On 03/15/2010 06:18 PM, Security Admin (NetSec) wrote: > Running Postfix as a mail gateway, version 2.6.5 and am finally getting > around to implementing SPF in Postfix. I thought the TXT record in DNS > would suffice which is how I have been running it.
Please note that according to RFC4408 (SPF), section 3.1.1 (DNS Resource Record Types) the preferred DNS RR is "SPF" (code 99), not "TXT". The TXT record is only meant for temporary use for the time period when there are still nameservers operational that don't support the SPF RR yet. > An SPF-compliant domain name SHOULD have SPF records of both RR > types. A compliant domain name MUST have a record of at least one > type. If a domain has records of both types, they MUST have > identical content. For example, instead of publishing just one > record as in Section 3.1 above, it is better to publish: > > example.com. IN TXT "v=spf1 +mx a:colo.example.com/28 -all" > example.com. IN SPF "v=spf1 +mx a:colo.example.com/28 -all" Given current state of things, I would recommend using both. Make sure they contain exactly the same information though.
