Am 09.07.2012 19:00, schrieb Bill Cole: > On 9 Jul 2012, at 11:20, Curtis Maurand wrote: > >> This has probably been asked in the past, but is it worth it to go through >> the contortions to set up SPF? > > On the sending side, the simple answer is "YES!" > > There is a more complex and nuanced answer. There's a significant amount of > misunderstanding about the benefits SPF > actually will yield (not much, for most sending domains) and about the > "contortions" required for it (again: for > most domains a pragmatic SPF setup is trivial.) If you expect accurate SPF to > make everyone always accept your > valid mail, you will be disappointed.
correct but it helps > If you expect to be able to safely use a "-all" tail on a record for a domain > that is used on legit mail, you stand a strong chance of disappointment why? each new mail-user get instructions how to configure his mail-client if he starts using the SMTP of his ISP against the instructions HOPEFULLY his mails get rejected - if all mail-admins/companies would act this way spammers life would be much harder to setup proepr PF/TXT records is plain easy if you control the nameservers and can be even fully automated [harry@srv-rhsoft:~]$ dig spf thelounge.net @8.8.8.8 ; <<>> DiG 9.9.1-P1-RedHat-9.9.1-2.P1.fc17 <<>> spf thelounge.net @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24410 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;thelounge.net. IN SPF ;; ANSWER SECTION: thelounge.net. 86400 IN SPF "v=spf1 ip4:91.118.73.0/24 ip4:89.207.144.27 -all" [harry@srv-rhsoft:~]$ dig txt thelounge.net @8.8.8.8 ; <<>> DiG 9.9.1-P1-RedHat-9.9.1-2.P1.fc17 <<>> txt thelounge.net @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52158 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;thelounge.net. IN TXT ;; ANSWER SECTION: thelounge.net. 86400 IN TXT "v=spf1 ip4:91.118.73.0/24 ip4:89.207.144.27 -all"
signature.asc
Description: OpenPGP digital signature
