Greenguy's Board - View Single Post

cd34 · 2005-03-31, 12:52 PM

I've run it for a while, but, I haven't really seen much of a benefit yet. I tagged all of my domains that would never send mail to fail any SPF request, and have tagged my main email domains with the proper headers. Remember, SPF protects the envelope, not the From:

http://spf.pobox.com/

As for your BIND not set up with SPF, its the matter of inserting a TXT record in each domain with the SPF line for your site.

For inbound, we have tested it and it has caught quite a few forged mails, so, it is gaining popularity. The problem that we ran into was that sometimes, PayPal and EBay's SPF records tend to time out -- presumably due to the includes. It was nice having the email tagged with SPF Fail messages which were pretty simple to filter out.

SenderID is a PRA (Purported Response Address) based system that verifies the validity of the message From: line. There is a link on the SPF site to talk more about that.

Between the two, phishing would be next to impossible.

The idea behind SPF is that you don't need it, but, if you have it, or SPFv2, then you are less likely to be the victim of a spam using your return address. Its going to require a critical mass to become much more useful, but, if everyone waits for the other guys to implement, it'll never reach critical mass.

2005-03-31, 12:52 PM	#2
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	I've run it for a while, but, I haven't really seen much of a benefit yet. I tagged all of my domains that would never send mail to fail any SPF request, and have tagged my main email domains with the proper headers. Remember, SPF protects the envelope, not the From: http://spf.pobox.com/ As for your BIND not set up with SPF, its the matter of inserting a TXT record in each domain with the SPF line for your site. For inbound, we have tested it and it has caught quite a few forged mails, so, it is gaining popularity. The problem that we ran into was that sometimes, PayPal and EBay's SPF records tend to time out -- presumably due to the includes. It was nice having the email tagged with SPF Fail messages which were pretty simple to filter out. SenderID is a PRA (Purported Response Address) based system that verifies the validity of the message From: line. There is a link on the SPF site to talk more about that. Between the two, phishing would be next to impossible. The idea behind SPF is that you don't need it, but, if you have it, or SPFv2, then you are less likely to be the victim of a spam using your return address. Its going to require a critical mass to become much more useful, but, if everyone waits for the other guys to implement, it'll never reach critical mass. __________________ SnapReplay.com a different way to share photos - iPhone & Android