SPF/TXT records

Fr34k freaknetboy at yahoo.com
Fri Jun 19 17:20:37 UTC 2009 

Hello,

Do I dare comment on this? Okay, I do...

RE: Advogato:
If security was easy and conveinent, then everything would be secure. Someone tell Advogato!
Advogato is complaining because they want an unmanagable environment of dynamic outbound relays and expect SPF, static DNS records, to keep up.
Solution: SPF has syntax in place to suggest to the destination MTA that email might come from other sources.
Or, just don't use SPF because it will not work in such an enivornment.
Friends don't let friend forward email -- with or without SPF, but that's another story.
Either way, nothing is wrong with SPF and Advogato needs to stop complaining about it when he/she is setting SPF up to fail.


RE: Circlied:
Yes yes yes. Welcome to real life. Jerks will be jerks and there's nothing to stop them from calling/emailing/FAXing scams to the world be abusing the same methods honest folks sue.
SPF is not here to solve everything. SPF add another layer abuse prevention.
No one should blindly accept email just because it passes SPF checks. I feel for any email users for a system configure as such - yuck!
Solution: Use all email best practices, including filters, RBLs, monitoring logs, PTR checks, user complaints, etc., and SPF as appropriate for the administrator's environment.


None of this is an attack on you, Jeff, and I would hope you realize that but I want to mention it to be sure.
I realize you are sharing info on other view points and I appreciate that. In light of this, I had to share mine.

Summary: SPF may, or may not, work in all environments. Everyone needs to decide on his/her own, but there's nothing wrong with SPF.

Thanks.



----- Original Message ----
From: Jeff Lightner <jlightner at water.com>
To: Mike Bernhardt <bernhardt at bart.gov>; Matus UHLAR - fantomas <uhlar at fantomas.sk>; bind-users at lists.isc.org
Sent: Friday, June 19, 2009 12:41:50 PM
Subject: RE: SPF/TXT records

Or moreover not to bother with SPF at all as suggested in these
documents?:

Why you shouldn't jump on the SPF bandwagon:
http://www.advogato.org/article/816.html

How spammers get around SPF:
http://www.circleid.com/posts/782012_spammer_get_around_spf/


-----Original Message-----
From: bind-users-bounces at lists.isc.org
[mailto:bind-users-bounces at lists.isc.org] On Behalf Of Mike Bernhardt
Sent: Friday, June 19, 2009 12:37 PM
To: 'Matus UHLAR - fantomas'; bind-users at lists.isc.org
Subject: RE: SPF/TXT records

So is the general recommendation in this group to NOT implement an empty
SPF2.0 record (i.e., "spf2.0/pra") just in case, as recommended in the
5-year-old openspf document referenced below?

-----Original Message-----
From: Matus UHLAR - fantomas [mailto:uhlar at fantomas.sk] 
Sent: Friday, June 19, 2009 12:31 AM
To: bind-users at lists.isc.org
Subject: Re: SPF/TXT records

On 18.06.09 16:22, Jeffrey Collyer wrote:
> M$ has their own take on SPF called Sender ID, which uses a very
similar  
> record -
>
> "v=spf2.0" rather than "v=spf1"
>
> so be sure to read up on them both before publishing records for one
or  
> the other.

It has downfalls so I recommend not even studying it, just remember that
"spf2" is some M$ crap...

v=spf1 is just enough for now.

> http://www.openspf.org/SPF_vs_Sender_ID
>
> Hotmail in particular is picky about what it rejects and why.

Yes, hotmail uses to reject mail for many strange reasons.

But I don't recommend playing with spf2 just to get mail to hotmail, I
think
there are better ways to get your mail anywhere.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states. 


_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list