[Dshield] Are you using spf records?

Johannes B. Ullrich jullrich at sans.org
Fri Jan 6 04:19:44 GMT 2006


Tom wrote:

>Further, SPF breaks RFC 2821/2822 compliant mail when the mail is 
>forwarded from MTA to MTA
>
>We put in the records but we don't think it does much of anything for 
>many of the reasons below
>
>Tom
>  
>
We are using SPF, and in some cases mailkeys to prevent our own mail
from bouncing. But don't use it much (at all?) for inbound check.

If you need to authenticate a user, use PGP (or maybe SMIME). I would
love to enforce PGP signed only email ;-) It would probably cut down my
email load to almost nil.



-- 
---------      
Johannes Ullrich                        jullrich at sans.org
Chief Research Officer                     (617) 639 5000
http://isc.sans.org
PGP Key: https://secure.dshield.org/PGPKEYS 

"We use [isc.sans.org] every day to keep on top of 
 security at our bank" Matt, Network Administrator. 
       

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://www.dshield.org/pipermail/list/attachments/20060105/5d2413d2/signature.bin


More information about the list mailing list