[SWLUG] QMail recipient check

Wed Sep 6 11:21:01 UTC 2006

Daniel Barbato wrote:
> For instance I remember hearing something about hosting on my domain
> which states the valid ip addresses that mail from my domain can be
> sent from, the receiving MTA checks the ip, if it's not valid it
> throws it away.

That'll be SPF - and you can create the line using their form at 
openspf.org. All you need to do then is to set it as a TXT entry in your 
DNS.

The domain I'm sending this from has:

v=spf1 a mx include:zen.co.uk ~all

That the a record for the domain can send e-mail, as well as the mx 
record (which in this case are both the same as they're both the same 
server.

I've also allowed any servers from zen.co.uk to send e-mail (in case I 
have a problem with my server and which to use their relays - to use 
this properly, zen.co.uk also needs an SPF).

Finally ~all means only those entires I've set can send the e-mail. No 
exceptions. This is a hard fail. If you're just trialling, ?all can be 
used as a soft fail. Sort of, it doesn't match but I may have missed 
something.

Finally, this will only work of the server receiving the mail supported 
SPF and not alot do at the moment. AOL and Hotmail being the two 
biggest. But, it is growing. We do support it on our servers whenever 
possible. The entires are also setup by default to provide customers 
with extra protection on their e-mail.

-- 
  Jonathan Wright                                 mail at djnauk.co.uk
                                                http://djnauk.co.uk

  cat /dev/random (you never know, you may see something you like!)

  2.6.17-gentoo-r3-djnauk-b1 AMD Athlon(tm) XP 2100+
  up 18 days, 3:15, 1 user, load average: 0.68, 0.49, 0.27