On Mon, Oct 04, 2010 at 12:47:52PM -0400, Greg Whynott wrote:
A partner had a security audit done on their site. The report said they were at risk of a DoS due to the fact they didn't have a SPF record.
that does not follow at all.
I commented to his team that the SPF idea has yet to see anything near mass deployment and of the millions of emails leaving our environment yearly, I doubt any of them have ever been dropped due to us not having an SPF record in our DNS. When a client's email doesn't arrive somewhere, we will hear about it quickly, and its investigated/reported upon. I'm not opposed to putting one in our DNS, and probably will now - for completeness/best practice sake..
how many of you are using SPF records? Do you have an opinion on their use/non use of?
I don't use them. --bill
take care, greg