[Dshield] Are you using spf records?

Martin Forest martin at forest.gen.nz
Thu Jan 5 06:40:57 GMT 2006


Happy new year to all of you.

I have done some minor research with SPF records. It is nice to see that  
several of the big domains such as hotmail, msn, aol etc have started to  
use SPF records. Especially as they are often used in forged emails. With  
them posting spf, it is now possible to block the spam  bots that use  
their "from addresses".
How many of you have spf records on your domains?
Thouse of you that don't have it, are you planning on it?
How many of you are using spf as part of your spam filtering?

I've done dns sniffing and can see more and more lookups for txt/spf  
records for the emails.
One interesting thing I've noticed is that several of the big banks in  
APAC, that constantly experience phishing attacks, don't have SPF records!  
Funny, with SPF records, any ISP/organization that look at spf records  
would be able to reject the phishing attacks. Maybe it is "to hard work"  
for them as they would only save several milion dollars per year...

Best Regards
Martin Forest
Ps. If there is anyone on the list that don't know what spf is, have a  
look at http://www.openspf.org

-- 
If you take copy protection too far, the only customers you will have are  
the ones that intend to sell illegal copies of your work. By: Martin Forest
Warning: DRM/BMG protected CD’s are likely to infect you with a Rootkit.



More information about the list mailing list