do you use SPF TXT RRs? (RFC4408)

• Previous message (by thread): do you use SPF TXT RRs? (RFC4408)
• Next message (by thread): do you use SPF TXT RRs? (RFC4408)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We use SPF. Lots of the bigger guys require it. Along with DK/DKIM 
signing.
In our spam weight based filtering, if it hardfails it drops it, 
softfail(no spf record) we don't add or remove points at all. If it passes 
SPF we remove a few points of the spam weight.

Nick Olsen
Network Operations
(877) 804-3001  x106

----------------------------------------

From: "Greg Whynott" <Greg.Whynott at oicr.on.ca>
Sent: Monday, October 04, 2010 12:48 PM
To: "nanog at nanog.org list" <nanog at nanog.org>
Subject: do you use SPF TXT RRs?  (RFC4408)

A partner had a security audit done on their site.  The report said they 
were at risk of a DoS due to the fact they didn't have a SPF record.   

I commented to his team that the SPF idea has yet to see anything near mass 
deployment and of the millions of emails leaving our environment yearly,  I 
doubt any of them have ever been dropped due to us not having an SPF record 
in our DNS.  When a client's email doesn't arrive somewhere,  we will hear 
about it quickly,  and its investigated/reported upon.      I'm not opposed 
to putting one in our DNS,  and probably will now - for completeness/best 
practice sake..  

how many of you are using SPF records?  Do you have an opinion on their 
use/non use of?

take care,
greg

• Previous message (by thread): do you use SPF TXT RRs? (RFC4408)
• Next message (by thread): do you use SPF TXT RRs? (RFC4408)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]