[130475] in North American Network Operators' Group
Re: do you use SPF TXT RRs? (RFC4408)
daemon@ATHENA.MIT.EDU (Greg Whynott)
Mon Oct 4 13:15:35 2010
From: Greg Whynott <Greg.Whynott@oicr.on.ca>
To: John Adams <jna@retina.net>
Date: Mon, 4 Oct 2010 13:06:39 -0400
In-Reply-To: <AANLkTim49jQpFe3tKfuqG8TG4V7Y4mfZ2fMM3jiNEtB+@mail.gmail.com>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
it was the backskatter they were referring to, where spamers forge your do=
main as the source of the email. =20
Thanks John for your comments,
-g
On Oct 4, 2010, at 12:54 PM, John Adams wrote:
> Without proper SPF records your mail stands little chance of making it
> through some of the larger providers, like gmail, if you are sending
> in any high volume. You should be using SPF, DK, and DKIM signing.
>=20
> I don't really understand how your security company related SPF to DoS
> though. They're unrelated, with the exception of backscatter.
>=20
> -j
>=20
>=20
> On Mon, Oct 4, 2010 at 9:47 AM, Greg Whynott <Greg.Whynott@oicr.on.ca> wr=
ote:
>>=20
>> A partner had a security audit done on their site. The report said they=
were at risk of a DoS due to the fact they didn't have a SPF record.
>>=20
>> I commented to his team that the SPF idea has yet to see anything near m=
ass deployment and of the millions of emails leaving our environment yearly=
, I doubt any of them have ever been dropped due to us not having an SPF r=
ecord in our DNS. When a client's email doesn't arrive somewhere, we will=
hear about it quickly, and its investigated/reported upon. I'm not o=
pposed to putting one in our DNS, and probably will now - for completeness=
/best practice sake..
>>=20
>>=20
>> how many of you are using SPF records? Do you have an opinion on their =
use/non use of?
>>=20
>> take care,
>> greg
>>=20
>>=20
>>=20
>>=20
>>=20
>>=20
>>=20
