Opened 15 years ago
Last modified 13 years ago
#129 new enhancement
Publish an SPF record for scripts.mit.edu / get scripts.mit.edu DNS delegation
Reported by: | andersk | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | Keywords: | ||
Cc: |
Description (last modified by andersk)
According to the Messaging Anti-Abuse Working Group, all outgoing email providers should publish SPF records for mailing domains. We should try to publish SPF records for scripts.mit.edu and scripts-vhosts.mit.edu.
It is not as easy to publish SPF records (which are DNS TXT records) at MIT as it is elsewhere, and it would be a particular pain if we had to change it frequently, but we have a few options.
- Publish "v=spf1 a:scripts1.mit.edu … a:scripts8.mit.edu -all" and assume it won’t need to change frequently—eight servers will almost certainly last for a long time.
- Ask for DNS delegation for scripts.mit.edu (which would be nice for other reasons, especially if we want to do per-locker load balancing some day).
- Publish "v=spf1 redirect=scripts.sipb.org" or something so we can serve the real record from elsewhere.
- Publish a lame SPF record like "v=spf1 ip4:18.181.0.0/16 -all".
Change History (5)
comment:1 Changed 15 years ago by geofft
comment:2 Changed 15 years ago by andersk
- Description modified (diff)
comment:3 follow-up: ↓ 5 Changed 13 years ago by ezyang
- Summary changed from Publish an SPF record for scripts.mit.edu to Publish an SPF record for scripts.mit.edu / get scripts.mit.edu DNS delegation
Also, delegation means we could make www. prefixes automatically work.
comment:4 Changed 13 years ago by ezyang
- Priority changed from minor to major
- Type changed from defect to enhancement
comment:5 in reply to: ↑ 3 Changed 13 years ago by andersk
Replying to ezyang:
Also, delegation means we could make www. prefixes automatically work.
No, we could do that without delegation. But I don’t think we want to. If you think we do, let’s discuss that elsewhere.
We could also get more IPs now and publish "v=spf1 a:scripts1.mit.edu ... a:scripts16.mit.edu".
But I think I agree that scripts8 should last us for long enough (and updates aren't so hard) that we should just ask for the scripts1-scripts8 SPF record now.