[Dshield] SPF

Cefiar cef at optus.net
Thu Nov 3 00:46:24 GMT 2005


On Thursday 03 November 2005 09:14, Paul Marsh wrote:
> I was reading Mark Minasi's monthly newsletter
> http://www.minasi.com/thismonth.htm, always a good read.  This month he
> covers the topic of SPF Sender Protection Framework as it relates to
> reducing spam.  To be honest I've never heard of it but it looks like it
> could help reduce spam for the time being?  I also noticed some key
> domains are already using SPF.  What's the general consensus regarding
> SPF?

I've known about SPF for a long time.

There is really 2 parts to SPF:
 Publishing SPF records in your DNS (TXT records in SPF format)
 Checking these records on mail that comes in

The first part is easy, and gives anyone who is actually using SPF on 
reception of mail the chance to do their job. I try to add the records to any 
domain I work with. I've seen a lot of spam that hands itself off as a number 
of addresses that are either under my control or actually belong to me, so I 
can see the usefulness of this. I've used SPF on reception a number of times 
and it does make an appreciatable dent in the spam and automated email 
exploits/virii that go around.

DNS poisioning can of course change things, and it doesn't protect you from 
that, as it's not meant to. There are other ways around it that it doesn't 
protect against, but once again, that isn't it's job. It's just extra 
infomation in the DNS that says what machines can send mail for that domain. 
And for that, I think it's particularly effective, if not really standardised 
in any way.

It's not the be-all and end-all of spam protection, but it's definitely better 
than nothing.

-- 
 Stuart Young - aka Cefiar - cef at optus.net


More information about the list mailing list