[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: BUG:No Valid SPF Record Leading to Email Spoofing.

From: Jakob Bohm
Subject: Re: BUG:No Valid SPF Record Leading to Email Spoofing.
Date: Tue, 3 Nov 2020 16:42:49 +0100
User-agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0

On 2020-11-03 16:09, Peter Maydell wrote:
On Tue, 3 Nov 2020 at 14:23, Jakob Bohm <jb@wisemo.com> wrote:
I just checked, the project admins still haven't fixed the qemu.org DNS as per 
best practice (see my previous mail).
qemu.org doesn't run a mail service anyway -- there are no
qemu.org email addresses.
Best current practice is to have DNS records telling potential mail
recipients that no email addresses exist for a domain.

This is a side effect of the ancient rule that any A record functions
as an implicit delivery point for incoming mail, making it formally
valid to send mail from any DNS domain name with an IP address.

The current way of doing that is to add the following records:

    MX 0 .
    TXT "v=spf1 -all"

Older software will recognize that TXT record as a request to reject
SMTP connections with HELO or MAIL FROM specifying the DNS name,
while the "MX 0 ." record is from a newer specification.

As prohibited by DNS, these records are not needed for a DNS name
that points to a CNAME, such as "www.qemu.org".


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

reply via email to

[Prev in Thread] Current Thread [Next in Thread]