Michael Loftis wrote:
--On January 20, 2006 8:27:33 AM -0600 Rodney Richison <firstname.lastname@example.org> wrote:spf records. Does anybody implement this? Just curious. I've not had any problems.. yet. I just now implemented it for rcrnet.net Hopefully I've not broken anything!I publish them for some of my personal domains, however, I don't personally use SPF since I view it as fundamentally broken. We can't deploy them for (web hosting) customer records because of all of the various SMTP and SMTP Submit blocking we run into out there they (our customers) can't use our mail servers a lot of the time which means that an SPF record would basically amount to a +all or ?all which negates the whole reason.
Hello,once, my Qmail server had receive a mail bomb attack using a wide spread virus that was sending mail to my server in order to produce a bounce message for hotmail.com (which was the real goal of this attack). My waiting queue was getting full, as well as my /var, and it was beginning to be a real disaster... until I had the very good idea to implement libspf on my qmail server (using the very good qmail-spp with plugins).
Since I did it, at least 80% of the spam is removed thanks to SPF records, and I have no delayed bounce trouble anymore, even if I didn't set any SPF records for my customer (but they are free to edit the TXT fields of the domain name they host using our control panel).
SPF is not a protection for your customer, see it as a protection for you server, just like RBL checks: it's a low cpu filter that help you to disconnect spammers BEFORE the spam is sent...
BFN, Thomas Goirand