it was the backskatter they were referring to, where spamers forge your domain as the source of the email.
Thanks John for your comments, -g On Oct 4, 2010, at 12:54 PM, John Adams wrote: > Without proper SPF records your mail stands little chance of making it > through some of the larger providers, like gmail, if you are sending > in any high volume. You should be using SPF, DK, and DKIM signing. > > I don't really understand how your security company related SPF to DoS > though. They're unrelated, with the exception of backscatter. > > -j > > > On Mon, Oct 4, 2010 at 9:47 AM, Greg Whynott <greg.whyn...@oicr.on.ca> wrote: >> >> A partner had a security audit done on their site. The report said they >> were at risk of a DoS due to the fact they didn't have a SPF record. >> >> I commented to his team that the SPF idea has yet to see anything near mass >> deployment and of the millions of emails leaving our environment yearly, I >> doubt any of them have ever been dropped due to us not having an SPF record >> in our DNS. When a client's email doesn't arrive somewhere, we will hear >> about it quickly, and its investigated/reported upon. I'm not opposed >> to putting one in our DNS, and probably will now - for completeness/best >> practice sake.. >> >> >> how many of you are using SPF records? Do you have an opinion on their >> use/non use of? >> >> take care, >> greg >> >> >> >> >> >> >>
