> Mail.Mydomain.com  172800  IN A    vvv.xxx.yyy.zzz
>
> Is this correct?

Is this the complete file?  What is the file, and where is it in the
filesystem?  Are you running the nameserver (the software is called
'BIND', the binary is called 'named')?  How is BIND to find the file?
Are there some other files which give information about the domain,
such as '/etc/named.conf'?  You probably need to tell us about them.

The string

"v=spf1 mx -all"

is OK as an SPF record whether the record type is TXT or SPF.  It is
better if you specify IP addresses instead of 'mx' (it's more efficient,
as it reduces the number of queries required).

> FYI not using DNSSEC

It makes no difference to the SPF records themselves.

--

73,
Ged.

More information about the bind-users mailing list