[wellylug] Re: CA-CERT Assurance
Phillip Hutchings
sitharus at sitharus.com
Sun Jun 6 23:22:40 NZST 2004
On 6/06/2004, at 11:08 PM, Tim Nicholas wrote:
> On 06/04/04 19:26, Sam Cannell wrote:
>> The general idea was to put a TXT record in your domain with a list of
>> addresses or netblocks that were allowed to transmit mail from an
>> @yourdomain.foo address.
>
> So basically I could get a complete list of valid addresses for
> domainX by running 'host -t TXT domainX' ?? Am I misunderstanding?
> That sounds a little retarded.
No, you put a list of the servers that are allowed to send mail from
your domain. Like with mine for SPF:
$ host -t TXT sitharus.com
sitharus.com text "v=spf1 mx -all"
Which means SPF v1, only allow mail from servers listed as an MX. In
this case a receiving MTA will look up the TXT records, then the MX
records and then check that the connection that the mail is being sent
from matches one of my MXs.
--
Phillip Hutchings
sitharus at sitharus.com
http://www.sitharus.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2371 bytes
Desc: not available
Url : http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20040606/165c922e/attachment.bin
More information about the wellylug
mailing list