From: "Rick Moen" rick@linuxmafia.com Subject: Re: [BALUG-Admin] BALUG & SPF Date: Fri, 18 Aug 2017 06:47:28 -0700
I see no reason why you couldn't declare an SPF RR for a subdomain. I've just never to date had a need to do so, on my systems.
Well, notably at present, balug.org. and temp.balug.org. are pretty dang independent and unrelated. Until balug.org. (and lists.balug.org., etc.) are ripped out from under DreamHost.com. ...
KISS. Have a single txt record for the domain, and just put everything
"Things should be as simple as possible, but no simpler" ;-) A lot of the DNS that *will* get moved over, is mostly set up to initially do a one-to-one mapping - that makes dealing with it in the interim about as simple as feasible, and I'm trying to avoid complicating that by adding stuff now, that can about as well or better (and notably more simply and less confusing, and less differences to need to be aware and keep track of) be added later (but hey, also, later should arrive *fairly* soon). Also, getting the heck off of DreamHost.com has priority over less critical stuff that can be improved later.
I mean, why delay? Are you saying we don't know what the authorised sending SMTP hosts are (the ones we want to declare authorised) for domain balug.org? Is it a mystery? (Note: Hypothetical Dreamhost
Yes, effectively don't - or no guarantees it won't change. DreamHost does sometimes make changes to hostnames, IP addresses, etc., and with no notice of such changes - the only way I know about such changes is they show up in DNS, etc. As for DreamHost.com hosting, the sending domains are @balug.org and (for the lists) @lists.balug.org, but we don't control the IPs, MX records, etc. used by those. So, yeah, might be able to drop SPF record(s) in there, but could also thorughly screw things over too - and at any point in time and with no advance notice (and DreamHost.com might not let us add or alter some of those DNS records anyway, and DNS changes on DreamHost.com. are quite a PITA anyway).
No, it doesn't. If you're worried about Dreamhost suddenly and in the near futher moving where its authorised SMTP sender is for lists.balug.org to a new IP, you can use the SPF RR "include" directive to incorporate _their_ SPF RR by reference.
No assurances those correlate or will continue to correlate.
Notice that they use include options so they can authorise several external senders whose DNS and IP assignments are not under their control.
Ah, now that makes sense. I mean why would DreamHost trust their own hosting after all? ;->