mailing list archives
Re: Protection against fake mails
From: "Jarrod Frates" <jfrates.ml () gmail com>
Date: Sat, 12 Apr 2008 17:35:43 -0400
On Thu, Apr 10, 2008 at 5:21 AM, Captain Bock <captbock () gmail com> wrote:
A few years ago, I needed to add an SPF record to my domains because
some banking servers required it.
I guess this was also an interesting solution.
Does someone know what's the state of the art of SPF?
It's still a mixed bag. Many DNS servers do not support record types
of SPF, but there's a legitimate alternate of TXT. However, I've
found that some DNS servers require special configuration to not
return NXDOMAIN responses. In particular, there are entire ISPs that
have this problem, and not only don't fix it, but outright *refuse* to
fix it. We drop any mail for which SPF checks hard fail (soft fail or
neutral passes), which presents some challenges explaining things.
However, it drops a not insignificant portion of messages that fail
checks for those domains that do use it, so for us, it's worth the
Jarrod Frates, GAWN
Re: Port Monitoring Software Paul Halliday (Apr 09)
Re: Port Monitoring Software Robert Larsen (Apr 14)