On Mon, Oct 4, 2010 at 12:47 PM, Greg Whynott <Greg.Whynott@oicr.on.ca> wrote:
A partner had a security audit done on their site. The report said they were at risk of a DoS due to the fact they didn't have a SPF record.
how many of you are using SPF records? Do you have an opinion on their use/non use of?
I use your SPF records (if you offer any) to prevent my servers from slamming your servers with backscatter from someone forging your address and sending me undeliverable email. Without SPF records, you'll receive an undeliverable report for messages "from" you that I can't deliver -- just like the RFC says I "must." Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004