[130466] in North American Network Operators' Group
RE: do you use SPF TXT RRs? (RFC4408)
daemon@ATHENA.MIT.EDU (Nathan Eisenberg)
Mon Oct 4 12:54:23 2010
From: Nathan Eisenberg <nathan@atlasnetworks.us>
To: "nanog@nanog.org list" <nanog@nanog.org>
Date: Mon, 4 Oct 2010 16:53:42 +0000
In-Reply-To: <9C9322AB-CB58-405A-ADA5-A74B2238A2B3@oicr.on.ca>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> how many of you are using SPF records? Do you have an opinion on their
> use/non use of?
=20
We use SPF on most client domains. On inbound filtering, we add no score f=
or a lack of SPF record, and we reject mail if the SPF record hardfails. W=
e've seen it reduce domain-imposter spam. It's not the ultimate spam fight=
ing tool, but it does give you some control over your own domain for whoeve=
r will listen to it, which is handy. The only 'DoS Mitigation' I can thin=
k of is that the presence of a hardfail record would help keep your domain =
off the various DBLs. You could call "getting a domain blacklisted" a deni=
al of service, I suppose.
Nathan
