Security Basics mailing list archives
Re: Protection against fake mails
From: "Jarrod Frates" <jfrates.ml () gmail com>
Date: Sat, 12 Apr 2008 17:35:43 -0400
On Thu, Apr 10, 2008 at 5:21 AM, Captain Bock <captbock () gmail com> wrote:
A few years ago, I needed to add an SPF record to my domains because some banking servers required it. I guess this was also an interesting solution. Does someone know what's the state of the art of SPF?
It's still a mixed bag. Many DNS servers do not support record types of SPF, but there's a legitimate alternate of TXT. However, I've found that some DNS servers require special configuration to not return NXDOMAIN responses. In particular, there are entire ISPs that have this problem, and not only don't fix it, but outright *refuse* to fix it. We drop any mail for which SPF checks hard fail (soft fail or neutral passes), which presents some challenges explaining things. However, it drops a not insignificant portion of messages that fail checks for those domains that do use it, so for us, it's worth the occasional complaint. -- Jarrod Frates, GAWN
Current thread:
- Re: Port Monitoring Software, (continued)
- Re: Port Monitoring Software infolookup (Apr 09)
- RE: Port Monitoring Software Stachowicz, Mark (Apr 09)
- RE: Port Monitoring Software Mohamed Senan (Apr 09)
- Re: Port Monitoring Software Jarrod Frates (Apr 09)
- Protection against fake mails WALI (Apr 09)
- Re: Protection against fake mails Ansgar -59cobalt- Wiechers (Apr 09)
- Re: Protection against fake mails Mark Owen (Apr 09)
- Re: Protection against fake mails Captain Bock (Apr 10)
- RE: Protection against fake mails Jens C. Laundrup (Apr 10)
- Re: Protection against fake mails Captain Bock (Apr 14)
- Re: Protection against fake mails Jarrod Frates (Apr 12)
- Re: Protection against fake mails vipw01 () gmail com (Apr 14)
- Re: Protection against fake mails Jeff MacDonald (Apr 10)
- RE: Protection against fake mails Jens C. Laundrup (Apr 10)
- Re: Protection against fake mails Nick Owen (Apr 10)
- RE: Protection against fake mails Craig Wright (Apr 14)