do you use SPF TXT RRs? (RFC4408)
Michael Thomas
mike at mtcc.com
Mon Oct 4 17:02:48 UTC 2010
On 10/04/2010 09:54 AM, John Adams wrote:
> Without proper SPF records your mail stands little chance of making it
> through some of the larger providers, like gmail, if you are sending
> in any high volume. You should be using SPF, DK, and DKIM signing.
There should really be no reason to sign with DK too. It's historic.
> I don't really understand how your security company related SPF to DoS
> though. They're unrelated, with the exception of backscatter.
Me either.
Mike
>
> -j
>
>
> On Mon, Oct 4, 2010 at 9:47 AM, Greg Whynott<Greg.Whynott at oicr.on.ca> wrote:
>>
>> A partner had a security audit done on their site. The report said they were at risk of a DoS due to the fact they didn't have a SPF record.
>>
>> I commented to his team that the SPF idea has yet to see anything near mass deployment and of the millions of emails leaving our environment yearly, I doubt any of them have ever been dropped due to us not having an SPF record in our DNS. When a client's email doesn't arrive somewhere, we will hear about it quickly, and its investigated/reported upon. I'm not opposed to putting one in our DNS, and probably will now - for completeness/best practice sake..
>>
>>
>> how many of you are using SPF records? Do you have an opinion on their use/non use of?
>>
>> take care,
>> greg
>>
>>
>>
>>
>>
>>
>>
More information about the NANOG
mailing list