On Oct 4, 2010, at 1:59 PM, valdis.kletni...@vt.edu wrote:
On Mon, 04 Oct 2010 13:30:55 PDT, Owen DeLong said:
Removing a few points probably isn't a bad idea so long as you have a list of
domains for which points should be added.
140 million .coms. Throw-away domains. I do believe that
On 10/4/10 6:55 PM, Kevin Stange wrote:
The most common situation where another host sends on your domain's
behalf is a forwarding MTA, such as NANOG's mailing list. A lot of MTAs
will only trust that the final MTA handling the message is a source
host. In the case of a mailing list, that's
how many of you are using SPF records? Do you have an opinion on their
use/non use of?
We use SPF on most client domains. On inbound filtering, we add no score for a
lack of SPF record, and we reject mail if the SPF record hardfails. We've seen
it reduce domain-imposter spam. It's not
Without proper SPF records your mail stands little chance of making it
through some of the larger providers, like gmail, if you are sending
in any high volume. You should be using SPF, DK, and DKIM signing.
I don't really understand how your security company related SPF to DoS
though. They're
We use SPF. Lots of the bigger guys require it. Along with DK/DKIM
signing.
In our spam weight based filtering, if it hardfails it drops it,
softfail(no spf record) we don't add or remove points at all. If it passes
SPF we remove a few points of the spam weight.
Nick Olsen
Network Operations
On 10/04/2010 09:54 AM, John Adams wrote:
Without proper SPF records your mail stands little chance of making it
through some of the larger providers, like gmail, if you are sending
in any high volume. You should be using SPF, DK, and DKIM signing.
There should really be no reason to sign with
On Mon, Oct 04, 2010 at 12:47:52PM -0400, Greg Whynott wrote:
A partner had a security audit done on their site. The report said they were
at risk of a DoS due to the fact they didn't have a SPF record.
that does not follow at all.
I commented to his team that the SPF idea
We've seen percentage gains when signing with DK, and we carefully
monitor our mail acceptance percentages with ReturnPath. It's around
4-6%. I'd like to stop using it, but some people still check DK.
-j
On Mon, Oct 4, 2010 at 10:02 AM, Michael Thomas m...@mtcc.com wrote:
On 10/04/2010 09:54
If it passes SPF we remove a few points of the spam weight.
I would rethink this practice. Many spammers publish SPF valid records these
days precisely because of this.
Nathan
On 10/04/2010 10:05 AM, John Adams wrote:
We've seen percentage gains when signing with DK, and we carefully
monitor our mail acceptance percentages with ReturnPath. It's around
4-6%. I'd like to stop using it, but some people still check DK.
Sigh. I was hoping not to hear that. It's been
I've found lots of domains with +all which really should be -all since they
were all spam.
Jared Mauch
On Oct 4, 2010, at 1:08 PM, Nathan Eisenberg nat...@atlasnetworks.us wrote:
If it passes SPF we remove a few points of the spam weight.
I would rethink this practice. Many spammers
On Mon, Oct 04, 2010 at 12:47:52PM -0400, Greg Whynott wrote:
how many of you are using SPF records? Do you have an opinion on their
use/non use of?
1. Not using them, and don't have any (observed) problems despite years
of closely monitoring mail logs looking for just such issues.
2. Note
On 10/4/10 12:47 PM, Greg Whynott wrote:
A partner had a security audit done on their site. The report said they were
at risk of a DoS due to the fact they didn't have a SPF record.
I commented to his team that the SPF idea has yet to see anything near mass
deployment and of the millions of
On Mon, Oct 4, 2010 at 12:47 PM, Greg Whynott greg.whyn...@oicr.on.ca wrote:
A partner had a security audit done on their site. The report said they were
at risk of a DoS due to the fact they didn't have a SPF record.
This is pure unadulterated BS from someone who doesnt understand
either
On Mon, Oct 4, 2010 at 12:47 PM, Greg Whynott greg.whyn...@oicr.on.ca wrote:
A partner had a security audit done on their site.
The report said they were at risk of a DoS due to
the fact they didn't have a SPF record.
how many of you are using SPF records? Do you
have an opinion on their
i think it was an observation they made, and suggestions to make things
better. I don't think the message was fix this or you'll be off the air one
day..
if they have a 56k port speed(stuck in the 80's), there is potential there
for a DoS from a large volume of spam back splatter..
On Mon, 4 Oct 2010, Greg Whynott wrote:
A partner had a security audit done on their site. The report said they
were at risk of a DoS due to the fact they didn't have a SPF record.
Bullshit.
I commented to his team that the SPF idea has yet to see anything near
mass deployment and of the
On Oct 4, 2010, at 10:16 AM, Michael Thomas wrote:
On 10/04/2010 10:05 AM, John Adams wrote:
We've seen percentage gains when signing with DK, and we carefully
monitor our mail acceptance percentages with ReturnPath. It's around
4-6%. I'd like to stop using it, but some people still check
On Mon, 04 Oct 2010 13:30:55 PDT, Owen DeLong said:
Removing a few points probably isn't a bad idea so long as you have a list of
domains for which points should be added.
140 million .coms. Throw-away domains. I do believe that Marcus Ranum had
trying to enumerate badness on his list of Six
dig throwaway1.com NS
dig throwaway2.com NS
etc etc ... and then check_sender_ns_access in postfix, for example.
Scales much better than whackamoling one domain after the other on the same NS
On Mon, Oct 4, 2010 at 4:59 PM, valdis.kletni...@vt.edu wrote:
140 million .coms. Throw-away
On Mon, 04 Oct 2010 17:05:12 EDT, Suresh Ramasubramanian said:
dig throwaway1.com NS
dig throwaway2.com NS
etc etc ... and then check_sender_ns_access in postfix, for example.
Yes, that *is* better than whack-a-mole on the same DNS server, but...
The NANOG lurker in the next cubicle used to
--On Monday, October 04, 2010 9:54 AM -0700 John Adams j...@retina.net
wrote:
Without proper SPF records your mail stands little chance of making it
through some of the larger providers, like gmail, if you are sending
in any high volume. You should be using SPF, DK, and DKIM signing.
I
On 10/04/2010 11:47 AM, Greg Whynott wrote:
A partner had a security audit done on their site. The report said they were
at risk of a DoS due to the fact they didn't have a SPF record.
We publish a ~all record for our domain. I think it's bad practice to
publish any other result because
23 matches
Mail list logo