You should also add an SPF record in addition to a TXT record, as
recommended by RFC 4408. The format is the same.
*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
| tylerromeo(a)gmail.com
On Fri, Sep 28, 2012 at 2:04 PM, Daniel Friesen
<daniel(a)nadir-seen-fire.com>wrote;wrote:
On Fri, 28 Sep 2012 11:00:08 -0700, Jeff Green
<jgreen(a)wikimedia.org
wrote:
I'm planning to deploy Sender Policy Framework (SPF) for the
wikimedia.org domain on Weds October 5. SPF is a
framework for
validating outgoing mail, which gives the receiving side useful information
for spam filtering. The main goal is to cause spoofed @wikimedia.orgmail to be correctly
identified as such. It should also improve our odds of
getting fundraiser mailings into inboxes rather than spam folders.
The change should not be noticeable, but the most likely problem would be
legitimate @wikimedia.org mail being treated as spam. If you hear of
this happening please let me know.
Technical details are below for anyone interested . . .
Thanks,
jg
Jeff Green
Operations Engineer, Special Projects
Wikimedia Foundation
149 New Montgomery Street, 3rd Floor
San Francisco, CA 94105
jgreen(a)wikimedia.org
. . . . . . .
SPF overview
http://en.wikipedia.org/wiki/**Sender_Policy_Framework<http://en.wikiped…
The October 8 change will be simply a matter of adding a TXT record to
the
wikimedia.org DNS zone:
wikimedia.org IN TXT "v=spf1 ip4:91.198.174.0/24
ip4:208.80.152.0/22ip6:2620:0:860::/46 include:_
spf.google.com ip4:74.121.51.111 ?all"
The record is a list of subnets that we identify as senders (all wmf
subnets, google apps, and the fundraiser mailhouse). The "?all" is a
"neutral" policy--it doesn't state either way how mail should be handled.
Eventually we'll probably bump "?all" to a stricter "~all" aka
SoftFail,
which tells the receiving side that only mail coming from the listed
subnets is valid. Most ISPs will route 'other' mail to a spam folder based
on SoftFail.
I was under the impression that ~all softfail is not an assertion that
something is not authorized and the only way to actually assert that is
with -all hardfail.
Please bug me with any questions/comments!
--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [
http://daniel.friesen.name]
______________________________**_________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/**mailman/listinfo/wikitech-l<https://lists.…