SPF with Postini and Google apps
phil
I was looking for instructions on setting up SPF entries for our
domain hosted with Google Apps via Postini. I know a support document
exists but I cannot find it anywhere, can someone please post it here?
Thanks
Phil
Cyle
ISSUE
How can SPF be configured to be compatible with Perimeter Manager?
RESOLUTION
For Perimeter Manager Inbound:
You do not need to make any configuration changes for SPF to influence
your inbound traffic unless you are using SPF on your incoming mail
traffic. In this case, add the following to your SPF record to allow
notifications to be delivered:
include:spf.postini.com
It should not be necessary to use SPF on your incoming traffic.
Instead, make sure to protect your mail servers from spammers who
bypass Perimeter Manager, using the information found in the Security
and IP Ranges chapter.
For Perimeter Manager Outbound:
Setting up SPF DNS entries as follows will minimize non-deliveries
through outbound. Use this if you ONLY send outgoing mail via
Perimeter Manager outbound mail flow:
domain.com. IN TXT "v=spf1 include:spf.domain.com -all"
[Replace domain.com with the domain you use for outgoing email.]
Then you would add the following TXT Record to spf.domain.com:
spf.domain.com. IN TXT "v=spf1 ip4:207.126.144.0/20 ip4:64.18.0.0/20
ip4:<yourdomain.com IP allocations> -all"
If you send outgoing mail via your own mail servers, you can use the
SPF wizard to find out how to add your servers to the SPF entries
described above:
http://www.openspf.org/wizard.html
Publishing an SPF record following the format described by the SPF
wizard should have no impact on your inbound mail flow through
Perimeter Manager.
ADDITIONAL INFORMATION
Postini has investigated SPF and has decided not to implement it as a
feature for inbound mail processing. Implementing SPF would add
significant processing overhead without adding any appreciable
effectiveness to the spam filtering. Almost all mail that would be
blocked by SPF are also identified as spam by our spam filters.
In addition, Postini tracks the IP addresses of Fortune 500
corporations and the most popular internet sites such as Yahoo,
Hotmail, eBay, etc. Adding these domains to the Approved Senders list,
particularly at the organization level, is not usually needed and can
result in spam appearing to be sent from those domains inadvertently
getting to users' mailboxes. For this reason, Postini recommends
against using the Approved Senders list in this way; rather, it should
be used only for mail from senders that has previously been falsely
quarantined as spam.
Authoritative information concerning SPF is found at:
http://www.openspf.org/
Regards,
Cyle Moore
Technical Support Engineer II
Postini Customer Care
http://support.postini.com
----------------------------------------------------------------------------------