do you use SPF TXT RRs? (RFC4408)

• Previous message (by thread): do you use SPF TXT RRs? (RFC4408)
• Next message (by thread): do you use SPF TXT RRs? (RFC4408)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Oct 4, 2010, at 10:16 AM, Michael Thomas wrote:

> On 10/04/2010 10:05 AM, John Adams wrote:
>> We've seen percentage gains when signing with DK, and we carefully
>> monitor our mail acceptance percentages with ReturnPath. It's around
>> 4-6%. I'd like to stop using it, but some people still check DK.
> 
> Sigh. I was hoping not to hear that. It's been about 5 years since
> the issue of rfc4871. It might be helpful to name and shame.
> 
> Mike
> 
At least in that case, the spammer has to have control of the sending domain.
SPF is not intended to protect from that case. It is intended to protect from the
case where spammers Joe-job domains they can't control.

Removing a few points probably isn't a bad idea so long as you have a list of
domains for which points should be added.

Owen

>> 
>> -j
>> 
>> 
>> On Mon, Oct 4, 2010 at 10:02 AM, Michael Thomas<mike at mtcc.com>  wrote:
>>> On 10/04/2010 09:54 AM, John Adams wrote:
>>>> 
>>>> Without proper SPF records your mail stands little chance of making it
>>>> through some of the larger providers, like gmail, if you are sending
>>>> in any high volume. You should be using SPF, DK, and DKIM signing.
>>> 
>>> There should really be no reason to sign with DK too. It's historic.
>>> 
>>>> I don't really understand how your security company related SPF to DoS
>>>> though. They're unrelated, with the exception of backscatter.
>>> 
>>> Me either.
>>> 
>>> Mike
>>> 
>>>> 
>>>> -j
>>>> 
>>>> 
>>>> On Mon, Oct 4, 2010 at 9:47 AM, Greg Whynott<Greg.Whynott at oicr.on.ca>
>>>>  wrote:
>>>>> 
>>>>> A partner had a security audit done on their site.  The report said they
>>>>> were at risk of a DoS due to the fact they didn't have a SPF record.
>>>>> 
>>>>> I commented to his team that the SPF idea has yet to see anything near
>>>>> mass deployment and of the millions of emails leaving our environment
>>>>> yearly,  I doubt any of them have ever been dropped due to us not having an
>>>>> SPF record in our DNS.  When a client's email doesn't arrive somewhere,  we
>>>>> will hear about it quickly,  and its investigated/reported upon.      I'm
>>>>> not opposed to putting one in our DNS,  and probably will now - for
>>>>> completeness/best practice sake..
>>>>> 
>>>>> 
>>>>> how many of you are using SPF records?  Do you have an opinion on their
>>>>> use/non use of?
>>>>> 
>>>>> take care,
>>>>> greg
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>> 
>>> 
> 

• Previous message (by thread): do you use SPF TXT RRs? (RFC4408)
• Next message (by thread): do you use SPF TXT RRs? (RFC4408)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]