[BALUG-Admin] BALUG & SPF
Michael Paoli
Michael.Paoli@cal.berkeley.edu
Fri Aug 18 07:11:57 PDT 2017
> From: "Rick Moen" <rick@linuxmafia.com>
> Subject: Re: [BALUG-Admin] BALUG & SPF
> Date: Fri, 18 Aug 2017 06:47:28 -0700
> I see no reason why you couldn't declare an SPF RR for a subdomain.
> I've just never to date had a need to do so, on my systems.
Well, notably at present, balug.org. and temp.balug.org. are
pretty dang independent and unrelated. Until balug.org.
(and lists.balug.org., etc.) are ripped out from under DreamHost.com. ...
> KISS. Have a single txt record for the domain, and just put everything
"Things should be as simple as possible, but no simpler" ;-)
A lot of the DNS that *will* get moved over, is mostly set up
to initially do a one-to-one mapping - that makes dealing with
it in the interim about as simple as feasible, and I'm trying to
avoid complicating that by adding stuff now, that can about as
well or better (and notably more simply and less confusing, and less
differences to need to be aware and keep track of) be added later (but
hey, also, later should arrive *fairly* soon). Also, getting the
heck off of DreamHost.com has priority over less critical stuff that
can be improved later.
> I mean, why delay? Are you saying we don't know what the authorised
> sending SMTP hosts are (the ones we want to declare authorised) for
> domain balug.org? Is it a mystery? (Note: Hypothetical Dreamhost
Yes, effectively don't - or no guarantees it won't change.
DreamHost does sometimes make changes to hostnames, IP addresses,
etc., and with no notice of such changes - the only way I know about
such changes is they show up in DNS, etc. As for DreamHost.com hosting,
the sending domains are @balug.org and (for the lists) @lists.balug.org,
but we don't control the IPs, MX records, etc. used by those. So, yeah,
might be able to drop SPF record(s) in there, but could also thorughly
screw things over too - and at any point in time and with no advance
notice (and DreamHost.com might not let us add or alter some of those
DNS records anyway, and DNS changes on DreamHost.com. are quite a PITA
anyway).
> No, it doesn't. If you're worried about Dreamhost suddenly and in the
> near futher moving where its authorised SMTP sender is for
> lists.balug.org to a new IP, you can use the SPF RR "include" directive
> to incorporate _their_ SPF RR by reference.
No assurances those correlate or will continue to correlate.
> Notice that they use include options so they can authorise several
> external senders whose DNS and IP assignments are not under their
> control.
Ah, now that makes sense. I mean why would DreamHost trust their own
hosting after all? ;->
More information about the BALUG-Admin
mailing list