Solved

TXT and SPF DNS Records

Posted on 2013-11-03
5
425 Views
Last Modified: 2013-11-07
I did some readings about TXT record, the articles will give you slink to SPF, it sounds like TXT and SPF are related.

Any DNS Expert to explain clearly what TXT and SPF are used for, an example will be also very helpful.

Thank you
0
Comment
Question by:jskfan
  • 2
  • 2
5 Comments
 
LVL 27

Assisted Solution

by:davorin
davorin earned 166 total points
Comment Utility
The SPF "record" in DNS is specified as TXT DNS record type. From beginning TXT records were probably meant for comments, but later it was used also for other proposes like for SPF, DKIM,... records
There also exist the "real" SPF record, but it is not supported by many systems, so you can say it is obsolete and not used any more.
My only usage of TXT record is for specifying SPF. I have never used it for any other purpose.

Some more info here: http://en.wikipedia.org/wiki/List_of_DNS_record_types
http://www.debianhelp.co.uk/dnsrecords.htm
0
 
LVL 13

Assisted Solution

by:Daniel Helgenberger
Daniel Helgenberger earned 334 total points
Comment Utility
Just to add to davorin's good synopsis of SPF and TXT records, SPF records are used to identify a valid sender IP for mail systems. A receiving mail server may query these to know if the domain permits this particular server / ip sending mail on it's behalf. The syntax is quite powerful.
Please note, a correctly configured SPF has no downsides and only benefits.

There is also one very common use of TXT records: Companies (esp. Microsoft) uses these for domain ownership validation. For instance, you are registering your domain for Office 365. Microsoft requires you to add a certain Auth code as TXT record to the top level of your domain which is in turn validated by Microsoft, assuming someone being able to change DNS settings is also the owner of that domain (this will be the case in almost all cases).
0
 

Author Comment

by:jskfan
Comment Utility
I though DNS reverse lookup is the one used to verify the sender domain
0
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 334 total points
Comment Utility
There are many things a MTA can do, including reverse lookups, forward lookups, HELO validation and so on. In the end, it is only a hint or indication and no evidence - and the antispam policy will decide whenever to flag the mail as junk or not.
SPF in turn is the only system I know of where a domain can actually tell the receiving MTA about its valid servers and therefore providing evidence; resulting in a relay access denied if not valid. Please note, on this level done by the MTA already, not necessarily involving any antispam filter.
0
 

Author Closing Comment

by:jskfan
Comment Utility
thank you
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Resolve DNS query failed errors for Exchange
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now