Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Protection against fake mails

From: "Jarrod Frates" <jfrates.ml () gmail com>
Date: Sat, 12 Apr 2008 17:35:43 -0400
On Thu, Apr 10, 2008 at 5:21 AM, Captain Bock <captbock () gmail com> wrote:

A few years ago, I needed to add an SPF record to my domains because
 some banking servers required it.
 I guess this was also an interesting solution.
 Does someone know what's the state of the art of SPF?


It's still a mixed bag.  Many DNS servers do not support record types
of SPF, but there's a legitimate alternate of TXT.  However, I've
found that some DNS servers require special configuration to not
return NXDOMAIN responses.  In particular, there are entire ISPs that
have this problem, and not only don't fix it, but outright *refuse* to
fix it.  We drop any mail for which SPF checks hard fail (soft fail or
neutral passes), which presents some challenges explaining things.
However, it drops a not insignificant portion of messages that fail
checks for those domains that do use it, so for us, it's worth the
occasional complaint.
-- 
Jarrod Frates, GAWN
Previous By Date Next
Previous By Thread Next

Current thread: