You should also add an SPF record in addition to a TXT record, as recommended by RFC 4408. The format is the same.
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | [email protected] On Fri, Sep 28, 2012 at 2:04 PM, Daniel Friesen <[email protected]>wrote: > On Fri, 28 Sep 2012 11:00:08 -0700, Jeff Green <[email protected]> > wrote: > > I'm planning to deploy Sender Policy Framework (SPF) for the >> wikimedia.org domain on Weds October 5. SPF is a framework for >> validating outgoing mail, which gives the receiving side useful information >> for spam filtering. The main goal is to cause spoofed @wikimedia.orgmail to >> be correctly identified as such. It should also improve our odds of >> getting fundraiser mailings into inboxes rather than spam folders. >> >> The change should not be noticeable, but the most likely problem would be >> legitimate @wikimedia.org mail being treated as spam. If you hear of >> this happening please let me know. >> >> Technical details are below for anyone interested . . . >> >> Thanks, >> jg >> >> Jeff Green >> Operations Engineer, Special Projects >> Wikimedia Foundation >> 149 New Montgomery Street, 3rd Floor >> San Francisco, CA 94105 >> [email protected] >> >> . . . . . . . >> >> SPF overview >> http://en.wikipedia.org/wiki/**Sender_Policy_Framework<http://en.wikipedia.org/wiki/Sender_Policy_Framework> >> >> The October 8 change will be simply a matter of adding a TXT record to >> the wikimedia.org DNS zone: >> >> wikimedia.org IN TXT "v=spf1 ip4:91.198.174.0/24 >> ip4:208.80.152.0/22ip6:2620:0:860::/46 include:_ >> spf.google.com ip4:74.121.51.111 ?all" >> >> The record is a list of subnets that we identify as senders (all wmf >> subnets, google apps, and the fundraiser mailhouse). The "?all" is a >> "neutral" policy--it doesn't state either way how mail should be handled. >> >> Eventually we'll probably bump "?all" to a stricter "~all" aka SoftFail, >> which tells the receiving side that only mail coming from the listed >> subnets is valid. Most ISPs will route 'other' mail to a spam folder based >> on SoftFail. >> > > I was under the impression that ~all softfail is not an assertion that > something is not authorized and the only way to actually assert that is > with -all hardfail. > > > Please bug me with any questions/comments! >> > > > -- > ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name] > > > > ______________________________**_________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/**mailman/listinfo/wikitech-l<https://lists.wikimedia.org/mailman/listinfo/wikitech-l> > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
