Are You Using SPF Records? 263
gravyface writes "I've been setting up proper Sender Policy Framework records for all my clients for past year or so, hoping to either maintain or improve their 'reputation' in the email universe. However, there's a lot of IT admins I speak with who either haven't heard of SPF records or haven't bothered setting them up. How many of you are using SPF records for your mail domains? Does it help? How many anti-spam vendors out there use SPF records as part of their 'scorecard'?"
I use them, but mainly for deniability (Score:2, Insightful)
Yes (Score:3, Insightful)
But I can tell that Hotmail still ignores SPF since almost all the backscatter that still comes through is from Hotmail. They should know better.
Having valid SPF records also helps outgoing mail get through. I would frequently have to deal with large ISPs that would flag my mail or my domain as a spam source, based on their misinterpretation of forged headers. But since I have SPF records in place, this has not happened. I also check incoming SPF. If the SPF check fails, the mail is dumped. If SPF passes or there's no SPF, it goes through. Works great as one step in spam control.
Re:Use DomainKeys.. (Score:5, Insightful)
I don't have DomainKeys set up, and I've never had any difficulty getting mail to users of any of those services.
Re:yes (Score:5, Insightful)
Read again.
Spammers can’t use his domain to forge spam, because SPF-aware mail servers reject it. Hence, he doesn’t have to deal with tons of bounces, spam warnings, virus warnings, etc..