We use SPF. Lots of the bigger guys require it. Along with DK/DKIM signing. In our spam weight based filtering, if it hardfails it drops it, softfail(no spf record) we don't add or remove points at all. If it passes SPF we remove a few points of the spam weight. Nick Olsen Network Operations (877) 804-3001 x106 ---------------------------------------- From: "Greg Whynott" <Greg.Whynott@oicr.on.ca> Sent: Monday, October 04, 2010 12:48 PM To: "nanog@nanog.org list" <nanog@nanog.org> Subject: do you use SPF TXT RRs? (RFC4408) A partner had a security audit done on their site. The report said they were at risk of a DoS due to the fact they didn't have a SPF record. I commented to his team that the SPF idea has yet to see anything near mass deployment and of the millions of emails leaving our environment yearly, I doubt any of them have ever been dropped due to us not having an SPF record in our DNS. When a client's email doesn't arrive somewhere, we will hear about it quickly, and its investigated/reported upon. I'm not opposed to putting one in our DNS, and probably will now - for completeness/best practice sake.. how many of you are using SPF records? Do you have an opinion on their use/non use of? take care, greg