Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Communications IT

Are You Using SPF Records? 263

Posted by timothy from the spf-50-should-be-enough dept.
gravyface writes "I've been setting up proper Sender Policy Framework records for all my clients for past year or so, hoping to either maintain or improve their 'reputation' in the email universe. However, there's a lot of IT admins I speak with who either haven't heard of SPF records or haven't bothered setting them up. How many of you are using SPF records for your mail domains? Does it help? How many anti-spam vendors out there use SPF records as part of their 'scorecard'?"
This discussion has been archived. No new comments can be posted.

Are You Using SPF Records? More

Are You Using SPF Records?

Comments Filter:

  • I use them, but mainly for deniability (Score:2, Insightful)

    by e9th ( 652576 ) <e9th@[ ]odex.com ['tup' in gap]> on Thursday December 17, 2009 @08:21PM (#30481590)
    My SPF records have gotten me un-blacklisted a few times, after I've pointed out that those machines in Brazil weren't authorized to send email from my domains. But I think DomainKeys, DKIM, etc. will make eventually make SPF unnecessary.

  • Yes (Score:3, Insightful)

    by S-100 ( 1295224 ) on Thursday December 17, 2009 @08:24PM (#30481624)
    Yes, I used SPF records on all the domains that I host that have email accounts. SPF records I believe have cut way down on backscatter. Before SPF, accounts would get dozens to hundreds of bounces when their email address was forged as the reply-to address in spam. Now the backscatter is almost completely gone.

    But I can tell that Hotmail still ignores SPF since almost all the backscatter that still comes through is from Hotmail. They should know better.

    Having valid SPF records also helps outgoing mail get through. I would frequently have to deal with large ISPs that would flag my mail or my domain as a spam source, based on their misinterpretation of forged headers. But since I have SPF records in place, this has not happened. I also check incoming SPF. If the SPF check fails, the mail is dumped. If SPF passes or there's no SPF, it goes through. Works great as one step in spam control.

  • Re:Use DomainKeys.. (Score:5, Insightful)

    by NormalVisual ( 565491 ) on Thursday December 17, 2009 @08:28PM (#30481682)
    Yahoo, Gmail, MSN/Hotmail, and AOL pretty much require that you have DomainKeys implemented if you want to email their users

    I don't have DomainKeys set up, and I've never had any difficulty getting mail to users of any of those services.

  • Re:yes (Score:5, Insightful)

    by Snover ( 469130 ) on Thursday December 17, 2009 @09:24PM (#30482252) Homepage

    Read again.

    Spammers can’t use his domain to forge spam, because SPF-aware mail servers reject it. Hence, he doesn’t have to deal with tons of bounces, spam warnings, virus warnings, etc..

Slashdot Top Deals

"Ninety percent of baseball is half mental." -- Yogi Berra

Close