wildcard SPF entry w/o wildcard MX entries
harold1
harold.blakney at charter.net
Mon Jul 25 15:06:15 UTC 2005
I'm trying to verify a potential entry that we could use for our SPF
DNS entry.
The uncertainty is that we do not currently use wildcards for our MX
entries or hosts, but would like to use a single wildcard SPF entry to
be used to validate all of the mail domains we host.
Given the following example
6 outbound MTA hosts with associated DNS A/ptr records
(no MX records, these are outbound only relays)
(Inbound is routed through different MTA hosts via MX records to
inbound MTAs)
MTAout1.company.com 151.100.100.136 (mask = 255.255.255.224)
MTAout2.company.com 151.100.100.137 (mask = 255.255.255.224)
MTAout3.company.com 151.100.100.138 (mask = 255.255.255.224)
MTAout4.company.com 151.100.100.139 (mask = 255.255.255.224)
MTAout5.company.com 151.100.100.140 (mask = 255.255.255.224)
MTAout6.company.com 151.100.100.141 (mask = 255.255.255.224)
These MTAs above are responsible for sending mail FROM "many"
multiple domains
We own the parent domain SOA (company.com) and delegate multiple child
domains and "all" outbound mail from the child domains is routed
out via the 6 MTA hosts above.
Each child domain has their own inbound MX entry pointing to
"inbound" MTAs so there are many different DNS entries, one for
each child domain.
Domain1.company.com mx MTAinbound.company.com
Domain2.company.com mx MTAinbound.company.com
Domain3.company.com mx MTAinbound.company.com
Domain4.company.com mx MTAinbound.company.com
...
MTAinbound.company.com A 151.100.200.140
Is it possible to use a wildcard SPF entry for the parent domain so
that we cut down on the number and management of SPF records in DNS?
I believe we can use an entry similar to what is listed below
v=spf1 ip4:151.100.100.128/27 ptr ~all
But can it be tied to ONE single SPF DNS entry with a wildcard as below
event though we don't use wildcards for the hosts or MX entries?
*.company.com IN TXT "v=spf1 ip4:151.100.100.128/27 ptr ~all"
Thanks
More information about the bind-users
mailing list