SPF / TXT records

Archived from groups: microsoft.public.win2000.dns,microsoft.public.windows.server.dns (More info?)

Anyone using SPF records for your SMTP?
(Send Policy Framework)

Seems interesting and might cut down on some
spam and many of those bounce messages with
forged headers....

Microsoft DNS doesn't support SPF records
(perhaps neither does BIND) but SPF allows
for a TXT record substitution or supplement
and SPF compliant email systems should check
either (both actually and use the SPF if both
are present) and use the TXT if the SPF is missing.

I wonder if MS is planning on supporting this
record type in a future update or product version?

Here is the draft RFC:
http://www.ozonehouse.com/mark/spf [...] spf-00.txt

Here is a site focused on the SPF concept and explaining
its use -- complete with record creation wizard:
http://spf.pobox.com/

The SPF wizard itself:
http://spf.pobox.com/wizard.html

Here are MS specific instructions:
http://www.michaelbrumm.com/spfwindowsdns/

I found out about it by using www.DNSreport.com
which offered a warning for it being missing.

Please comment or let me know if you have any
successes with SPF records.

--
Herb Martin

Archived from groups: microsoft.public.win2000.dns,microsoft.public.windows.server.dns (More info?)

In article <ua9FIpMEFHA.1932@TK2MSFTNGP14.phx.gbl>, news@LearnQuick.com says...
>
>Anyone using SPF records for your SMTP?
>(Send Policy Framework)
>
>Seems interesting and might cut down on some
>spam and many of those bounce messages with
>forged headers....
>
>Microsoft DNS doesn't support SPF records
>(perhaps neither does BIND) but SPF allows
>for a TXT record substitution or supplement
>and SPF compliant email systems should check
>either (both actually and use the SPF if both
>are present) and use the TXT if the SPF is missing.
>I wonder if MS is planning on supporting this
>record type in a future update or product version?
**************** REPLY SEPARATER *****************
Actually, there is no specific RR for SPF at the moment and Microsoft is
planning on using SPF TXT records for it's SenderID
http://www.microsoft.com/mscorp/tw [...] fault.mspx
I personally disagree with the Microsoft approach because it will reject after
DATA using the data header information. SPF itself rejects before DATA during
the SMTP session, which eliminates unnecessary traffic and unnecessary bounces
to faked addresses.
**************************************************
>Here is the draft RFC:
>http://www.ozonehouse.com/mark/spf/draft-lentczner-spf-00.txt
>
>Here is a site focused on the SPF concept and explaining
>its use -- complete with record creation wizard:
>http://spf.pobox.com/
>
>The SPF wizard itself:
>http://spf.pobox.com/wizard.html
>
>Here are MS specific instructions:
>http://www.michaelbrumm.com/spfwindowsdns/
>
>I found out about it by using www.DNSreport.com
>which offered a warning for it being missing.
>
>Please comment or let me know if you have any
>successes with SPF records.
>
>--
>Herb Martin
>
>
>

Archived from groups: microsoft.public.win2000.dns,microsoft.public.windows.server.dns (More info?)

> Herb, I'm really surprised this post is coming from you.
> Microsoft DNS does support SPF, which is just a TXT record. From the
Action
> menu select Other New records, then select TXT record type. go to
> spf.pobox.com and run the wizard and paste the results to the TXT record.

Well, several people said this (MS supports it; SPF is
really just a TXT record) even though those statements
are technically incorrect AND I covered the TXT
record substitution (so it isn't just a picky technical
distinction):

> > Microsoft DNS doesn't support SPF records
> > (perhaps neither does BIND) but SPF allows
> > for a TXT record substitution or supplement
> > and SPF compliant email systems should check
> > either (both actually and use the SPF if both
> > are present) and use the TXT if the SPF is missing.

MS does not support the SPF record ITSELF. It supports
the TXT substitute because it supports text records and
the SPF idea offers this as an alternative specifically
for this reason (most DNS servers don't know about SPF
records themselves yet.)

> Understand you having SPF does not protect you much from spam, your SMTP
> server may not even query for SPF,

The goal is that most SMPT servers over time WILL
do this.

> your reason for having SPF is to prevent
> someone from sending mail using your domain name and not using your mail
> server to do it.

Yes, and this will remove most of those "bounce
spam" message once SMTP servers query for it.

> Even then, the receiving SMTP must query the SPF record you
> created. It will help you in sending mail to aol.com and hotmail.com. SPF
is
> one of those things that for it to be really effective, everyone will need
> an SPF record and all SMTP servers will need to query for the SPF for all
> incoming mail.

Sounds like a good idea.

Maybe we should encourage it, don't you think?

--
Herb Martin


"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:#3bQ5ISEFHA.4020@TK2MSFTNGP15.phx.gbl...
> In news:ua9FIpMEFHA.1932@TK2MSFTNGP14.phx.gbl,
> Herb Martin <news@LearnQuick.com> commented
> Then Kevin replied below:
> > Anyone using SPF records for your SMTP?
> > (Send Policy Framework)
> >
> > Seems interesting and might cut down on some
> > spam and many of those bounce messages with
> > forged headers....
> >
> > Microsoft DNS doesn't support SPF records
> > (perhaps neither does BIND) but SPF allows
> > for a TXT record substitution or supplement
> > and SPF compliant email systems should check
> > either (both actually and use the SPF if both
> > are present) and use the TXT if the SPF is missing.
> >
> > I wonder if MS is planning on supporting this
> > record type in a future update or product version?
> >
> > Here is the draft RFC:
> > http://www.ozonehouse.com/mark/spf [...] spf-00.txt
> >
> > Here is a site focused on the SPF concept and explaining
> > its use -- complete with record creation wizard:
> > http://spf.pobox.com/
> >
> > The SPF wizard itself:
> > http://spf.pobox.com/wizard.html
> >
> > Here are MS specific instructions:
> > http://www.michaelbrumm.com/spfwindowsdns/
> >
> > I found out about it by using www.DNSreport.com
> > which offered a warning for it being missing.
> >
> > Please comment or let me know if you have any
> > successes with SPF records.
>
> Herb, I'm really surprised this post is coming from you.
> Microsoft DNS does support SPF, which is just a TXT record. From the
Action
> menu select Other New records, then select TXT record type. go to
> spf.pobox.com and run the wizard and paste the results to the TXT record.
> Understand you having SPF does not protect you much from spam, your SMTP
> server may not even query for SPF, your reason for having SPF is to
prevent
> someone from sending mail using your domain name and not using your mail
> server to do it. Even then, the receiving SMTP must query the SPF record
you
> created. It will help you in sending mail to aol.com and hotmail.com. SPF
is
> one of those things that for it to be really effective, everyone will need
> an SPF record and all SMTP servers will need to query for the SPF for all
> incoming mail.
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>

Archived from groups: microsoft.public.win2000.dns,microsoft.public.windows.server.dns (More info?)

> I have my SPF record in all DNS zones I host, there is not a record type
> SPF. If you read the wizard at spf.pobox.com it tells you to paste it to a
> TXT record type, which is what is queried for.
>

You didn't read the RFC but assumed that the
way the wizard does it is the only way.

Now, that would be find except you tried to
use your incomplete understanding to claim
I was wrong -- even though my message had
given your the information you needed to check
or query to really understand the SPF record
type.

Archived from groups: microsoft.public.win2000.dns,microsoft.public.windows.server.dns (More info?)

> No I didn't read the RFC, so I went to the RFCs and search for SPF and
> Sender Policy Framework and I found no references.

Go back and RE-READ my original message the link to
the RFC is included.

> I also found no reference for an SPF record type anywhere in the RFCs, I
> didn't make any claims, I stated a fact, SPF is published in a TXT record.

The reference to the SPF and the explanation of the
interrim use of the TXT record is clearly indicated.

> It is not a record type it is an algorythm used by mail servers.

It is a new draft record type not supported by MS (yet).

Archived from groups: microsoft.public.win2000.dns,microsoft.public.windows.server.dns (More info?)

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:ui1Cq1hEFHA.2156@TK2MSFTNGP10.phx.gbl...
> In news:eiCSWoXEFHA.936@TK2MSFTNGP12.phx.gbl,
> Herb Martin <news@LearnQuick.com> made a post then I commented below
> >> No I didn't read the RFC, so I went to the RFCs and search for SPF
> >> and Sender Policy Framework and I found no references.
> >
> > Go back and RE-READ my original message the link to
> > the RFC is included.
> >
> >> I also found no reference for an SPF record type anywhere in the
> >> RFCs, I didn't make any claims, I stated a fact, SPF is published in
> >> a TXT record.
> >
> > The reference to the SPF and the explanation of the
> > interrim use of the TXT record is clearly indicated.
> >
> >> It is not a record type it is an algorythm used by mail servers.
> >
> > It is a new draft record type not supported by MS (yet).
>
>
> Can you pinpoint in the RFC explaining this instead of us reading the
whole
> thing thru? (Copy and paste the relevent paragraph).

Of course I can -- I already explained it and posted it.

Go read the FIRST message, and then follow the link
to the RFC and read about the record types. The RFC
is complete with a CONTENTS so it is trivial to find
and search for whatever you wish.

BTW, register.com doesn't seem to support EITHER
TXT or the specific SPF records.

GoDaddy.com supports both the generic TXT record
and the specific SPF.

Archived from groups: microsoft.public.win2000.dns,microsoft.public.windows.server.dns (More info?)

Herb Martin wrote:
>>>>It is not a record type it is an algorythm used by mail servers.
>>>
>>>It is a new draft record type not supported by MS (yet).
>>
>>
>>Can you pinpoint in the RFC explaining this instead of us reading the
>>whole thing thru? (Copy and paste the relevent paragraph).
>
> Of course I can -- I already explained it and posted it.
>
> Go read the FIRST message, and then follow the link
> to the RFC and read about the record types. The RFC
> is complete with a CONTENTS so it is trivial to find
> and search for whatever you wish.

The draft supports an RR for SPF. The actual protocol only uses TXT
records.


--
No user-serviceable parts

Archived from groups: microsoft.public.win2000.dns,microsoft.public.windows.server.dns (More info?)

Yes, I use an SPF record.

Don't follow MS's DNS, but rumour has it that SP2 for Exchange will
introduce support for Microsoft's Caller ID/SPF since Edge services is no
more.

"Herb Martin" <news@LearnQuick.com> wrote in message
news:ua9FIpMEFHA.1932@TK2MSFTNGP14.phx.gbl...
> Anyone using SPF records for your SMTP?
> (Send Policy Framework)
>
> Seems interesting and might cut down on some
> spam and many of those bounce messages with
> forged headers....
>
> Microsoft DNS doesn't support SPF records
> (perhaps neither does BIND) but SPF allows
> for a TXT record substitution or supplement
> and SPF compliant email systems should check
> either (both actually and use the SPF if both
> are present) and use the TXT if the SPF is missing.
>
> I wonder if MS is planning on supporting this
> record type in a future update or product version?
>
> Here is the draft RFC:
> http://www.ozonehouse.com/mark/spf [...] spf-00.txt
>
> Here is a site focused on the SPF concept and explaining
> its use -- complete with record creation wizard:
> http://spf.pobox.com/
>
> The SPF wizard itself:
> http://spf.pobox.com/wizard.html
>
> Here are MS specific instructions:
> http://www.michaelbrumm.com/spfwindowsdns/
>
> I found out about it by using www.DNSreport.com
> which offered a warning for it being missing.
>
> Please comment or let me know if you have any
> successes with SPF records.
>
> --
> Herb Martin
>
>
>