[130490] in North American Network Operators' Group
Re: do you use SPF TXT RRs? (RFC4408)
daemon@ATHENA.MIT.EDU (William Herrin)
Mon Oct 4 14:49:20 2010
In-Reply-To: <9C9322AB-CB58-405A-ADA5-A74B2238A2B3@oicr.on.ca>
From: William Herrin <bill@herrin.us>
Date: Mon, 4 Oct 2010 14:48:47 -0400
To: Greg Whynott <Greg.Whynott@oicr.on.ca>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Oct 4, 2010 at 12:47 PM, Greg Whynott <Greg.Whynott@oicr.on.ca> wro=
te:
> A partner had a security audit done on their site.
>The report said they were at risk of a DoS due to
>the fact they didn't have a SPF record.
>
> how many of you are using SPF records? =A0Do you
> have an opinion on their use/non use of?
I use your SPF records (if you offer any) to prevent my servers from
slamming your servers with backscatter from someone forging your
address and sending me undeliverable email. Without SPF records,
you'll receive an undeliverable report for messages "from" you that I
can't deliver -- just like the RFC says I "must."
Regards,
Bill Herrin
--=20
William D. Herrin ................ herrin@dirtside.com=A0 bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
