SPFdz
ʲôSPF¼
SPFָSender Policy FrameworkǷ߲ԼܹȽֿڣֱͨӳΪSPFϵͳжһSPFʽΪtxt¼ΪSPF¼
SPF¼ʲôã
SPFΪ˷ʼһDNS¼ͣһTXT͵ļ¼ڵǼijӵеⷢʼIPַ:
dig TXT domain.com
domain.com. 27970 IN TXT "v=spf1 ip4:218.16.118.186 -all"
SPFĸʽDNS¼һTXT͵ļ¼߸ȣͬʱԷֹʼαķ˷ʼ
SPFǸDNSصһдDNStxt͵ļ¼档mx¼ǸָijʼЩSPFømx෴߱ЩʼǾijϿɻᷢʼġ
ɶԿSPFҪǷʼҪЩαʼ
βѯSPF¼
ǰгϺܶʼϵͳӦ̶Ѿʼ֧SPF163.comôεõ163.comSPFֵأCMDУ룺
nslookup
set type=txt
163.com
ͻõµĽ
163.com text =
"v=spf1 ip4:220.181.12.0/22 ip4:202.108.9.128/25 ip4:202.108.5.0/24 ~all"
163.com nameserver = ns3.nease.net
163.com nameserver = ns.nease.net
ns.nease.net internet address = 202.106.185.75
ns3.nease.net internet address = 220.181.28.3
У"v=spf1 ip4:220.181.12.0/22 ip4:202.108.9.128/25 ip4:202.108.5.0/24 ~all"163.comSPFֵ
˵163.comЧϷЩ
SPF¼
һTXT¼дȷSPFݾͿЧˡ
ʽ£
v=spf1 [[pre] type [ext] ] ... [mod]
ÿĺ±ʾ
v=spf1 SPF İ汾ʹ Sender ID ĻֶξӦ v=spf2
pre ƥʱķֵ
ܵķֵ ֵ
+ ȱʡֵڲɵʱʾͨ
- ʾʧܡֵͨ -allʾûκƥ䷢
~ ʾʧܣͨʾûɡ
? ʾÿɷֵҲͨڲûɵʱʹá
type ʹõȷϲԵ͡
ֵܵ ѡֵ
include һIJ
include:domain ʽд
all ֹС
磬ѡ -allô¼ҲζŲʧˡȷʹ"?all"ʾԽܡ
ip4 ʹ IPv4 ֤
ip4:ipv4 ip4:ipv4/cidr ʽʹáʹԼĸɡ
ip6 ʹ IPv6 ֤
a ʹһ֤
⽫һ A RR ѯ
a:domain, a:domain/cidr a/cidr ʽʹá
mx ʹ DNS MX RR ֤
MX RR ŵ MTAܺͷŵ MTA Dzͬģ mx IJԽʧܡ
mx:domain, mx:domain/cidr mx/cidr Щʽ mx ֤
ptr ʹ PTR RR ֤
ʱSPF ʹ PTR RR ͷͼвѯصλͬһ֮ڣ֤ͨˡ
д ptr:domain
exist ֤Ĵԡ
д exist:domain ʽ
ext type ĿѡչûֶΣôʹõ¼ѯ
mod ָʾΪ¼һֵ
ֵ
redirect ضѯʹø SPF ¼
redirect=domain ķʽʹá
exp ¼һһƵʧϢ
IN TXT "v=spf1 mx -all exp=getlost.example.com"
getlost IN TXT "You are not authorized to send mail for the domain"
ҹ˾жƵĵʽSPF¼ܣ㡢ݡȷĽSPF¼
