On Mon, 4 Oct 2010, Greg Whynott wrote:
A partner had a security audit done on their site. The report said they were at risk of a DoS due to the fact they didn't have a SPF record.
Bullshit.
I commented to his team that the SPF idea has yet to see anything near mass deployment and of the millions of emails leaving our environment yearly, I doubt any of them have ever been dropped due to us not having an SPF record in our DNS.
In my experience the presence of SPF records causes more problems than the absence, because it is incompatible with forwarded mail. If you are forced to use it, don't use -all unless that's the entirety of the record.
Do you have an opinion on their use/non use of?
It's easiest to just ignore them. The whole idea was wrong-headed from the start. Use DKIM instead. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7, DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR ROUGH. RAIN THEN FAIR. GOOD.