do you use SPF TXT RRs? (RFC4408)

John Adams jna at retina.net
Mon Oct 4 12:05:29 CDT 2010


We've seen percentage gains when signing with DK, and we carefully
monitor our mail acceptance percentages with ReturnPath. It's around
4-6%. I'd like to stop using it, but some people still check DK.

-j


On Mon, Oct 4, 2010 at 10:02 AM, Michael Thomas <mike at mtcc.com> wrote:
> On 10/04/2010 09:54 AM, John Adams wrote:
>>
>> Without proper SPF records your mail stands little chance of making it
>> through some of the larger providers, like gmail, if you are sending
>> in any high volume. You should be using SPF, DK, and DKIM signing.
>
> There should really be no reason to sign with DK too. It's historic.
>
>> I don't really understand how your security company related SPF to DoS
>> though. They're unrelated, with the exception of backscatter.
>
> Me either.
>
> Mike
>
>>
>> -j
>>
>>
>> On Mon, Oct 4, 2010 at 9:47 AM, Greg Whynott<Greg.Whynott at oicr.on.ca>
>>  wrote:
>>>
>>> A partner had a security audit done on their site.  The report said they
>>> were at risk of a DoS due to the fact they didn't have a SPF record.
>>>
>>> I commented to his team that the SPF idea has yet to see anything near
>>> mass deployment and of the millions of emails leaving our environment
>>> yearly,  I doubt any of them have ever been dropped due to us not having an
>>> SPF record in our DNS.  When a client's email doesn't arrive somewhere,  we
>>> will hear about it quickly,  and its investigated/reported upon.      I'm
>>> not opposed to putting one in our DNS,  and probably will now - for
>>> completeness/best practice sake..
>>>
>>>
>>> how many of you are using SPF records?  Do you have an opinion on their
>>> use/non use of?
>>>
>>> take care,
>>> greg
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>
>




More information about the NANOG mailing list