On Tue, 2016-09-13 at 08:12 -0400, Joe Quinn wrote: > > On 9/13/2016 1:55 AM, John Hardin wrote: > > > > > > On Mon, 12 Sep 2016, thomas cameron wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Keep the tips coming, I appreciate learning from you! > > Here's another: there's some anecdotal evidence that publishing > > your > > own SPF record reduces the likelihood you'll be joe-jobbed. I'm > > not > > sure whether that's still the case, but it did help a few years > > back. > > > > > Well, if the choice is between having an SPF record and not having > an SPF record, I choose having it every time. ;) > Agreed. Before I set up an SPF record for my domain, I was getting a lot of bounced spam (spam sent to $third_party and rejected due to a nonexistent user and coming to me because my domain was forged as the sender). After I set up an SPF record this type of spam vanished almost overnight.
However, its important to validate your SPF record, once you've set it up, and to to use the '-all' rather than '~all'. I use http://www.kitterman.com/spf/validate.html as my validation tool. https://dmarcian.com/spf-survey/ is OK too, despite an annoying CAPTCHA before you can use it. Martin
