Topic: Other
Name: Philip Hachey
Organization: City of Cornwall (Ontario, Canada)
I integrated SPF checking on our incoming mail filters in August, 2005 and we
have had overall positive experiences. I integrated Mark Kramer's
sendmail-milter-spf into our filtering MTA:
- Pentium III 866
- 2304 MB RAM
- 9 GB U160 SCSI HDD
- White Box Enterprise Linux 3.0
- Sendmail 8.13.5
- Perl 5.8.8 including: Sendmail::Milter 0.18, Net::CIDR 0.11, Mail::SPF::Query
1.999.1, and Mail::SRS 0.31
- Server also Uses MailScanner, SpamAssassin, ClamAV, DCC, Pyzor, Razor, and
some custom black lists.
Almost no maintenace has been required of the SPF checking components in the
more than nine months of usage.
I had to whitelist one domain which our users correspond with which had
published hard fail and incorrect SPF records (they never responded to or acted
on my requests to fix their records).
Initially, I had a bit of a problem knowing which implementation of SPF
checking to go with, but some experimenting and mailing list discussion helped
to me to figure that out. Definitely, checking that's already built into an
MTA like Sendmail would make this a whole lot easier.
While I do publish SPF records internally to ease some administration, I've
nerver published public SPF records. That's because we use third-party DNS
hosting, and they claim not to have the ability to create TXT records.
Eventually, when we take over external DNS hosting ourselves, I will publish
the records.
Our filtering MTA processes two to three thousand incoming messages per day.
SPF checking blocks, due to hard fails, around 50 to 100 messages per day. I
expect that this number would increase if SPF record publishing becomes more
mainstream. Soft fails add to the SpamAssassin scoring. There are, on
average, 175 soft fail messages per day. Of those, the added scoring from SPF
soft fails makes a difference in less than ten messages per day -- i.e. scoring
by other means more likely than not catches spam before SPF soft fails are
taken into consideration.
I hope that's informative and you may email me if you would like some
additional information,
Philip Hachey
--
Message was sent via the SPF website contact form
<http://new.openspf.org/Contact>
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com