Re: do you use SPF TXT RRs? (RFC4408)

[Tony Finch <dot () dotat at>]

On Mon, 4 Oct 2010, Greg Whynott wrote:
> A partner had a security audit done on their site.  The report said they
> were at risk of a DoS due to the fact they didn't have a SPF record.

Bullshit.

> I commented to his team that the SPF idea has yet to see anything near
> mass deployment and of the millions of emails leaving our environment
> yearly, I doubt any of them have ever been dropped due to us not having
> an SPF record in our DNS.

In my experience the presence of SPF records causes more problems than the
absence, because it is incompatible with forwarded mail. If you are forced
to use it, don't use -all unless that's the entirety of the record.

> Do you have an opinion on their use/non use of?

It's easiest to just ignore them. The whole idea was wrong-headed from the
start. Use DKIM instead.

Tony.
-- 
f.anthony.n.finch  <dot () dotat at>  http://dotat.at/
HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7,
DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR
ROUGH. RAIN THEN FAIR. GOOD.