[wellylug] Re: CA-CERT Assurance

Phillip Hutchings sitharus at sitharus.com
Sun Jun 6 23:22:40 NZST 2004


On 6/06/2004, at 11:08 PM, Tim Nicholas wrote:

> On 06/04/04 19:26, Sam Cannell wrote:
>> The general idea was to put a TXT record in your domain with a list of
>> addresses or netblocks that were allowed to transmit mail from an
>> @yourdomain.foo address.
>
> So basically I could get a complete list of valid addresses for 
> domainX by running 'host -t TXT domainX' ?? Am I misunderstanding? 
> That sounds a little retarded.

No, you put a list of the servers that are allowed to send mail from 
your domain. Like with mine for SPF:
$ host -t TXT sitharus.com
sitharus.com text "v=spf1 mx -all"

Which means SPF v1, only allow mail from servers listed as an MX. In 
this case a receiving MTA will look up the TXT records, then the MX 
records and then check that the connection that the mail is being sent 
from matches one of my MXs.

--
Phillip Hutchings
sitharus at sitharus.com
http://www.sitharus.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2371 bytes
Desc: not available
Url : http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20040606/165c922e/attachment.bin 


More information about the wellylug mailing list