[Dshield] Are you using spf records?

Johannes B. Ullrich jullrich at sans.org
Fri Jan 6 04:19:44 GMT 2006

Tom wrote:

>Further, SPF breaks RFC 2821/2822 compliant mail when the mail is 
>forwarded from MTA to MTA
>We put in the records but we don't think it does much of anything for 
>many of the reasons below
We are using SPF, and in some cases mailkeys to prevent our own mail
from bouncing. But don't use it much (at all?) for inbound check.

If you need to authenticate a user, use PGP (or maybe SMIME). I would
love to enforce PGP signed only email ;-) It would probably cut down my
email load to almost nil.

Johannes Ullrich                        jullrich at sans.org
Chief Research Officer                     (617) 639 5000
PGP Key: https://secure.dshield.org/PGPKEYS 

"We use [isc.sans.org] every day to keep on top of 
 security at our bank" Matt, Network Administrator. 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://www.dshield.org/pipermail/list/attachments/20060105/5d2413d2/signature.bin

More information about the list mailing list