do you use SPF TXT RRs? (RFC4408)
Nick Olsen
nick at brevardwireless.com
Mon Oct 4 17:00:06 UTC 2010
We use SPF. Lots of the bigger guys require it. Along with DK/DKIM
signing.
In our spam weight based filtering, if it hardfails it drops it,
softfail(no spf record) we don't add or remove points at all. If it passes
SPF we remove a few points of the spam weight.
Nick Olsen
Network Operations
(877) 804-3001 x106
----------------------------------------
From: "Greg Whynott" <Greg.Whynott at oicr.on.ca>
Sent: Monday, October 04, 2010 12:48 PM
To: "nanog at nanog.org list" <nanog at nanog.org>
Subject: do you use SPF TXT RRs? (RFC4408)
A partner had a security audit done on their site. The report said they
were at risk of a DoS due to the fact they didn't have a SPF record.
I commented to his team that the SPF idea has yet to see anything near mass
deployment and of the millions of emails leaving our environment yearly, I
doubt any of them have ever been dropped due to us not having an SPF record
in our DNS. When a client's email doesn't arrive somewhere, we will hear
about it quickly, and its investigated/reported upon. I'm not opposed
to putting one in our DNS, and probably will now - for completeness/best
practice sake..
how many of you are using SPF records? Do you have an opinion on their
use/non use of?
take care,
greg
More information about the NANOG
mailing list