<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_12_17_2359241</id>
	<title>Are You Using SPF Records?</title>
	<author>timothy</author>
	<datestamp>1261051740000</datestamp>
	<htmltext>gravyface writes <i>"I've been setting up proper <a href="http://en.wikipedia.org/wiki/Sender\_Policy\_Framework">Sender Policy Framework</a> records for all my clients for past year or so, hoping to either maintain or improve their 'reputation'  in the email universe.  However, there's a lot of IT admins I speak with who either haven't heard of SPF records or haven't bothered setting them up.  How many of you are using SPF records for your mail domains?  Does it help? How many anti-spam vendors out there use SPF records as part of their 'scorecard'?"</i></htmltext>
<tokenext>gravyface writes " I 've been setting up proper Sender Policy Framework records for all my clients for past year or so , hoping to either maintain or improve their 'reputation ' in the email universe .
However , there 's a lot of IT admins I speak with who either have n't heard of SPF records or have n't bothered setting them up .
How many of you are using SPF records for your mail domains ?
Does it help ?
How many anti-spam vendors out there use SPF records as part of their 'scorecard ' ?
"</tokentext>
<sentencetext>gravyface writes "I've been setting up proper Sender Policy Framework records for all my clients for past year or so, hoping to either maintain or improve their 'reputation'  in the email universe.
However, there's a lot of IT admins I speak with who either haven't heard of SPF records or haven't bothered setting them up.
How many of you are using SPF records for your mail domains?
Does it help?
How many anti-spam vendors out there use SPF records as part of their 'scorecard'?
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482706</id>
	<title>Re:They help, but only slightly!</title>
	<author>WuphonsReach</author>
	<datestamp>1261063080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The point of the ~all was so that you could start testing the waters.<br>
<br>
We ran with ~all for a few years, but have recently switched everything over to -all.<br>
<br>
So far, I've seen only 1 or 2 false positives where the SPF check failed - even when sent from our own mail servers.  I'm guessing that the destination mail server had DNS troubles when it tested our message.<br>
<br>
We've also started 5xx (rejecting) at SMTP time if the inbound message fails its SPF check.  SPF has been around for long enough at this point, that mail admins who have implemented it *should* have the bugs worked out. (The time for excuses are past, and if we don't reject at SMTP time, the origin mail admin won't know things are broken.)</htmltext>
<tokenext>The point of the ~ all was so that you could start testing the waters .
We ran with ~ all for a few years , but have recently switched everything over to -all .
So far , I 've seen only 1 or 2 false positives where the SPF check failed - even when sent from our own mail servers .
I 'm guessing that the destination mail server had DNS troubles when it tested our message .
We 've also started 5xx ( rejecting ) at SMTP time if the inbound message fails its SPF check .
SPF has been around for long enough at this point , that mail admins who have implemented it * should * have the bugs worked out .
( The time for excuses are past , and if we do n't reject at SMTP time , the origin mail admin wo n't know things are broken .
)</tokentext>
<sentencetext>The point of the ~all was so that you could start testing the waters.
We ran with ~all for a few years, but have recently switched everything over to -all.
So far, I've seen only 1 or 2 false positives where the SPF check failed - even when sent from our own mail servers.
I'm guessing that the destination mail server had DNS troubles when it tested our message.
We've also started 5xx (rejecting) at SMTP time if the inbound message fails its SPF check.
SPF has been around for long enough at this point, that mail admins who have implemented it *should* have the bugs worked out.
(The time for excuses are past, and if we don't reject at SMTP time, the origin mail admin won't know things are broken.
)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481942</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30495946</id>
	<title>Subzones of com, net and org using SPF</title>
	<author>huskymo</author>
	<datestamp>1261149780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Our annual survey of the Internet's DNS infrastructure measures (among other things) the percentage of a random sample of com, net and org subzones that use SPF.  In the October 2009 survey, we found that 12.2\% of the sample used SPF records.  For more information, see <a href="http://dns.measurement-factory.com/surveys/200910.html" title="measurement-factory.com" rel="nofollow">http://dns.measurement-factory.com/surveys/200910.html</a> [measurement-factory.com]</p></htmltext>
<tokenext>Our annual survey of the Internet 's DNS infrastructure measures ( among other things ) the percentage of a random sample of com , net and org subzones that use SPF .
In the October 2009 survey , we found that 12.2 \ % of the sample used SPF records .
For more information , see http : //dns.measurement-factory.com/surveys/200910.html [ measurement-factory.com ]</tokentext>
<sentencetext>Our annual survey of the Internet's DNS infrastructure measures (among other things) the percentage of a random sample of com, net and org subzones that use SPF.
In the October 2009 survey, we found that 12.2\% of the sample used SPF records.
For more information, see http://dns.measurement-factory.com/surveys/200910.html [measurement-factory.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483902</id>
	<title>Re:Anti-spam vendor's perspective</title>
	<author>Shimmer</author>
	<datestamp>1261074780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>"people do foolish things like put their work email address into their webmail account"</p><p>Why do webmail providers allow this? In fact, why would a webmail provider allow you to specify any "From:" address other than the user's actual webmail account?</p></htmltext>
<tokenext>" people do foolish things like put their work email address into their webmail account " Why do webmail providers allow this ?
In fact , why would a webmail provider allow you to specify any " From : " address other than the user 's actual webmail account ?</tokentext>
<sentencetext>"people do foolish things like put their work email address into their webmail account"Why do webmail providers allow this?
In fact, why would a webmail provider allow you to specify any "From:" address other than the user's actual webmail account?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481694</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482444</id>
	<title>Re:I use them, but mainly for deniability</title>
	<author>WuphonsReach</author>
	<datestamp>1261061280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>DKIM solves a different problem, the two solutions (SPF vs DKIM) are not mutually exclusive.</htmltext>
<tokenext>DKIM solves a different problem , the two solutions ( SPF vs DKIM ) are not mutually exclusive .</tokentext>
<sentencetext>DKIM solves a different problem, the two solutions (SPF vs DKIM) are not mutually exclusive.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481590</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481812</id>
	<title>Use SPF.</title>
	<author>Anonymous</author>
	<datestamp>1261057140000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>If you aren't using SPF, you aren't doing your job. I've become merciless in my dealings with other sites who don't use SPF, or even worse publish incorrect SPF.</p></htmltext>
<tokenext>If you are n't using SPF , you are n't doing your job .
I 've become merciless in my dealings with other sites who do n't use SPF , or even worse publish incorrect SPF .</tokentext>
<sentencetext>If you aren't using SPF, you aren't doing your job.
I've become merciless in my dealings with other sites who don't use SPF, or even worse publish incorrect SPF.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483798</id>
	<title>Infomatrix</title>
	<author>Anonymous</author>
	<datestamp>1261073280000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>8 Billion web pages, which one, exactly, are you looking for?<br>
8 Billion. And that's a very conservative number. How do you find what you don't know what you are looking for? I'll describe my setup to cut through the information overload of today's world.<br>
<br>
Most of these functions are built into my browser, Chrome, through extensions but other browsers are more than capable of doing them as well: especially Firefox. Internet Explorer is the most limited here but even it can access most of these functions through straight web-interfaces - although clunky.<br>
<br>
The basis of all the following systems is the RSS Feed. It is a method of condensing a website into a synopsis of stories which are then linked to. The place to begin with RSS feeds is to get yourself a Gmail account. This single log-on will allow you to access the whole range of Google Web-Services. After you do that you sign up for Google Reader with your gmail login. You can then begin to add feeds from your favorite web-sites to that. You can, in Chrome, use an extension called: RSS Subscription to easily add feeds from your favorite web-sites to Reader. Once you have a good amount of feeds subscribed, the next step is to set up a Feedly account. Feedly integrates completely with Google Reader so you don't need reader other than a place to store your subscriptions. Feedly provides a magazine like summary of all of your favorite web-sites in one easy to use place through the magic of RSS Feeds. Now, on your second monitor you set up another web-site called Lazyfeed. I like to have this browser set to full-screen. Lazyfeed is organized by topics instead of web-sites and constantly updates as new stories appear on the web. Be specific in the topics you are interested with. Going beyond all of this, and all these services integrate seamlessly with this as well, is to use the micro-blogging service Twitter as a method to find the latest sites. Twitter can be clunky as a web-page, but again, if you integrate it into Chrome using an extension such as Chromed Bird then it actually operates in a very fluid manner. Twitter is another means of aggregation, you follow people who are interesting and if they find you interesting they follow you: providing links the entire time. The whole of these systems allows you to cut straight through all the fluff and find what interests you - even if you don't know what that is!<br>
<br>
ProTip: When viewing items in Lazyfeed they all have an RSS button so you can subscribe to the complete feed in Reader and by extension Feedly!<br>
<br>
Another, but less related system - especially if you download lots of books - is to use: Google Desktop which provides a side-bar and more importantly an indexer which will look inside all your files and provide Google Search to them. Very useful for going deeper. <br>
<br>
Links:<br>
<a href="http://en.wikipedia.org/wiki/RSS" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/RSS</a> [wikipedia.org] - RSS Description<br>
<a href="http://www.google.ca/reader/" title="google.ca" rel="nofollow">http://www.google.ca/reader/</a> [google.ca] - Google Reader<br>
<a href="https://chrome.google.com/extensions/detail/nlbjncdgjeocebhnmkbbbdekmmmcbfjd" title="google.com" rel="nofollow">https://chrome.google.com/extensions/detail/nlbjncdgjeocebhnmkbbbdekmmmcbfjd</a> [google.com] - RSS Subscription Extension<br>
<a href="http://www.feedly.com/" title="feedly.com" rel="nofollow">http://www.feedly.com/</a> [feedly.com] - Feedly<br>
<a href="http://www.lazyfeed.com/" title="lazyfeed.com" rel="nofollow">http://www.lazyfeed.com/</a> [lazyfeed.com] - Lazyfeed<br>
<a href="http://twitter.com/" title="twitter.com" rel="nofollow">http://twitter.com/</a> [twitter.com] - Twitter<br>
<a href="https://chrome.google.com/extensions/detail/encaiiljifbdbjlphpgpiimidegddhic" title="google.com" rel="nofollow">https://chrome.google.com/extensions/detail/encaiiljifbdbjlphpgpiimidegddhic</a> [google.com] - Chromed Bird<br>
<a href="http://desktop.google.ca/en/?ignua=1" title="google.ca" rel="nofollow">http://desktop.google.ca/en/?ignua=1</a> [google.ca] - Google Desktop<br>
<br>
<a href="http://digiphile.wordpress.com/2009/12/17/linking-tweeting-and-social-search-on-the-human-curated-web/" title="wordpress.com" rel="nofollow">http://digiphile.wordpress.com/2009/12/17/linking-tweeting-and-social-search-on-the-human-curated-web/</a> [wordpress.com]  - Article on social search<br>
<a href="http://oneforty.com/" title="oneforty.com" rel="nofollow">http://oneforty.com/</a> [oneforty.com] - Th</htmltext>
<tokenext>8 Billion web pages , which one , exactly , are you looking for ?
8 Billion .
And that 's a very conservative number .
How do you find what you do n't know what you are looking for ?
I 'll describe my setup to cut through the information overload of today 's world .
Most of these functions are built into my browser , Chrome , through extensions but other browsers are more than capable of doing them as well : especially Firefox .
Internet Explorer is the most limited here but even it can access most of these functions through straight web-interfaces - although clunky .
The basis of all the following systems is the RSS Feed .
It is a method of condensing a website into a synopsis of stories which are then linked to .
The place to begin with RSS feeds is to get yourself a Gmail account .
This single log-on will allow you to access the whole range of Google Web-Services .
After you do that you sign up for Google Reader with your gmail login .
You can then begin to add feeds from your favorite web-sites to that .
You can , in Chrome , use an extension called : RSS Subscription to easily add feeds from your favorite web-sites to Reader .
Once you have a good amount of feeds subscribed , the next step is to set up a Feedly account .
Feedly integrates completely with Google Reader so you do n't need reader other than a place to store your subscriptions .
Feedly provides a magazine like summary of all of your favorite web-sites in one easy to use place through the magic of RSS Feeds .
Now , on your second monitor you set up another web-site called Lazyfeed .
I like to have this browser set to full-screen .
Lazyfeed is organized by topics instead of web-sites and constantly updates as new stories appear on the web .
Be specific in the topics you are interested with .
Going beyond all of this , and all these services integrate seamlessly with this as well , is to use the micro-blogging service Twitter as a method to find the latest sites .
Twitter can be clunky as a web-page , but again , if you integrate it into Chrome using an extension such as Chromed Bird then it actually operates in a very fluid manner .
Twitter is another means of aggregation , you follow people who are interesting and if they find you interesting they follow you : providing links the entire time .
The whole of these systems allows you to cut straight through all the fluff and find what interests you - even if you do n't know what that is !
ProTip : When viewing items in Lazyfeed they all have an RSS button so you can subscribe to the complete feed in Reader and by extension Feedly !
Another , but less related system - especially if you download lots of books - is to use : Google Desktop which provides a side-bar and more importantly an indexer which will look inside all your files and provide Google Search to them .
Very useful for going deeper .
Links : http : //en.wikipedia.org/wiki/RSS [ wikipedia.org ] - RSS Description http : //www.google.ca/reader/ [ google.ca ] - Google Reader https : //chrome.google.com/extensions/detail/nlbjncdgjeocebhnmkbbbdekmmmcbfjd [ google.com ] - RSS Subscription Extension http : //www.feedly.com/ [ feedly.com ] - Feedly http : //www.lazyfeed.com/ [ lazyfeed.com ] - Lazyfeed http : //twitter.com/ [ twitter.com ] - Twitter https : //chrome.google.com/extensions/detail/encaiiljifbdbjlphpgpiimidegddhic [ google.com ] - Chromed Bird http : //desktop.google.ca/en/ ? ignua = 1 [ google.ca ] - Google Desktop http : //digiphile.wordpress.com/2009/12/17/linking-tweeting-and-social-search-on-the-human-curated-web/ [ wordpress.com ] - Article on social search http : //oneforty.com/ [ oneforty.com ] - Th</tokentext>
<sentencetext>8 Billion web pages, which one, exactly, are you looking for?
8 Billion.
And that's a very conservative number.
How do you find what you don't know what you are looking for?
I'll describe my setup to cut through the information overload of today's world.
Most of these functions are built into my browser, Chrome, through extensions but other browsers are more than capable of doing them as well: especially Firefox.
Internet Explorer is the most limited here but even it can access most of these functions through straight web-interfaces - although clunky.
The basis of all the following systems is the RSS Feed.
It is a method of condensing a website into a synopsis of stories which are then linked to.
The place to begin with RSS feeds is to get yourself a Gmail account.
This single log-on will allow you to access the whole range of Google Web-Services.
After you do that you sign up for Google Reader with your gmail login.
You can then begin to add feeds from your favorite web-sites to that.
You can, in Chrome, use an extension called: RSS Subscription to easily add feeds from your favorite web-sites to Reader.
Once you have a good amount of feeds subscribed, the next step is to set up a Feedly account.
Feedly integrates completely with Google Reader so you don't need reader other than a place to store your subscriptions.
Feedly provides a magazine like summary of all of your favorite web-sites in one easy to use place through the magic of RSS Feeds.
Now, on your second monitor you set up another web-site called Lazyfeed.
I like to have this browser set to full-screen.
Lazyfeed is organized by topics instead of web-sites and constantly updates as new stories appear on the web.
Be specific in the topics you are interested with.
Going beyond all of this, and all these services integrate seamlessly with this as well, is to use the micro-blogging service Twitter as a method to find the latest sites.
Twitter can be clunky as a web-page, but again, if you integrate it into Chrome using an extension such as Chromed Bird then it actually operates in a very fluid manner.
Twitter is another means of aggregation, you follow people who are interesting and if they find you interesting they follow you: providing links the entire time.
The whole of these systems allows you to cut straight through all the fluff and find what interests you - even if you don't know what that is!
ProTip: When viewing items in Lazyfeed they all have an RSS button so you can subscribe to the complete feed in Reader and by extension Feedly!
Another, but less related system - especially if you download lots of books - is to use: Google Desktop which provides a side-bar and more importantly an indexer which will look inside all your files and provide Google Search to them.
Very useful for going deeper.
Links:
http://en.wikipedia.org/wiki/RSS [wikipedia.org] - RSS Description
http://www.google.ca/reader/ [google.ca] - Google Reader
https://chrome.google.com/extensions/detail/nlbjncdgjeocebhnmkbbbdekmmmcbfjd [google.com] - RSS Subscription Extension
http://www.feedly.com/ [feedly.com] - Feedly
http://www.lazyfeed.com/ [lazyfeed.com] - Lazyfeed
http://twitter.com/ [twitter.com] - Twitter
https://chrome.google.com/extensions/detail/encaiiljifbdbjlphpgpiimidegddhic [google.com] - Chromed Bird
http://desktop.google.ca/en/?ignua=1 [google.ca] - Google Desktop

http://digiphile.wordpress.com/2009/12/17/linking-tweeting-and-social-search-on-the-human-curated-web/ [wordpress.com]  - Article on social search
http://oneforty.com/ [oneforty.com] - Th</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483120</id>
	<title>Yes</title>
	<author>mysidia</author>
	<datestamp>1261066440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
I publish SPF records.
</p><p>
I administer SurgeMail mail software.
</p><p>
Senders that don't publish SPF records are <b>dodgy sources</b>,  and they get an automatic penalty, unless the source IP matches the MX record and listens on port 25.</p><p>
Automatic +5.0 to spam score.
Basically assures the sender will be hit by graylisting,  and the message may ultimately be classified spam.
</p><p>
Fail to publish proper SPF records at you and your users' peril.
</p></htmltext>
<tokenext>I publish SPF records .
I administer SurgeMail mail software .
Senders that do n't publish SPF records are dodgy sources , and they get an automatic penalty , unless the source IP matches the MX record and listens on port 25 .
Automatic + 5.0 to spam score .
Basically assures the sender will be hit by graylisting , and the message may ultimately be classified spam .
Fail to publish proper SPF records at you and your users ' peril .</tokentext>
<sentencetext>
I publish SPF records.
I administer SurgeMail mail software.
Senders that don't publish SPF records are dodgy sources,  and they get an automatic penalty, unless the source IP matches the MX record and listens on port 25.
Automatic +5.0 to spam score.
Basically assures the sender will be hit by graylisting,  and the message may ultimately be classified spam.
Fail to publish proper SPF records at you and your users' peril.
</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481862</id>
	<title>I use it so I don't get blacklisted</title>
	<author>Coolcom</author>
	<datestamp>1261057320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Before implementing an SPF record, my mail server IP was getting put on all sorts of blacklists. People were sending mail claiming to be from my domain and it was causing me to get on the BLs; all the major ones like CBL, Barracuda, Spamhaus, etc. Anytime anyone would try and send mail to me it would be rejected. I don't use SPF for checking incoming mail, I have the mail checked against a few RBLs and anti-spam software.</htmltext>
<tokenext>Before implementing an SPF record , my mail server IP was getting put on all sorts of blacklists .
People were sending mail claiming to be from my domain and it was causing me to get on the BLs ; all the major ones like CBL , Barracuda , Spamhaus , etc .
Anytime anyone would try and send mail to me it would be rejected .
I do n't use SPF for checking incoming mail , I have the mail checked against a few RBLs and anti-spam software .</tokentext>
<sentencetext>Before implementing an SPF record, my mail server IP was getting put on all sorts of blacklists.
People were sending mail claiming to be from my domain and it was causing me to get on the BLs; all the major ones like CBL, Barracuda, Spamhaus, etc.
Anytime anyone would try and send mail to me it would be rejected.
I don't use SPF for checking incoming mail, I have the mail checked against a few RBLs and anti-spam software.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481644</id>
	<title>Hosting Services don't make it easy...</title>
	<author>Jah-Wren Ryel</author>
	<datestamp>1261056300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>SPF has been around for at least a couple of years, but at least one very large hosting provider - hostgator.com - hasn't made it any easier to implement.  They still require that you email them and request that they set it up for you.</p><p><a href="http://forums.hostgator.com/custom-mx-and-spf-records-t58820.html" title="hostgator.com">http://forums.hostgator.com/custom-mx-and-spf-records-t58820.html</a> [hostgator.com]</p></htmltext>
<tokenext>SPF has been around for at least a couple of years , but at least one very large hosting provider - hostgator.com - has n't made it any easier to implement .
They still require that you email them and request that they set it up for you.http : //forums.hostgator.com/custom-mx-and-spf-records-t58820.html [ hostgator.com ]</tokentext>
<sentencetext>SPF has been around for at least a couple of years, but at least one very large hosting provider - hostgator.com - hasn't made it any easier to implement.
They still require that you email them and request that they set it up for you.http://forums.hostgator.com/custom-mx-and-spf-records-t58820.html [hostgator.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484464</id>
	<title>No, we don't use SPF</title>
	<author>Lazy Jones</author>
	<datestamp>1261169940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>... the last 3 times we attempted to, we had too many recipients rejecting our e-mails due to broken forwards.</htmltext>
<tokenext>... the last 3 times we attempted to , we had too many recipients rejecting our e-mails due to broken forwards .</tokentext>
<sentencetext>... the last 3 times we attempted to, we had too many recipients rejecting our e-mails due to broken forwards.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483452</id>
	<title>all my clients</title>
	<author>Anonymous</author>
	<datestamp>1261069740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>All my clients in australia are configured with SPF - I consider it essential at guarding against spoofing.</p></htmltext>
<tokenext>All my clients in australia are configured with SPF - I consider it essential at guarding against spoofing .</tokentext>
<sentencetext>All my clients in australia are configured with SPF - I consider it essential at guarding against spoofing.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30486418</id>
	<title>Resellers and private domain owners</title>
	<author>Anonymous</author>
	<datestamp>1261147920000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>So now every poor sod that has set up a website for his school, his football club or friend's private business is asking himself: What should I do? Do I need to do anything at all?<br>While it's nice to hear that it doesn't mean a whole lot because it's not accepted or implemented widely, there is still something quick and easy you can start with to see where you stand.<br>Use http://www.trustedsource.org/query/mydomain.tld and they'll tell you where you stand today. Chances are, your ISP host has got SPF turned on already, and you're all cool if any overly officious school board member comes whining at you. It's a McAfee site, but it's free, and a good start to investigating further if you've really got the spare time to waste.</p></htmltext>
<tokenext>So now every poor sod that has set up a website for his school , his football club or friend 's private business is asking himself : What should I do ?
Do I need to do anything at all ? While it 's nice to hear that it does n't mean a whole lot because it 's not accepted or implemented widely , there is still something quick and easy you can start with to see where you stand.Use http : //www.trustedsource.org/query/mydomain.tld and they 'll tell you where you stand today .
Chances are , your ISP host has got SPF turned on already , and you 're all cool if any overly officious school board member comes whining at you .
It 's a McAfee site , but it 's free , and a good start to investigating further if you 've really got the spare time to waste .</tokentext>
<sentencetext>So now every poor sod that has set up a website for his school, his football club or friend's private business is asking himself: What should I do?
Do I need to do anything at all?While it's nice to hear that it doesn't mean a whole lot because it's not accepted or implemented widely, there is still something quick and easy you can start with to see where you stand.Use http://www.trustedsource.org/query/mydomain.tld and they'll tell you where you stand today.
Chances are, your ISP host has got SPF turned on already, and you're all cool if any overly officious school board member comes whining at you.
It's a McAfee site, but it's free, and a good start to investigating further if you've really got the spare time to waste.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483642</id>
	<title>Re:Yes.</title>
	<author>dhammabum</author>
	<datestamp>1261071660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I've checked the number of DNS queries to our domain looking for these SPF records a few months ago - got about 50 requests / hour compared to say 2-300 messages/hour total. Of course there is no direct relation between the number of messages we send and those queries necessarily....</p><p>It is easy enough to test for it:  dig -t txt domain.tld   - I found it funny that most of the large corporates here in Oz don't use it.</p></htmltext>
<tokenext>I 've checked the number of DNS queries to our domain looking for these SPF records a few months ago - got about 50 requests / hour compared to say 2-300 messages/hour total .
Of course there is no direct relation between the number of messages we send and those queries necessarily....It is easy enough to test for it : dig -t txt domain.tld - I found it funny that most of the large corporates here in Oz do n't use it .</tokentext>
<sentencetext>I've checked the number of DNS queries to our domain looking for these SPF records a few months ago - got about 50 requests / hour compared to say 2-300 messages/hour total.
Of course there is no direct relation between the number of messages we send and those queries necessarily....It is easy enough to test for it:  dig -t txt domain.tld   - I found it funny that most of the large corporates here in Oz don't use it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481468</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484606</id>
	<title>Use it if you want trouble</title>
	<author>trendzetter</author>
	<datestamp>1261129140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If your mail does not arrive your supposted to get a helpful answer here: www.openspf.org/Why<br>It's been down for ages.</p></htmltext>
<tokenext>If your mail does not arrive your supposted to get a helpful answer here : www.openspf.org/WhyIt 's been down for ages .</tokentext>
<sentencetext>If your mail does not arrive your supposted to get a helpful answer here: www.openspf.org/WhyIt's been down for ages.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481814</id>
	<title>yes....</title>
	<author>Anonymous</author>
	<datestamp>1261057140000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I publish SPF records for my company and I check them, if SPF FAILS or SOFTFAILS it gets an SCL that will filter it into Junk. If SPF is OK or there is no SPF it continues through the process.</p></htmltext>
<tokenext>I publish SPF records for my company and I check them , if SPF FAILS or SOFTFAILS it gets an SCL that will filter it into Junk .
If SPF is OK or there is no SPF it continues through the process .</tokentext>
<sentencetext>I publish SPF records for my company and I check them, if SPF FAILS or SOFTFAILS it gets an SCL that will filter it into Junk.
If SPF is OK or there is no SPF it continues through the process.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484468</id>
	<title>Yes I am</title>
	<author>frambris</author>
	<datestamp>1261126860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Yes it does</htmltext>
<tokenext>Yes it does</tokentext>
<sentencetext>Yes it does</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30485336</id>
	<title>See NANOG archives</title>
	<author>lorand</author>
	<datestamp>1261138860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>There was a recent thread on the topic on the NANOG mainling list, see <a href="http://www.merit.edu/mail.archives/nanog/msg02874.html" title="merit.edu" rel="nofollow">http://www.merit.edu/mail.archives/nanog/msg02874.html</a> [merit.edu]</htmltext>
<tokenext>There was a recent thread on the topic on the NANOG mainling list , see http : //www.merit.edu/mail.archives/nanog/msg02874.html [ merit.edu ]</tokentext>
<sentencetext>There was a recent thread on the topic on the NANOG mainling list, see http://www.merit.edu/mail.archives/nanog/msg02874.html [merit.edu]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30485512</id>
	<title>I would but .....</title>
	<author>DrSkwid</author>
	<datestamp>1261141500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><a href="http://www.openspf.org/" title="openspf.org">http://www.openspf.org/</a> [openspf.org] has been down all week and it has all the instructions</p><p>3 Install postfix-policyd-spf-perl</p><p>Next we download postfix-policyd-spf-perl from <a href="http://www.openspf.org/Software" title="openspf.org">http://www.openspf.org/Software</a> [openspf.org] to the<nobr> <wbr></nobr>/usr/src/ directory and install it to the<nobr> <wbr></nobr>/usr/lib/postfix/ directory like this:</p></htmltext>
<tokenext>http : //www.openspf.org/ [ openspf.org ] has been down all week and it has all the instructions3 Install postfix-policyd-spf-perlNext we download postfix-policyd-spf-perl from http : //www.openspf.org/Software [ openspf.org ] to the /usr/src/ directory and install it to the /usr/lib/postfix/ directory like this :</tokentext>
<sentencetext>http://www.openspf.org/ [openspf.org] has been down all week and it has all the instructions3 Install postfix-policyd-spf-perlNext we download postfix-policyd-spf-perl from http://www.openspf.org/Software [openspf.org] to the /usr/src/ directory and install it to the /usr/lib/postfix/ directory like this:</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481730</id>
	<title>SPF is usless</title>
	<author>DarkOx</author>
	<datestamp>1261056720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Its not helpful in reducing SPAM unless or until every uses it.  Why because you can't toss out mail from domains without SPF records you'd loose to much HAM.  You can only uses it to detect and reject spoofs from domains with SPF.</p><p>Its not good as an anti spoofing technique in general because there are lots of ways you could make it look like you were sending from the correct host.  Possibly in conjunction with DNSSEC (something only being slowly adopted) and some enhancements to BGP you could get there buy SPF alone does not do it.</p><p>A public private key scheme on the message bodies would, be much much more secure, and reliable for the anti spoof use.</p><p>Sometimes you want to temporarily run your mail out a different IP or relay from another domain, and if you used SPF and your recipients have the dns record cached you are kinda screwed if you need to do anything in a hurry.</p><p>SPF is an infective solution at best and really amounts to needless complexity which can only cause problems at worst.</p><p>The SPAM and tamper issues are both better solved with message signing.</p></htmltext>
<tokenext>Its not helpful in reducing SPAM unless or until every uses it .
Why because you ca n't toss out mail from domains without SPF records you 'd loose to much HAM .
You can only uses it to detect and reject spoofs from domains with SPF.Its not good as an anti spoofing technique in general because there are lots of ways you could make it look like you were sending from the correct host .
Possibly in conjunction with DNSSEC ( something only being slowly adopted ) and some enhancements to BGP you could get there buy SPF alone does not do it.A public private key scheme on the message bodies would , be much much more secure , and reliable for the anti spoof use.Sometimes you want to temporarily run your mail out a different IP or relay from another domain , and if you used SPF and your recipients have the dns record cached you are kinda screwed if you need to do anything in a hurry.SPF is an infective solution at best and really amounts to needless complexity which can only cause problems at worst.The SPAM and tamper issues are both better solved with message signing .</tokentext>
<sentencetext>Its not helpful in reducing SPAM unless or until every uses it.
Why because you can't toss out mail from domains without SPF records you'd loose to much HAM.
You can only uses it to detect and reject spoofs from domains with SPF.Its not good as an anti spoofing technique in general because there are lots of ways you could make it look like you were sending from the correct host.
Possibly in conjunction with DNSSEC (something only being slowly adopted) and some enhancements to BGP you could get there buy SPF alone does not do it.A public private key scheme on the message bodies would, be much much more secure, and reliable for the anti spoof use.Sometimes you want to temporarily run your mail out a different IP or relay from another domain, and if you used SPF and your recipients have the dns record cached you are kinda screwed if you need to do anything in a hurry.SPF is an infective solution at best and really amounts to needless complexity which can only cause problems at worst.The SPAM and tamper issues are both better solved with message signing.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482462</id>
	<title>I would use domain keys and SPF but...</title>
	<author>daveb1</author>
	<datestamp>1261061340000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>I would use domain keys and SPF but... i use google apps. So i could use SPF records... but personally i prefer domain keys and don't want to use one without the other.

Having pointed out to my computer faculty that they had an SPF which allowed only one host(/32) (it wasn't the mail server! ) and the admin thought that softfail was soft pass<nobr> <wbr></nobr>.... i personally recommend against using SPF unless you do it correctly.</htmltext>
<tokenext>I would use domain keys and SPF but... i use google apps .
So i could use SPF records... but personally i prefer domain keys and do n't want to use one without the other .
Having pointed out to my computer faculty that they had an SPF which allowed only one host ( /32 ) ( it was n't the mail server !
) and the admin thought that softfail was soft pass .... i personally recommend against using SPF unless you do it correctly .</tokentext>
<sentencetext>I would use domain keys and SPF but... i use google apps.
So i could use SPF records... but personally i prefer domain keys and don't want to use one without the other.
Having pointed out to my computer faculty that they had an SPF which allowed only one host(/32) (it wasn't the mail server!
) and the admin thought that softfail was soft pass .... i personally recommend against using SPF unless you do it correctly.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483180</id>
	<title>Re:No, and I won't</title>
	<author>mysidia</author>
	<datestamp>1261066920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It's not harmful.  That post is based on a lie.
</p><p> <em>
So they have an account <b>elsewhere</b>, at a vanity domain or on another computer, and they forward  mail from that address to whichever is their current ISP, or their employer.</em> </p><p>
The keyword is <b>elsewhere</b>.
</p><p>
<b>RFC 1123</b>  deprecated the concept of a proper return path.  If it hadn't happened, there would be no issue.
</p><p>
But due to RFC 1123, if you place another mail server's hostname in the "MAIL FROM" line, you are committing forgery,  regardless of any ad-hoc justification you may come up with for "permitting" it.
</p><p>
The abuse doesn't make a technology that stops it evil.
</p><p>
Particularly when there is a good workaround called <b>SRS</b>.
</p></htmltext>
<tokenext>It 's not harmful .
That post is based on a lie .
So they have an account elsewhere , at a vanity domain or on another computer , and they forward mail from that address to whichever is their current ISP , or their employer .
The keyword is elsewhere .
RFC 1123 deprecated the concept of a proper return path .
If it had n't happened , there would be no issue .
But due to RFC 1123 , if you place another mail server 's hostname in the " MAIL FROM " line , you are committing forgery , regardless of any ad-hoc justification you may come up with for " permitting " it .
The abuse does n't make a technology that stops it evil .
Particularly when there is a good workaround called SRS .</tokentext>
<sentencetext>It's not harmful.
That post is based on a lie.
So they have an account elsewhere, at a vanity domain or on another computer, and they forward  mail from that address to whichever is their current ISP, or their employer.
The keyword is elsewhere.
RFC 1123  deprecated the concept of a proper return path.
If it hadn't happened, there would be no issue.
But due to RFC 1123, if you place another mail server's hostname in the "MAIL FROM" line, you are committing forgery,  regardless of any ad-hoc justification you may come up with for "permitting" it.
The abuse doesn't make a technology that stops it evil.
Particularly when there is a good workaround called SRS.
</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30487504</id>
	<title>SPF is Bad</title>
	<author>Anonymous</author>
	<datestamp>1261153140000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I host email for a bunch of small businesses, many of which work from their homes.  When my clients' access to their own (my) mailserver is blocked by their ISP (comcast, verizon, etc.), they're forced to use their ISP's outgoing mailserver(s).  I can't do SPF records for all the possible ISP outgoing servers, and that would defeat much of the purpose anyway, so I don't do SPF at all.</p><p>I'm on the big guys' (aol, comcast) feedback loop programs, and that seems to have been the biggest factor in getting them to accept lots of mail from my domains.  That and having a rock-solid spam filtering setup for incoming mail so crap doesn't get forwarded out....</p></htmltext>
<tokenext>I host email for a bunch of small businesses , many of which work from their homes .
When my clients ' access to their own ( my ) mailserver is blocked by their ISP ( comcast , verizon , etc .
) , they 're forced to use their ISP 's outgoing mailserver ( s ) .
I ca n't do SPF records for all the possible ISP outgoing servers , and that would defeat much of the purpose anyway , so I do n't do SPF at all.I 'm on the big guys ' ( aol , comcast ) feedback loop programs , and that seems to have been the biggest factor in getting them to accept lots of mail from my domains .
That and having a rock-solid spam filtering setup for incoming mail so crap does n't get forwarded out... .</tokentext>
<sentencetext>I host email for a bunch of small businesses, many of which work from their homes.
When my clients' access to their own (my) mailserver is blocked by their ISP (comcast, verizon, etc.
), they're forced to use their ISP's outgoing mailserver(s).
I can't do SPF records for all the possible ISP outgoing servers, and that would defeat much of the purpose anyway, so I don't do SPF at all.I'm on the big guys' (aol, comcast) feedback loop programs, and that seems to have been the biggest factor in getting them to accept lots of mail from my domains.
That and having a rock-solid spam filtering setup for incoming mail so crap doesn't get forwarded out....</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482126</id>
	<title>Setting up DKIM</title>
	<author>muphin</author>
	<datestamp>1261059000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>I was recently appointed a IT Manager and was told to stop the spam, as management was getting atleast 300 spam a day, each.<br>
Our current email provider would NOT implement DKIM, but I did have control to my domain records.<br>
SPF is too easy to implement; see <a href="http://www.openspf.org/" title="openspf.org" rel="nofollow">http://www.openspf.org/</a> [openspf.org] <br>
DKIM on the other hand took a while, i tried DKIMproxy but couldn't get it to sign messages outside the local network so i moved to amavis, see; <a href="http://www.faqforge.com/linux/how-to-enable-dkim-email-signatures-in-amavisd-new-and-ispconfig-3/" title="faqforge.com" rel="nofollow">http://www.faqforge.com/linux/how-to-enable-dkim-email-signatures-in-amavisd-new-and-ispconfig-3/</a> [faqforge.com] <br>
There is plenty of manuals and support on how to implement SPF and DKIM i do not see why (for the benefit of the provider) its not being implemented.<br>
I have seen so many web hosts provide hosting and disable this feature its inexcusable.<br>
<br>
SPF: proves an email should only be legitimised if the sender server matches the record; as many assume its not an anti-spam mesure but to ensure that the server you send from doesnt send spam through your domain.<br>
DKIM: proves that the email sent WAS from your server by referencing the key generated in the email to the one on your public DNS record.<br>
<br>
combining both ensures people receiving your email that you are the one sending it and that you sent it from your server. <br>
<br>
By implementing SPF, DKIM and DNSBL (you should see the amount of spam that gets denied now) my boss' spam has reached to probably 5 a day with is a protection rate on 98.4\%
only issue i have is with china, since we communicate with manufacturers in china and they have a huge spam rate it can get complicated.<br>
<br>
there are two methods, stop spam from sending to you (DNSBL) and stop spam from sending from you (SPF and DKIM) the latter ensures people will get your email, the former still blocks legitimate email from blocked IP's which is still a worry<nobr> <wbr></nobr>:(</htmltext>
<tokenext>I was recently appointed a IT Manager and was told to stop the spam , as management was getting atleast 300 spam a day , each .
Our current email provider would NOT implement DKIM , but I did have control to my domain records .
SPF is too easy to implement ; see http : //www.openspf.org/ [ openspf.org ] DKIM on the other hand took a while , i tried DKIMproxy but could n't get it to sign messages outside the local network so i moved to amavis , see ; http : //www.faqforge.com/linux/how-to-enable-dkim-email-signatures-in-amavisd-new-and-ispconfig-3/ [ faqforge.com ] There is plenty of manuals and support on how to implement SPF and DKIM i do not see why ( for the benefit of the provider ) its not being implemented .
I have seen so many web hosts provide hosting and disable this feature its inexcusable .
SPF : proves an email should only be legitimised if the sender server matches the record ; as many assume its not an anti-spam mesure but to ensure that the server you send from doesnt send spam through your domain .
DKIM : proves that the email sent WAS from your server by referencing the key generated in the email to the one on your public DNS record .
combining both ensures people receiving your email that you are the one sending it and that you sent it from your server .
By implementing SPF , DKIM and DNSBL ( you should see the amount of spam that gets denied now ) my boss ' spam has reached to probably 5 a day with is a protection rate on 98.4 \ % only issue i have is with china , since we communicate with manufacturers in china and they have a huge spam rate it can get complicated .
there are two methods , stop spam from sending to you ( DNSBL ) and stop spam from sending from you ( SPF and DKIM ) the latter ensures people will get your email , the former still blocks legitimate email from blocked IP 's which is still a worry : (</tokentext>
<sentencetext>I was recently appointed a IT Manager and was told to stop the spam, as management was getting atleast 300 spam a day, each.
Our current email provider would NOT implement DKIM, but I did have control to my domain records.
SPF is too easy to implement; see http://www.openspf.org/ [openspf.org] 
DKIM on the other hand took a while, i tried DKIMproxy but couldn't get it to sign messages outside the local network so i moved to amavis, see; http://www.faqforge.com/linux/how-to-enable-dkim-email-signatures-in-amavisd-new-and-ispconfig-3/ [faqforge.com] 
There is plenty of manuals and support on how to implement SPF and DKIM i do not see why (for the benefit of the provider) its not being implemented.
I have seen so many web hosts provide hosting and disable this feature its inexcusable.
SPF: proves an email should only be legitimised if the sender server matches the record; as many assume its not an anti-spam mesure but to ensure that the server you send from doesnt send spam through your domain.
DKIM: proves that the email sent WAS from your server by referencing the key generated in the email to the one on your public DNS record.
combining both ensures people receiving your email that you are the one sending it and that you sent it from your server.
By implementing SPF, DKIM and DNSBL (you should see the amount of spam that gets denied now) my boss' spam has reached to probably 5 a day with is a protection rate on 98.4\%
only issue i have is with china, since we communicate with manufacturers in china and they have a huge spam rate it can get complicated.
there are two methods, stop spam from sending to you (DNSBL) and stop spam from sending from you (SPF and DKIM) the latter ensures people will get your email, the former still blocks legitimate email from blocked IP's which is still a worry :(</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481608</id>
	<title>nope...</title>
	<author>stokessd</author>
	<datestamp>1261056180000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p>It's winter so there isn't much sun or exposed flesh to worry about.  My record for SPF is 50 when I'm bicycling in the noonday sun in the summer.</p><p>http://en.wikipedia.org/wiki/Sunscreen</p></htmltext>
<tokenext>It 's winter so there is n't much sun or exposed flesh to worry about .
My record for SPF is 50 when I 'm bicycling in the noonday sun in the summer.http : //en.wikipedia.org/wiki/Sunscreen</tokentext>
<sentencetext>It's winter so there isn't much sun or exposed flesh to worry about.
My record for SPF is 50 when I'm bicycling in the noonday sun in the summer.http://en.wikipedia.org/wiki/Sunscreen</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482284</id>
	<title>Reduces 100\% "from self" spam and 50\% other</title>
	<author>misnohmer</author>
	<datestamp>1261060080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I've been running a few emails domains of my own for years. Adding SPF checking on the receive end provided me with a few decent benefits:<br>1. Adding SPF record got rid of backscatter almost completely (a benefit mentioned by another poster already)<br>2. Adding SPF checking on the receive end got rid of "addressed to self" spam 100\% - that was 2-15 emails a day for different mailboxes<br>3. Rejecting emails per SPF record actually manages to reject over 50\% of what would have ended up in my junkmail folder anyways, makes it much easier to scan through junk<br>4. I setup my server to actually reject the emails with an informative message. This means that if a valid email gets rejected, the sending server (not my server) should send a delivery failure to the sender. Without this that email would have likely ended up in an overcrowded junkmail folder anyways, which means I may have just deleted it - better that the sender knows<br>5. The SPF result on the receive end is also factored-in by the Intelligent Message Filtering of the Exchange, which assigns a spam likelyhood for spam. I setup a threshold for the spam likelyhood which also rejects the email during the receive, leaving the burden of sending non delivery message to the sender server (so valid servers do it, spam bots don't).<br>6. Tarpitting also helped a bit for spam rejection, though unrelated to the SPF record.</p><p>PS&gt; This is about usefulness of SPF, not about my choice of servers, but if you really want to know I use both Exchange and Postfix to route my mails to appropriate mailboxes. Both have features the other doesn't (e.g. Postfix wildcarding, unlimitted mailboxes, etc | Exchange Blackberry Enterprise Server integration, calendar, contacts, SPF integrated with IMF, OWA, etc).</p></htmltext>
<tokenext>I 've been running a few emails domains of my own for years .
Adding SPF checking on the receive end provided me with a few decent benefits : 1 .
Adding SPF record got rid of backscatter almost completely ( a benefit mentioned by another poster already ) 2 .
Adding SPF checking on the receive end got rid of " addressed to self " spam 100 \ % - that was 2-15 emails a day for different mailboxes3 .
Rejecting emails per SPF record actually manages to reject over 50 \ % of what would have ended up in my junkmail folder anyways , makes it much easier to scan through junk4 .
I setup my server to actually reject the emails with an informative message .
This means that if a valid email gets rejected , the sending server ( not my server ) should send a delivery failure to the sender .
Without this that email would have likely ended up in an overcrowded junkmail folder anyways , which means I may have just deleted it - better that the sender knows5 .
The SPF result on the receive end is also factored-in by the Intelligent Message Filtering of the Exchange , which assigns a spam likelyhood for spam .
I setup a threshold for the spam likelyhood which also rejects the email during the receive , leaving the burden of sending non delivery message to the sender server ( so valid servers do it , spam bots do n't ) .6 .
Tarpitting also helped a bit for spam rejection , though unrelated to the SPF record.PS &gt; This is about usefulness of SPF , not about my choice of servers , but if you really want to know I use both Exchange and Postfix to route my mails to appropriate mailboxes .
Both have features the other does n't ( e.g .
Postfix wildcarding , unlimitted mailboxes , etc | Exchange Blackberry Enterprise Server integration , calendar , contacts , SPF integrated with IMF , OWA , etc ) .</tokentext>
<sentencetext>I've been running a few emails domains of my own for years.
Adding SPF checking on the receive end provided me with a few decent benefits:1.
Adding SPF record got rid of backscatter almost completely (a benefit mentioned by another poster already)2.
Adding SPF checking on the receive end got rid of "addressed to self" spam 100\% - that was 2-15 emails a day for different mailboxes3.
Rejecting emails per SPF record actually manages to reject over 50\% of what would have ended up in my junkmail folder anyways, makes it much easier to scan through junk4.
I setup my server to actually reject the emails with an informative message.
This means that if a valid email gets rejected, the sending server (not my server) should send a delivery failure to the sender.
Without this that email would have likely ended up in an overcrowded junkmail folder anyways, which means I may have just deleted it - better that the sender knows5.
The SPF result on the receive end is also factored-in by the Intelligent Message Filtering of the Exchange, which assigns a spam likelyhood for spam.
I setup a threshold for the spam likelyhood which also rejects the email during the receive, leaving the burden of sending non delivery message to the sender server (so valid servers do it, spam bots don't).6.
Tarpitting also helped a bit for spam rejection, though unrelated to the SPF record.PS&gt; This is about usefulness of SPF, not about my choice of servers, but if you really want to know I use both Exchange and Postfix to route my mails to appropriate mailboxes.
Both have features the other doesn't (e.g.
Postfix wildcarding, unlimitted mailboxes, etc | Exchange Blackberry Enterprise Server integration, calendar, contacts, SPF integrated with IMF, OWA, etc).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30492408</id>
	<title>Re:yes</title>
	<author>sjames</author>
	<datestamp>1261127760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I have found that it cuts down a lot on bounce messages where my domains were forged. It's hardly a cure-all, but it helps iand takes very little effort.</p></htmltext>
<tokenext>I have found that it cuts down a lot on bounce messages where my domains were forged .
It 's hardly a cure-all , but it helps iand takes very little effort .</tokentext>
<sentencetext>I have found that it cuts down a lot on bounce messages where my domains were forged.
It's hardly a cure-all, but it helps iand takes very little effort.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481538</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482934</id>
	<title>Re:No, and I won't</title>
	<author>negRo\_slim</author>
	<datestamp>1261064760000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>SPF is <a href="http://david.woodhou.se/why-not-spf.html" title="woodhou.se">harmful</a> [woodhou.se].</p></div><p>I hope the guy responsible for the anti SPF page is better with e-mail tech then creating HTML documents....</p></div>
	</htmltext>
<tokenext>SPF is harmful [ woodhou.se ] .I hope the guy responsible for the anti SPF page is better with e-mail tech then creating HTML documents... .</tokentext>
<sentencetext>SPF is harmful [woodhou.se].I hope the guy responsible for the anti SPF page is better with e-mail tech then creating HTML documents....
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30492516</id>
	<title>Re:SPF vs. DKIM/DK</title>
	<author>Anonymous</author>
	<datestamp>1261128180000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If you actually administer a<nobr> <wbr></nobr>/14 and can't understand something as simple as setting up DKIM, you need to be fired. As for your customers: any business that blocks all the email from a major provider because their server admin is a idiotic toolbag clearly doesn't really want customers.</p></htmltext>
<tokenext>If you actually administer a /14 and ca n't understand something as simple as setting up DKIM , you need to be fired .
As for your customers : any business that blocks all the email from a major provider because their server admin is a idiotic toolbag clearly does n't really want customers .</tokentext>
<sentencetext>If you actually administer a /14 and can't understand something as simple as setting up DKIM, you need to be fired.
As for your customers: any business that blocks all the email from a major provider because their server admin is a idiotic toolbag clearly doesn't really want customers.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483294</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481698</id>
	<title>Better for Sent Items then Received</title>
	<author>Krondor</author>
	<datestamp>1261056600000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>I use them, and what I've found is that they have a very marginal effect (if any) on spam catch rates on your inbound mail.   However, they do have a great side benefit.  They significantly reduce backscatter, keep yourself off of blacklists, and provide some control of you, your employer, or your client's identity on the web.  SPF records provide a mechanism to limit who can spoof as you (as long as recipient servers adhere to them).  If you have a risk to yourself or interested parties that someone might spoof your domain (banks!), then SPF provides a means to insure the chain of custody (to an extent).</p><p>I do think overall SPF has helped to prevent forged domain letters, but those are less and less common (for those that publish spf).   The spammers now either rely on forged domains without DKIM or SPF (why not use both!!) or they send from their own controlled botnet domains and publish legit SPF for themselves as well.</p></htmltext>
<tokenext>I use them , and what I 've found is that they have a very marginal effect ( if any ) on spam catch rates on your inbound mail .
However , they do have a great side benefit .
They significantly reduce backscatter , keep yourself off of blacklists , and provide some control of you , your employer , or your client 's identity on the web .
SPF records provide a mechanism to limit who can spoof as you ( as long as recipient servers adhere to them ) .
If you have a risk to yourself or interested parties that someone might spoof your domain ( banks !
) , then SPF provides a means to insure the chain of custody ( to an extent ) .I do think overall SPF has helped to prevent forged domain letters , but those are less and less common ( for those that publish spf ) .
The spammers now either rely on forged domains without DKIM or SPF ( why not use both ! !
) or they send from their own controlled botnet domains and publish legit SPF for themselves as well .</tokentext>
<sentencetext>I use them, and what I've found is that they have a very marginal effect (if any) on spam catch rates on your inbound mail.
However, they do have a great side benefit.
They significantly reduce backscatter, keep yourself off of blacklists, and provide some control of you, your employer, or your client's identity on the web.
SPF records provide a mechanism to limit who can spoof as you (as long as recipient servers adhere to them).
If you have a risk to yourself or interested parties that someone might spoof your domain (banks!
), then SPF provides a means to insure the chain of custody (to an extent).I do think overall SPF has helped to prevent forged domain letters, but those are less and less common (for those that publish spf).
The spammers now either rely on forged domains without DKIM or SPF (why not use both!!
) or they send from their own controlled botnet domains and publish legit SPF for themselves as well.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482242</id>
	<title>Yes, but only "neutral"</title>
	<author>adaviel</author>
	<datestamp>1261059780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Last time I looked, forwarding was a show-stopper. Sender rewriting was complicated, and user's mail client configs would be broken if they used a local SMTP server at home or while travelling.</htmltext>
<tokenext>Last time I looked , forwarding was a show-stopper .
Sender rewriting was complicated , and user 's mail client configs would be broken if they used a local SMTP server at home or while travelling .</tokentext>
<sentencetext>Last time I looked, forwarding was a show-stopper.
Sender rewriting was complicated, and user's mail client configs would be broken if they used a local SMTP server at home or while travelling.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483438</id>
	<title>I am, but maybe not much longer...</title>
	<author>vyrus128</author>
	<datestamp>1261069560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I currently use SPF, and am thinking about dropping it. It causes me a massive pain in my ass every time some dumbass with a misconfigured forwarder doesn't understand SPF or SRS, and tries to blame me for the fact that they can't receive email from me. There just aren't enough large sites sending SPF-enabled mail for misconfigured receiving sites to realize they're doin' it wrong.</p></htmltext>
<tokenext>I currently use SPF , and am thinking about dropping it .
It causes me a massive pain in my ass every time some dumbass with a misconfigured forwarder does n't understand SPF or SRS , and tries to blame me for the fact that they ca n't receive email from me .
There just are n't enough large sites sending SPF-enabled mail for misconfigured receiving sites to realize they 're doin ' it wrong .</tokentext>
<sentencetext>I currently use SPF, and am thinking about dropping it.
It causes me a massive pain in my ass every time some dumbass with a misconfigured forwarder doesn't understand SPF or SRS, and tries to blame me for the fact that they can't receive email from me.
There just aren't enough large sites sending SPF-enabled mail for misconfigured receiving sites to realize they're doin' it wrong.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482578</id>
	<title>We publish and use SPF records</title>
	<author>dskoll</author>
	<datestamp>1261062060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>We both publish and use SPF records.  We publish them in an attempt to limit backscatter from joe-jobs, but that's not very successful.  Nevertheless, I like the idea of being able to declare which machines are legitimately allowed to send mail for my domain.

</p><p>We also use SPF records, but in a careful way.  We add lots of points for SPF "fail" results from certain domains like paypal.com, ebay.com, etc.  We add a moderate number of points for SPF "fails" from domains not in that list.  We subtract points for SPF "pass" results from certain trusted domains.

</p><p>We certainly do <em>not</em> subtract points for SPF "pass" from some random domain; we have no reason to trust it.  In fact, for a while, an SPF "pass" result was a mild indicator of spam, as spammers registered throwaway domains and published SPF records.</p></htmltext>
<tokenext>We both publish and use SPF records .
We publish them in an attempt to limit backscatter from joe-jobs , but that 's not very successful .
Nevertheless , I like the idea of being able to declare which machines are legitimately allowed to send mail for my domain .
We also use SPF records , but in a careful way .
We add lots of points for SPF " fail " results from certain domains like paypal.com , ebay.com , etc .
We add a moderate number of points for SPF " fails " from domains not in that list .
We subtract points for SPF " pass " results from certain trusted domains .
We certainly do not subtract points for SPF " pass " from some random domain ; we have no reason to trust it .
In fact , for a while , an SPF " pass " result was a mild indicator of spam , as spammers registered throwaway domains and published SPF records .</tokentext>
<sentencetext>We both publish and use SPF records.
We publish them in an attempt to limit backscatter from joe-jobs, but that's not very successful.
Nevertheless, I like the idea of being able to declare which machines are legitimately allowed to send mail for my domain.
We also use SPF records, but in a careful way.
We add lots of points for SPF "fail" results from certain domains like paypal.com, ebay.com, etc.
We add a moderate number of points for SPF "fails" from domains not in that list.
We subtract points for SPF "pass" results from certain trusted domains.
We certainly do not subtract points for SPF "pass" from some random domain; we have no reason to trust it.
In fact, for a while, an SPF "pass" result was a mild indicator of spam, as spammers registered throwaway domains and published SPF records.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481486</id>
	<title>What me worry?</title>
	<author>P1aGu3ed</author>
	<datestamp>1261055520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>If you maintain your own public DNS server you have no reason not to include SPF records, however many of the public DNS providers support little more than A CNAME and MX.</htmltext>
<tokenext>If you maintain your own public DNS server you have no reason not to include SPF records , however many of the public DNS providers support little more than A CNAME and MX .</tokentext>
<sentencetext>If you maintain your own public DNS server you have no reason not to include SPF records, however many of the public DNS providers support little more than A CNAME and MX.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30492782</id>
	<title>Re:No</title>
	<author>nsayer</author>
	<datestamp>1261129260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You should provide an authenticated SMTP server for your clients to use. And yes, this can be done even when their ISP blocks port 25 egress - set up an authenticated-only SMTP listener on the Submit port (587). I do this for my home domain, which means that I absolutely get to use "mx -all" for SPF.</p></htmltext>
<tokenext>You should provide an authenticated SMTP server for your clients to use .
And yes , this can be done even when their ISP blocks port 25 egress - set up an authenticated-only SMTP listener on the Submit port ( 587 ) .
I do this for my home domain , which means that I absolutely get to use " mx -all " for SPF .</tokentext>
<sentencetext>You should provide an authenticated SMTP server for your clients to use.
And yes, this can be done even when their ISP blocks port 25 egress - set up an authenticated-only SMTP listener on the Submit port (587).
I do this for my home domain, which means that I absolutely get to use "mx -all" for SPF.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484990</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30489898</id>
	<title>Re:Yes.</title>
	<author>TheRaven64</author>
	<datestamp>1261162140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I use SPF, but SPF is not meant to combat spam, it is meant to combat Joe Jobs.  If someone is sending spam from a botnet and claiming that it's from my email address, then spam filters can use SPF to avoid sending me backscatter.  Unfortunately, incompetent idiots set up their mail server to accept mail and then send a 'message rejected' email containing the spam email to whoever happened to be in the From: field.  I got a lot of spam from backscatter by some of these idiots recently.  Their domain was gmail.com.</htmltext>
<tokenext>I use SPF , but SPF is not meant to combat spam , it is meant to combat Joe Jobs .
If someone is sending spam from a botnet and claiming that it 's from my email address , then spam filters can use SPF to avoid sending me backscatter .
Unfortunately , incompetent idiots set up their mail server to accept mail and then send a 'message rejected ' email containing the spam email to whoever happened to be in the From : field .
I got a lot of spam from backscatter by some of these idiots recently .
Their domain was gmail.com .</tokentext>
<sentencetext>I use SPF, but SPF is not meant to combat spam, it is meant to combat Joe Jobs.
If someone is sending spam from a botnet and claiming that it's from my email address, then spam filters can use SPF to avoid sending me backscatter.
Unfortunately, incompetent idiots set up their mail server to accept mail and then send a 'message rejected' email containing the spam email to whoever happened to be in the From: field.
I got a lot of spam from backscatter by some of these idiots recently.
Their domain was gmail.com.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481468</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481584</id>
	<title>Use DomainKeys..</title>
	<author>Swift Kick</author>
	<datestamp>1261056000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>SPF records are easy to implement, but also easy to subvert (as one of the other posters already mentioned in his comment's link).</p><p>You should really look into implementing DomainKeys instead, which (while a little more difficult to set up) are almost required if you do any kind of significant email volume.<br>Yahoo, Gmail, MSN/Hotmail, and AOL pretty much require that you have DomainKeys implemented if you want to email their users, otherwise you'll find yourself on the wrong end of a blacklist someday.</p><p>Postfix can easily be set up with DomainKeys support using dkimproxy, check it here: <a href="http://dkimproxy.sourceforge.net/" title="sourceforge.net" rel="nofollow">http://dkimproxy.sourceforge.net/</a> [sourceforge.net]</p><p>Good luck!</p></htmltext>
<tokenext>SPF records are easy to implement , but also easy to subvert ( as one of the other posters already mentioned in his comment 's link ) .You should really look into implementing DomainKeys instead , which ( while a little more difficult to set up ) are almost required if you do any kind of significant email volume.Yahoo , Gmail , MSN/Hotmail , and AOL pretty much require that you have DomainKeys implemented if you want to email their users , otherwise you 'll find yourself on the wrong end of a blacklist someday.Postfix can easily be set up with DomainKeys support using dkimproxy , check it here : http : //dkimproxy.sourceforge.net/ [ sourceforge.net ] Good luck !</tokentext>
<sentencetext>SPF records are easy to implement, but also easy to subvert (as one of the other posters already mentioned in his comment's link).You should really look into implementing DomainKeys instead, which (while a little more difficult to set up) are almost required if you do any kind of significant email volume.Yahoo, Gmail, MSN/Hotmail, and AOL pretty much require that you have DomainKeys implemented if you want to email their users, otherwise you'll find yourself on the wrong end of a blacklist someday.Postfix can easily be set up with DomainKeys support using dkimproxy, check it here: http://dkimproxy.sourceforge.net/ [sourceforge.net]Good luck!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482432</id>
	<title>Wow, what a bunch of clueless responses</title>
	<author>BlortHorc</author>
	<datestamp>1261061160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>A very restricted SPF TXT record that specifies \_precisely\_ which IP addresses an incoming SMTP for a given domain an email \_must\_ come from cannot hurt. At best, your IT admins have wasted a half hour, at best they have significantly improved the chance of your outgoing email being not treated as suspicious by bulk email handlers such as yahoo, gmail and hotmail (especially hotmail).</p><p>You want proof? Check your shit. <a href="http://postmaster.live.com/Services.aspx" title="live.com" rel="nofollow">http://postmaster.live.com/Services.aspx</a> [live.com] . And no, I don't work for MS, but damn they provide the best postmaster tools on the interweb for monitoring shit like email deliverability. Don't even talk to me about the pestilence that is Yahoo!, those pricks remind me of my evil DM who used to make up pointless forms just to pass the time.</p></htmltext>
<tokenext>A very restricted SPF TXT record that specifies \ _precisely \ _ which IP addresses an incoming SMTP for a given domain an email \ _must \ _ come from can not hurt .
At best , your IT admins have wasted a half hour , at best they have significantly improved the chance of your outgoing email being not treated as suspicious by bulk email handlers such as yahoo , gmail and hotmail ( especially hotmail ) .You want proof ?
Check your shit .
http : //postmaster.live.com/Services.aspx [ live.com ] .
And no , I do n't work for MS , but damn they provide the best postmaster tools on the interweb for monitoring shit like email deliverability .
Do n't even talk to me about the pestilence that is Yahoo ! , those pricks remind me of my evil DM who used to make up pointless forms just to pass the time .</tokentext>
<sentencetext>A very restricted SPF TXT record that specifies \_precisely\_ which IP addresses an incoming SMTP for a given domain an email \_must\_ come from cannot hurt.
At best, your IT admins have wasted a half hour, at best they have significantly improved the chance of your outgoing email being not treated as suspicious by bulk email handlers such as yahoo, gmail and hotmail (especially hotmail).You want proof?
Check your shit.
http://postmaster.live.com/Services.aspx [live.com] .
And no, I don't work for MS, but damn they provide the best postmaster tools on the interweb for monitoring shit like email deliverability.
Don't even talk to me about the pestilence that is Yahoo!, those pricks remind me of my evil DM who used to make up pointless forms just to pass the time.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462</id>
	<title>No, and I won't</title>
	<author>XanC</author>
	<datestamp>1261055400000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>SPF is <a href="http://david.woodhou.se/why-not-spf.html" title="woodhou.se" rel="nofollow">harmful</a> [woodhou.se].</p></htmltext>
<tokenext>SPF is harmful [ woodhou.se ] .</tokentext>
<sentencetext>SPF is harmful [woodhou.se].</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481800</id>
	<title>i use it.</title>
	<author>Ruede</author>
	<datestamp>1261057080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>i use spf and DKIM. works fine<nobr> <wbr></nobr>:) well it is a low traffic domain<nobr> <wbr></nobr>:)</p><p>the bigger issue will be ppl that forward all their shit to other mailboxes... it is always "great" to see lots of it being rejected due "spam"</p><p>disable forward - enable pop3 fetch.</p></htmltext>
<tokenext>i use spf and DKIM .
works fine : ) well it is a low traffic domain : ) the bigger issue will be ppl that forward all their shit to other mailboxes... it is always " great " to see lots of it being rejected due " spam " disable forward - enable pop3 fetch .</tokentext>
<sentencetext>i use spf and DKIM.
works fine :) well it is a low traffic domain :)the bigger issue will be ppl that forward all their shit to other mailboxes... it is always "great" to see lots of it being rejected due "spam"disable forward - enable pop3 fetch.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481560</id>
	<title>I use it</title>
	<author>Deltaspectre</author>
	<datestamp>1261055880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Yes, and it's not very effective in the places that matter. My school has recently transitioned to Zimbra, which has been automatically sending anything from any of my domains into the Spam folder. (I also have DKIM set up, but that didn't help. As far as I know my IP isn't on any blacklists, so it should be getting through fine.... )</p></htmltext>
<tokenext>Yes , and it 's not very effective in the places that matter .
My school has recently transitioned to Zimbra , which has been automatically sending anything from any of my domains into the Spam folder .
( I also have DKIM set up , but that did n't help .
As far as I know my IP is n't on any blacklists , so it should be getting through fine.... )</tokentext>
<sentencetext>Yes, and it's not very effective in the places that matter.
My school has recently transitioned to Zimbra, which has been automatically sending anything from any of my domains into the Spam folder.
(I also have DKIM set up, but that didn't help.
As far as I know my IP isn't on any blacklists, so it should be getting through fine.... )</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482544</id>
	<title>Re:SPF is usless</title>
	<author>Antique Geekmeister</author>
	<datestamp>1261061820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>From <a href="http://craphound.com/spamsolutions.txt" title="craphound.com">http://craphound.com/spamsolutions.txt</a> [craphound.com]:</p><p>Your post advocates a<br>
&nbsp; &nbsp; &nbsp; &nbsp; ( ) technical</p><p>approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)</p><p>( ) Users of email will not put up with it<br>( ) Microsoft will not put up with it<br>( ) Many email users cannot afford to lose business or alienate potential employers</p><p>Specifically, your plan fails to account for</p><p>( ) Lack of centrally controlling authority for email<br>( ) Huge existing software investment in SMTP<br>( ) Armies of worm riddled broadband-connected Windows boxes<br>( ) Extreme profitability of spam<br>( ) Dishonesty on the part of spammers themselves<br>( ) Outlook</p><p>and the following philosophical objections may also apply:</p><p>( ) Ideas similar to yours are easy to come up with, yet none have ever<br>been shown practical<br>( ) Feel-good measures do nothing to solve the problem</p><p>Furthermore, this is what I think about you:</p><p>( ) Sorry dude, but I don't think it would work.</p></htmltext>
<tokenext>From http : //craphound.com/spamsolutions.txt [ craphound.com ] : Your post advocates a         ( ) technicalapproach to fighting spam .
Your idea will not work .
Here is why it wo n't work .
( One or more of the following may apply to your particular idea , and it may have other flaws which used to vary from state to state before a bad federal law was passed .
) ( ) Users of email will not put up with it ( ) Microsoft will not put up with it ( ) Many email users can not afford to lose business or alienate potential employersSpecifically , your plan fails to account for ( ) Lack of centrally controlling authority for email ( ) Huge existing software investment in SMTP ( ) Armies of worm riddled broadband-connected Windows boxes ( ) Extreme profitability of spam ( ) Dishonesty on the part of spammers themselves ( ) Outlookand the following philosophical objections may also apply : ( ) Ideas similar to yours are easy to come up with , yet none have everbeen shown practical ( ) Feel-good measures do nothing to solve the problemFurthermore , this is what I think about you : ( ) Sorry dude , but I do n't think it would work .</tokentext>
<sentencetext>From http://craphound.com/spamsolutions.txt [craphound.com]:Your post advocates a
        ( ) technicalapproach to fighting spam.
Your idea will not work.
Here is why it won't work.
(One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.
)( ) Users of email will not put up with it( ) Microsoft will not put up with it( ) Many email users cannot afford to lose business or alienate potential employersSpecifically, your plan fails to account for( ) Lack of centrally controlling authority for email( ) Huge existing software investment in SMTP( ) Armies of worm riddled broadband-connected Windows boxes( ) Extreme profitability of spam( ) Dishonesty on the part of spammers themselves( ) Outlookand the following philosophical objections may also apply:( ) Ideas similar to yours are easy to come up with, yet none have everbeen shown practical( ) Feel-good measures do nothing to solve the problemFurthermore, this is what I think about you:( ) Sorry dude, but I don't think it would work.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481730</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482344</id>
	<title>I set up SPF and regret doing so</title>
	<author>Anonymous</author>
	<datestamp>1261060500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I set it up and regret it. First, it broke things for one of my correspondents (at least this one &mdash; who bothered to tell me about it), who forwards all e-mails to his cell-phone. Because the messages are forwarded by his e-mail provider, but appear as if from me, his cell-phone service rejects them &mdash; because his e-mail provider is not listed in my SPF-record. So, he finds my messages in his mailbox, but is not alerted about them (as he is used to) by his phone...

</p><p>Then, it turned out, my SPF-record is set slightly incorrectly, which &mdash; bizarrely enough &mdash; causes outright rejection by many servers. In this respect, people with buggy SPF-records are treated worse, than people without it... This is partially my fault, so this second item is just here for general interest.

</p><p>And lastly, I am still a victim of "Joe jobs" every once in a while, as spammers send spam with the "From" set to my domain &mdash; my having an SPF record is not much of a deterrent, evidently.

</p><p>Overall, the broken forwarding is, probably, responsible for slow adoption, which, in turn, makes it ineffective for the adopters...</p></htmltext>
<tokenext>I set it up and regret it .
First , it broke things for one of my correspondents ( at least this one    who bothered to tell me about it ) , who forwards all e-mails to his cell-phone .
Because the messages are forwarded by his e-mail provider , but appear as if from me , his cell-phone service rejects them    because his e-mail provider is not listed in my SPF-record .
So , he finds my messages in his mailbox , but is not alerted about them ( as he is used to ) by his phone.. . Then , it turned out , my SPF-record is set slightly incorrectly , which    bizarrely enough    causes outright rejection by many servers .
In this respect , people with buggy SPF-records are treated worse , than people without it... This is partially my fault , so this second item is just here for general interest .
And lastly , I am still a victim of " Joe jobs " every once in a while , as spammers send spam with the " From " set to my domain    my having an SPF record is not much of a deterrent , evidently .
Overall , the broken forwarding is , probably , responsible for slow adoption , which , in turn , makes it ineffective for the adopters.. .</tokentext>
<sentencetext>I set it up and regret it.
First, it broke things for one of my correspondents (at least this one — who bothered to tell me about it), who forwards all e-mails to his cell-phone.
Because the messages are forwarded by his e-mail provider, but appear as if from me, his cell-phone service rejects them — because his e-mail provider is not listed in my SPF-record.
So, he finds my messages in his mailbox, but is not alerted about them (as he is used to) by his phone...

Then, it turned out, my SPF-record is set slightly incorrectly, which — bizarrely enough — causes outright rejection by many servers.
In this respect, people with buggy SPF-records are treated worse, than people without it... This is partially my fault, so this second item is just here for general interest.
And lastly, I am still a victim of "Joe jobs" every once in a while, as spammers send spam with the "From" set to my domain — my having an SPF record is not much of a deterrent, evidently.
Overall, the broken forwarding is, probably, responsible for slow adoption, which, in turn, makes it ineffective for the adopters...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483112</id>
	<title>We use sender-ID</title>
	<author>osssmkatz</author>
	<datestamp>1261066380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>for incoming mail to a college campus with 3,000 students, and I presume outgoing. Nobody complains. (I did have one complaint, and it was weird. Not at all related I don't think, but it was "My mail's not getting through.")</p><p>--Sam</p></htmltext>
<tokenext>for incoming mail to a college campus with 3,000 students , and I presume outgoing .
Nobody complains .
( I did have one complaint , and it was weird .
Not at all related I do n't think , but it was " My mail 's not getting through .
" ) --Sam</tokentext>
<sentencetext>for incoming mail to a college campus with 3,000 students, and I presume outgoing.
Nobody complains.
(I did have one complaint, and it was weird.
Not at all related I don't think, but it was "My mail's not getting through.
")--Sam</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481870</id>
	<title>To prevent spam</title>
	<author>Anonymous</author>
	<datestamp>1261057380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>This is actually a very interesting subject, and it comes with interesting examples.</p><p>Lets take Denmark, we have a few banks here (like any country)</p><p>some month ago none of the banks had spf records, i checked up on this because i got hired at a bank myself.</p><p>So, of course it happened, one of the banks was hit by a phishing attack, which is between fairly easy and laughable easy if you don't bother with SPF records.</p><p>The bank hit was this one:<br>danskebank.dk   text = "v=spf1 a:n50422.danskebank.com a:n50423.danskebank.com a:n70422.danskebank.com a:n70423.danskebank.com -all"</p><p>Afterwards it was still the only bank with an spf record, can see now new ones have joined<br>nykredit.dk     text = "v=spf1 +include:jndata.dk +include:bounce.peytz.dk ?all"</p><p>but not all of them<br>*** Can't find brfkredit.dk: No answer<br>*** Can't find eikbank.dk: No answer<br>*** Can't find jyskebank.dk: No answer<br>*** Can't find sparnord.dk: No answer</p><p>the list goes on.</p><p>anyways, the funny part is checking who is actually sending from their domains (sorry, account required to see the sender ips)<br>https://www.senderscore.org/lookup.php?lookup=danskebank.dk&amp;ipLookup.x=0&amp;ipLookup.y=0<br>https://www.senderscore.org/lookup.php?lookup=jyskebank.dk&amp;ipLookup.x=0&amp;ipLookup.y=0<br>https://www.senderscore.org/lookup.php?lookup=nykredit.dk&amp;ipLookup.x=0&amp;ipLookup.y=0<br>ect.</p><p>the interesting thing is that spammers seem to have a better reputation than the actual banks sending.</p><p>To sum it up<br>DON'T BE A FUCKING IDIOT, GET THOSE SPF RECORDS UP OR I CAN, WITHOUT ANYONE PROVING OTHERWISE, SEND LEGITIMATE MAILS FROM YOUR DOMAINS.<br>don't be a bank</p></htmltext>
<tokenext>This is actually a very interesting subject , and it comes with interesting examples.Lets take Denmark , we have a few banks here ( like any country ) some month ago none of the banks had spf records , i checked up on this because i got hired at a bank myself.So , of course it happened , one of the banks was hit by a phishing attack , which is between fairly easy and laughable easy if you do n't bother with SPF records.The bank hit was this one : danskebank.dk text = " v = spf1 a : n50422.danskebank.com a : n50423.danskebank.com a : n70422.danskebank.com a : n70423.danskebank.com -all " Afterwards it was still the only bank with an spf record , can see now new ones have joinednykredit.dk text = " v = spf1 + include : jndata.dk + include : bounce.peytz.dk ? all " but not all of them * * * Ca n't find brfkredit.dk : No answer * * * Ca n't find eikbank.dk : No answer * * * Ca n't find jyskebank.dk : No answer * * * Ca n't find sparnord.dk : No answerthe list goes on.anyways , the funny part is checking who is actually sending from their domains ( sorry , account required to see the sender ips ) https : //www.senderscore.org/lookup.php ? lookup = danskebank.dk&amp;ipLookup.x = 0&amp;ipLookup.y = 0https : //www.senderscore.org/lookup.php ? lookup = jyskebank.dk&amp;ipLookup.x = 0&amp;ipLookup.y = 0https : //www.senderscore.org/lookup.php ? lookup = nykredit.dk&amp;ipLookup.x = 0&amp;ipLookup.y = 0ect.the interesting thing is that spammers seem to have a better reputation than the actual banks sending.To sum it upDO N'T BE A FUCKING IDIOT , GET THOSE SPF RECORDS UP OR I CAN , WITHOUT ANYONE PROVING OTHERWISE , SEND LEGITIMATE MAILS FROM YOUR DOMAINS.do n't be a bank</tokentext>
<sentencetext>This is actually a very interesting subject, and it comes with interesting examples.Lets take Denmark, we have a few banks here (like any country)some month ago none of the banks had spf records, i checked up on this because i got hired at a bank myself.So, of course it happened, one of the banks was hit by a phishing attack, which is between fairly easy and laughable easy if you don't bother with SPF records.The bank hit was this one:danskebank.dk   text = "v=spf1 a:n50422.danskebank.com a:n50423.danskebank.com a:n70422.danskebank.com a:n70423.danskebank.com -all"Afterwards it was still the only bank with an spf record, can see now new ones have joinednykredit.dk     text = "v=spf1 +include:jndata.dk +include:bounce.peytz.dk ?all"but not all of them*** Can't find brfkredit.dk: No answer*** Can't find eikbank.dk: No answer*** Can't find jyskebank.dk: No answer*** Can't find sparnord.dk: No answerthe list goes on.anyways, the funny part is checking who is actually sending from their domains (sorry, account required to see the sender ips)https://www.senderscore.org/lookup.php?lookup=danskebank.dk&amp;ipLookup.x=0&amp;ipLookup.y=0https://www.senderscore.org/lookup.php?lookup=jyskebank.dk&amp;ipLookup.x=0&amp;ipLookup.y=0https://www.senderscore.org/lookup.php?lookup=nykredit.dk&amp;ipLookup.x=0&amp;ipLookup.y=0ect.the interesting thing is that spammers seem to have a better reputation than the actual banks sending.To sum it upDON'T BE A FUCKING IDIOT, GET THOSE SPF RECORDS UP OR I CAN, WITHOUT ANYONE PROVING OTHERWISE, SEND LEGITIMATE MAILS FROM YOUR DOMAINS.don't be a bank</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484382</id>
	<title>Using DKIM and SPF</title>
	<author>Anonymous</author>
	<datestamp>1261168020000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I set up DKIM and SPF on my mail server.</p><p>I still end up in the spam box on Yahoo and Hotmail.  I'm guessing it's because I chose a semi-random four-character domain name which looks it could be a spammer domain.  Why would I choose such a domain name?  Because it's easy to type.</p><p>I keep waiting for Yahoo's system to whitelist me, since I send a considerable amount of email to my friends there, but after a year, every time I meet someone with a @yahoo.com address, I have to tell them to dig my first message to them out of their spam folder.</p><p>My SPF records all return as valid from the testers.  Any suggestions?</p></htmltext>
<tokenext>I set up DKIM and SPF on my mail server.I still end up in the spam box on Yahoo and Hotmail .
I 'm guessing it 's because I chose a semi-random four-character domain name which looks it could be a spammer domain .
Why would I choose such a domain name ?
Because it 's easy to type.I keep waiting for Yahoo 's system to whitelist me , since I send a considerable amount of email to my friends there , but after a year , every time I meet someone with a @ yahoo.com address , I have to tell them to dig my first message to them out of their spam folder.My SPF records all return as valid from the testers .
Any suggestions ?</tokentext>
<sentencetext>I set up DKIM and SPF on my mail server.I still end up in the spam box on Yahoo and Hotmail.
I'm guessing it's because I chose a semi-random four-character domain name which looks it could be a spammer domain.
Why would I choose such a domain name?
Because it's easy to type.I keep waiting for Yahoo's system to whitelist me, since I send a considerable amount of email to my friends there, but after a year, every time I meet someone with a @yahoo.com address, I have to tell them to dig my first message to them out of their spam folder.My SPF records all return as valid from the testers.
Any suggestions?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482616</id>
	<title>Re:Yes</title>
	<author>SmoothriderSean</author>
	<datestamp>1261062480000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>But I can tell that Hotmail still ignores SPF since almost all the backscatter that still comes through is from Hotmail.  They should know better.</p></div><p>I believe you, but really?  Hotmail was THE reason I've implemented SPF for a few domains connected to sites that send alert emails to users.  Nothing - from email confirmations to status update type stuff - was getting through to Hotmail accounts until I set up SPF.  Some kind of Left Hand / Right Hand mess going on over there?</p></div>
	</htmltext>
<tokenext>But I can tell that Hotmail still ignores SPF since almost all the backscatter that still comes through is from Hotmail .
They should know better.I believe you , but really ?
Hotmail was THE reason I 've implemented SPF for a few domains connected to sites that send alert emails to users .
Nothing - from email confirmations to status update type stuff - was getting through to Hotmail accounts until I set up SPF .
Some kind of Left Hand / Right Hand mess going on over there ?</tokentext>
<sentencetext>But I can tell that Hotmail still ignores SPF since almost all the backscatter that still comes through is from Hotmail.
They should know better.I believe you, but really?
Hotmail was THE reason I've implemented SPF for a few domains connected to sites that send alert emails to users.
Nothing - from email confirmations to status update type stuff - was getting through to Hotmail accounts until I set up SPF.
Some kind of Left Hand / Right Hand mess going on over there?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481624</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482372</id>
	<title>I have it with -all</title>
	<author>Nuitari The Wiz</author>
	<datestamp>1261060740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>A few people are inconvenienced because they have to connect to a different port then the default due to ISP firewalling.</p><p>I would really really like it if more ISPs were checking them and silently discard anything that is flagged as spam \_AND\_ fails SPF instead of bouncing it back.</p><p>We get thousands of bounces addressed to non-existant users, which in turn makes into a double bounce. Of course now I've set our system to silently delete them instead. Else it's just a colossal waste of resources.</p></htmltext>
<tokenext>A few people are inconvenienced because they have to connect to a different port then the default due to ISP firewalling.I would really really like it if more ISPs were checking them and silently discard anything that is flagged as spam \ _AND \ _ fails SPF instead of bouncing it back.We get thousands of bounces addressed to non-existant users , which in turn makes into a double bounce .
Of course now I 've set our system to silently delete them instead .
Else it 's just a colossal waste of resources .</tokentext>
<sentencetext>A few people are inconvenienced because they have to connect to a different port then the default due to ISP firewalling.I would really really like it if more ISPs were checking them and silently discard anything that is flagged as spam \_AND\_ fails SPF instead of bouncing it back.We get thousands of bounces addressed to non-existant users, which in turn makes into a double bounce.
Of course now I've set our system to silently delete them instead.
Else it's just a colossal waste of resources.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30520920</id>
	<title>SPF; You know something better?</title>
	<author>WhiteWiz</author>
	<datestamp>1261422300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>We all know that SPF is an imperfect patch to an old, old system; SMTP
We can't make a change that fixes spam but breaks SMTP
so we are left with opt-in fixes or a total re-write (ala Google Wave)
I have implemented SPF because for now it's all we have.</htmltext>
<tokenext>We all know that SPF is an imperfect patch to an old , old system ; SMTP We ca n't make a change that fixes spam but breaks SMTP so we are left with opt-in fixes or a total re-write ( ala Google Wave ) I have implemented SPF because for now it 's all we have .</tokentext>
<sentencetext>We all know that SPF is an imperfect patch to an old, old system; SMTP
We can't make a change that fixes spam but breaks SMTP
so we are left with opt-in fixes or a total re-write (ala Google Wave)
I have implemented SPF because for now it's all we have.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483350</id>
	<title>Yahoo</title>
	<author>NtrlBrnThrila</author>
	<datestamp>1261068720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Yahoo absolutely uses SPF in conjunction with other methods to authenticate senders with high volumes</p></htmltext>
<tokenext>Yahoo absolutely uses SPF in conjunction with other methods to authenticate senders with high volumes</tokentext>
<sentencetext>Yahoo absolutely uses SPF in conjunction with other methods to authenticate senders with high volumes</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30545110</id>
	<title>SPF troubles</title>
	<author>Anonymous</author>
	<datestamp>1261678140000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>We've been using SPF at our company for a while but it gave us so much trouble e.g. lots of bounced emails that we had to stop using it. We heard the same from our partners who've been giving it a try.</p></htmltext>
<tokenext>We 've been using SPF at our company for a while but it gave us so much trouble e.g .
lots of bounced emails that we had to stop using it .
We heard the same from our partners who 've been giving it a try .</tokentext>
<sentencetext>We've been using SPF at our company for a while but it gave us so much trouble e.g.
lots of bounced emails that we had to stop using it.
We heard the same from our partners who've been giving it a try.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482450</id>
	<title>Why/What I use SPF for ...</title>
	<author>BitZtream</author>
	<datestamp>1261061280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>SPF serves multiple purposes for me.</p><p>Why I add SPF records to our DNS servers:</p><p>First and formost, it tells everyone who my mail senders are and that they should only accept mail from my users from those servers.  Thats really all it does, but that results in the following things for me:<br>My remote users always configure their outbound mail server as our gateway, rather than their own ISP or something like that, which means that all that mail piping through me means I can do all sorts of sanity checking on the server for my users.  It doesn't force them to use our mail server, but if they do, they'll end up sending to someone at Google or Yahoo who'll reject the message, at which point my user will generally have the problem fixed.</p><p>More important however is that it cuts down tremendously on backscatter spam I get.</p><p>Why I look for it when receiving mail:</p><p>Helps stop our auto-response mail addresses from producing a bunch of backscatter when they get spammed.</p><p>Stops scammers who use email addresses from large well known businesses in an attempt to make their messages look more legitimate.  Pretty much every major company worth its weight in  air publishes SPF records.</p><p>Problems:<br>It seems that services which host frontend stores for things like hotel rooms and travel seem to not understand that the server sending all their confirmation emails should probably be included in the SPF list.</p><p>Thats the only thing I've run into, on hotels and ticket purchasing web sites that are managed by 3rd parties, and send messages as if they were actual company.  Universal Studios has had this problem with their ticket ordering system for at least the last 3 Halloween Horror nights<nobr> <wbr></nobr>:(  Seen it with a couple hotel sites as well.</p></htmltext>
<tokenext>SPF serves multiple purposes for me.Why I add SPF records to our DNS servers : First and formost , it tells everyone who my mail senders are and that they should only accept mail from my users from those servers .
Thats really all it does , but that results in the following things for me : My remote users always configure their outbound mail server as our gateway , rather than their own ISP or something like that , which means that all that mail piping through me means I can do all sorts of sanity checking on the server for my users .
It does n't force them to use our mail server , but if they do , they 'll end up sending to someone at Google or Yahoo who 'll reject the message , at which point my user will generally have the problem fixed.More important however is that it cuts down tremendously on backscatter spam I get.Why I look for it when receiving mail : Helps stop our auto-response mail addresses from producing a bunch of backscatter when they get spammed.Stops scammers who use email addresses from large well known businesses in an attempt to make their messages look more legitimate .
Pretty much every major company worth its weight in air publishes SPF records.Problems : It seems that services which host frontend stores for things like hotel rooms and travel seem to not understand that the server sending all their confirmation emails should probably be included in the SPF list.Thats the only thing I 've run into , on hotels and ticket purchasing web sites that are managed by 3rd parties , and send messages as if they were actual company .
Universal Studios has had this problem with their ticket ordering system for at least the last 3 Halloween Horror nights : ( Seen it with a couple hotel sites as well .</tokentext>
<sentencetext>SPF serves multiple purposes for me.Why I add SPF records to our DNS servers:First and formost, it tells everyone who my mail senders are and that they should only accept mail from my users from those servers.
Thats really all it does, but that results in the following things for me:My remote users always configure their outbound mail server as our gateway, rather than their own ISP or something like that, which means that all that mail piping through me means I can do all sorts of sanity checking on the server for my users.
It doesn't force them to use our mail server, but if they do, they'll end up sending to someone at Google or Yahoo who'll reject the message, at which point my user will generally have the problem fixed.More important however is that it cuts down tremendously on backscatter spam I get.Why I look for it when receiving mail:Helps stop our auto-response mail addresses from producing a bunch of backscatter when they get spammed.Stops scammers who use email addresses from large well known businesses in an attempt to make their messages look more legitimate.
Pretty much every major company worth its weight in  air publishes SPF records.Problems:It seems that services which host frontend stores for things like hotel rooms and travel seem to not understand that the server sending all their confirmation emails should probably be included in the SPF list.Thats the only thing I've run into, on hotels and ticket purchasing web sites that are managed by 3rd parties, and send messages as if they were actual company.
Universal Studios has had this problem with their ticket ordering system for at least the last 3 Halloween Horror nights :(  Seen it with a couple hotel sites as well.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481538</id>
	<title>yes</title>
	<author>zeldor</author>
	<datestamp>1261055820000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>it has cut down tremendously on the spam claiming to be from my domains.<br>any other benefit I am unaware of.</p></htmltext>
<tokenext>it has cut down tremendously on the spam claiming to be from my domains.any other benefit I am unaware of .</tokentext>
<sentencetext>it has cut down tremendously on the spam claiming to be from my domains.any other benefit I am unaware of.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30490186</id>
	<title>Not much</title>
	<author>Anonymous</author>
	<datestamp>1261162980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The SPF headers in emails could help with the spam filter - I have mail rules that use the spam rank # in the header (from the server) combined with the SPF to mark emails as junk.  This helped reduce a lot of spam: raise the bar for poor SPF results.  I also filter spam from my own server using SPF, this cuts down on SOME spam; however, for some technical reasons I can't have a strict SPF record on all my domains and some spammers exploit that so I didn't remove all of it.</p><p>Also, I've noticed a huge majority of emails with the SPF header containing: "Maximum nesting level exceeded" and I've not noticed a single legit email with it. I just filter those out now.</p><p>When I momentarily tried stricter SPF policies I noticed all of the spammers who get past the normal filtering were using SPF; probably the 1st people to use SPF were the spammers. You know, SPF includes a "loose" mode where you essentially say: these are my mail servers but I might break from it.  Strict SPF use stops spam (outside DNS spoofing) but I rarely see strict SPF and everybody would have to use it along with blacklists to stop spam.  So many servers lack SPF completely that I couldn't ever require it.</p><p>Although, spammers adapt to any popular trick quickly - its their job to do so.</p><p>My wish is that more software use the X-Spam email headers... Would be nice if clients would indicate spam rank as well.  So I still see the low chance spam but it is color coded (by degree) and the high chance spam is auto filed out of sight.</p></htmltext>
<tokenext>The SPF headers in emails could help with the spam filter - I have mail rules that use the spam rank # in the header ( from the server ) combined with the SPF to mark emails as junk .
This helped reduce a lot of spam : raise the bar for poor SPF results .
I also filter spam from my own server using SPF , this cuts down on SOME spam ; however , for some technical reasons I ca n't have a strict SPF record on all my domains and some spammers exploit that so I did n't remove all of it.Also , I 've noticed a huge majority of emails with the SPF header containing : " Maximum nesting level exceeded " and I 've not noticed a single legit email with it .
I just filter those out now.When I momentarily tried stricter SPF policies I noticed all of the spammers who get past the normal filtering were using SPF ; probably the 1st people to use SPF were the spammers .
You know , SPF includes a " loose " mode where you essentially say : these are my mail servers but I might break from it .
Strict SPF use stops spam ( outside DNS spoofing ) but I rarely see strict SPF and everybody would have to use it along with blacklists to stop spam .
So many servers lack SPF completely that I could n't ever require it.Although , spammers adapt to any popular trick quickly - its their job to do so.My wish is that more software use the X-Spam email headers... Would be nice if clients would indicate spam rank as well .
So I still see the low chance spam but it is color coded ( by degree ) and the high chance spam is auto filed out of sight .</tokentext>
<sentencetext>The SPF headers in emails could help with the spam filter - I have mail rules that use the spam rank # in the header (from the server) combined with the SPF to mark emails as junk.
This helped reduce a lot of spam: raise the bar for poor SPF results.
I also filter spam from my own server using SPF, this cuts down on SOME spam; however, for some technical reasons I can't have a strict SPF record on all my domains and some spammers exploit that so I didn't remove all of it.Also, I've noticed a huge majority of emails with the SPF header containing: "Maximum nesting level exceeded" and I've not noticed a single legit email with it.
I just filter those out now.When I momentarily tried stricter SPF policies I noticed all of the spammers who get past the normal filtering were using SPF; probably the 1st people to use SPF were the spammers.
You know, SPF includes a "loose" mode where you essentially say: these are my mail servers but I might break from it.
Strict SPF use stops spam (outside DNS spoofing) but I rarely see strict SPF and everybody would have to use it along with blacklists to stop spam.
So many servers lack SPF completely that I couldn't ever require it.Although, spammers adapt to any popular trick quickly - its their job to do so.My wish is that more software use the X-Spam email headers... Would be nice if clients would indicate spam rank as well.
So I still see the low chance spam but it is color coded (by degree) and the high chance spam is auto filed out of sight.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481538</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483294</id>
	<title>SPF vs. DKIM/DK</title>
	<author>Anonymous</author>
	<datestamp>1261068060000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>I run a server farm somewhere between a<nobr> <wbr></nobr>/14 and a<nobr> <wbr></nobr>/17.</p><p>All authorized mail servers have SPF records. Ranges that clearly have no legitimate business sending email are clearly identified with XXX-XXX-XXX-XXX.dynamic.TLD and listed with SpamHaus's PBL.</p><p>No servers have DKIM/DK. The software to do so is opaque, testing is difficult to impossible, and the benefits over SPF are unclear at best, dubious at worst.</p><p>On about 1/3 of the servers, all Yahoo email is blocked out of hand due to the disgust and irritation of the server owner over Yahoo!'s blocking/delaying/spam problems. One server owner told me, "My mail TO them is blocked or delayed. But unless I use DKIM/DK, they won't tell me what the problem *is*. Since my own spam load is roughly 40\% FROM yahoo!, screw 'em."</p><p>Yahoo!'s insistence on DKIM/DK is highly suspect in the cases, like mine, where a responsive, active abuse desk that will address a spam issue if it's from our clearly identifiable ARIN allocation is available.</p><p>For those customers that choose not to accept Yahoo email, we return an error message generally worded like so:</p><p>"We're sorry, but due to Yahoo! polices we strongly disagree with, we will not accept your email. Please use another email service that doesn't have it's head up it's ass."</p><p>It isn't phrased quite so bluntly, but the flavor is still there.</p><p>When I get complaints that Yahoo! won't take a customer's email, I tell them, "Yahoo! is a free service. Their customers are getting all they pay for. I'd like to help you, but frankly, I can't get them on the phone or to give a reasonable response via e-mail. Your best bet is to require a contact method that refuses or bypasses Yahoo!. They aren't in the business of giving their customers reliable email service."</p><p>Do I have problems? I'm sure I do. But since Yahoo! won't discuss them without jumping through their useless DKIM/DK hoops, I'll just ignore it and move on.</p></htmltext>
<tokenext>I run a server farm somewhere between a /14 and a /17.All authorized mail servers have SPF records .
Ranges that clearly have no legitimate business sending email are clearly identified with XXX-XXX-XXX-XXX.dynamic.TLD and listed with SpamHaus 's PBL.No servers have DKIM/DK .
The software to do so is opaque , testing is difficult to impossible , and the benefits over SPF are unclear at best , dubious at worst.On about 1/3 of the servers , all Yahoo email is blocked out of hand due to the disgust and irritation of the server owner over Yahoo !
's blocking/delaying/spam problems .
One server owner told me , " My mail TO them is blocked or delayed .
But unless I use DKIM/DK , they wo n't tell me what the problem * is * .
Since my own spam load is roughly 40 \ % FROM yahoo ! , screw 'em. " Yahoo !
's insistence on DKIM/DK is highly suspect in the cases , like mine , where a responsive , active abuse desk that will address a spam issue if it 's from our clearly identifiable ARIN allocation is available.For those customers that choose not to accept Yahoo email , we return an error message generally worded like so : " We 're sorry , but due to Yahoo !
polices we strongly disagree with , we will not accept your email .
Please use another email service that does n't have it 's head up it 's ass .
" It is n't phrased quite so bluntly , but the flavor is still there.When I get complaints that Yahoo !
wo n't take a customer 's email , I tell them , " Yahoo !
is a free service .
Their customers are getting all they pay for .
I 'd like to help you , but frankly , I ca n't get them on the phone or to give a reasonable response via e-mail .
Your best bet is to require a contact method that refuses or bypasses Yahoo ! .
They are n't in the business of giving their customers reliable email service .
" Do I have problems ?
I 'm sure I do .
But since Yahoo !
wo n't discuss them without jumping through their useless DKIM/DK hoops , I 'll just ignore it and move on .</tokentext>
<sentencetext>I run a server farm somewhere between a /14 and a /17.All authorized mail servers have SPF records.
Ranges that clearly have no legitimate business sending email are clearly identified with XXX-XXX-XXX-XXX.dynamic.TLD and listed with SpamHaus's PBL.No servers have DKIM/DK.
The software to do so is opaque, testing is difficult to impossible, and the benefits over SPF are unclear at best, dubious at worst.On about 1/3 of the servers, all Yahoo email is blocked out of hand due to the disgust and irritation of the server owner over Yahoo!
's blocking/delaying/spam problems.
One server owner told me, "My mail TO them is blocked or delayed.
But unless I use DKIM/DK, they won't tell me what the problem *is*.
Since my own spam load is roughly 40\% FROM yahoo!, screw 'em."Yahoo!
's insistence on DKIM/DK is highly suspect in the cases, like mine, where a responsive, active abuse desk that will address a spam issue if it's from our clearly identifiable ARIN allocation is available.For those customers that choose not to accept Yahoo email, we return an error message generally worded like so:"We're sorry, but due to Yahoo!
polices we strongly disagree with, we will not accept your email.
Please use another email service that doesn't have it's head up it's ass.
"It isn't phrased quite so bluntly, but the flavor is still there.When I get complaints that Yahoo!
won't take a customer's email, I tell them, "Yahoo!
is a free service.
Their customers are getting all they pay for.
I'd like to help you, but frankly, I can't get them on the phone or to give a reasonable response via e-mail.
Your best bet is to require a contact method that refuses or bypasses Yahoo!.
They aren't in the business of giving their customers reliable email service.
"Do I have problems?
I'm sure I do.
But since Yahoo!
won't discuss them without jumping through their useless DKIM/DK hoops, I'll just ignore it and move on.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482762</id>
	<title>Kinda</title>
	<author>MBGMorden</author>
	<datestamp>1261063500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'm "kinda" using it, in that yes, I setup an SPF record for my domain at work, but I'm not actively checking the SPF records of any incoming mail.  I kinda question whether it's of any use at all.  I set up our record because it seemed the wise thing to do, but honestly given how many domains don't have SPF records setup I'm not sure ANYONE is actively checking them for incoming mail.  Without more usage the system is kinda useless.</p></htmltext>
<tokenext>I 'm " kinda " using it , in that yes , I setup an SPF record for my domain at work , but I 'm not actively checking the SPF records of any incoming mail .
I kinda question whether it 's of any use at all .
I set up our record because it seemed the wise thing to do , but honestly given how many domains do n't have SPF records setup I 'm not sure ANYONE is actively checking them for incoming mail .
Without more usage the system is kinda useless .</tokentext>
<sentencetext>I'm "kinda" using it, in that yes, I setup an SPF record for my domain at work, but I'm not actively checking the SPF records of any incoming mail.
I kinda question whether it's of any use at all.
I set up our record because it seemed the wise thing to do, but honestly given how many domains don't have SPF records setup I'm not sure ANYONE is actively checking them for incoming mail.
Without more usage the system is kinda useless.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481724</id>
	<title>dkim; convincing individual mail providers</title>
	<author>bcrowell</author>
	<datestamp>1261056660000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>
DKIM (formerly known as Domain Keys) is more sophisticated and worth looking into in addition to SPF. I'm using an implementation called DKIMproxy, which runs as a daemon and is specifically designed to work with postfix. I've been fairly happy with it. What's helpful about it is that if I get mail from someone who implements DKIM, I can be sure that it's really from them, and likewise if I get joe-jobbed, I can convince the recipient that the spam wasn't actually from me. The biggest and best known users of DKIM are gmail and yahoo, but I'm seeing it used elsewhere as well. For example, I recently got spam from lulu.com, and the good news was that it was DKIM-signed, so I could be sure it wasn't a joe job.
</p><p>
I understand what you mean about establishing a good reputation in terms of the email you send. Actually many of the big email providers have a policy of blacklisting all domains by default these days, and waiting for the domain operators to contact them and ask to be allowed to send mail to them. Both AOL and yahoo seem to do this. With yahoo, you can fill out a form to convince them you're not evil, and if the info on the form satisfies them, they stop blacklisting you. One of their criteria is that they're more likely to approve you if you implement DKIM. If you tell them you're using DKIM, then they won't accept mail from your domain that isn't DKIM-signed; this is to your advantage, because then their users won't be clicking on the spam button on mail that claims to be from you but isn't.
</p></htmltext>
<tokenext>DKIM ( formerly known as Domain Keys ) is more sophisticated and worth looking into in addition to SPF .
I 'm using an implementation called DKIMproxy , which runs as a daemon and is specifically designed to work with postfix .
I 've been fairly happy with it .
What 's helpful about it is that if I get mail from someone who implements DKIM , I can be sure that it 's really from them , and likewise if I get joe-jobbed , I can convince the recipient that the spam was n't actually from me .
The biggest and best known users of DKIM are gmail and yahoo , but I 'm seeing it used elsewhere as well .
For example , I recently got spam from lulu.com , and the good news was that it was DKIM-signed , so I could be sure it was n't a joe job .
I understand what you mean about establishing a good reputation in terms of the email you send .
Actually many of the big email providers have a policy of blacklisting all domains by default these days , and waiting for the domain operators to contact them and ask to be allowed to send mail to them .
Both AOL and yahoo seem to do this .
With yahoo , you can fill out a form to convince them you 're not evil , and if the info on the form satisfies them , they stop blacklisting you .
One of their criteria is that they 're more likely to approve you if you implement DKIM .
If you tell them you 're using DKIM , then they wo n't accept mail from your domain that is n't DKIM-signed ; this is to your advantage , because then their users wo n't be clicking on the spam button on mail that claims to be from you but is n't .</tokentext>
<sentencetext>
DKIM (formerly known as Domain Keys) is more sophisticated and worth looking into in addition to SPF.
I'm using an implementation called DKIMproxy, which runs as a daemon and is specifically designed to work with postfix.
I've been fairly happy with it.
What's helpful about it is that if I get mail from someone who implements DKIM, I can be sure that it's really from them, and likewise if I get joe-jobbed, I can convince the recipient that the spam wasn't actually from me.
The biggest and best known users of DKIM are gmail and yahoo, but I'm seeing it used elsewhere as well.
For example, I recently got spam from lulu.com, and the good news was that it was DKIM-signed, so I could be sure it wasn't a joe job.
I understand what you mean about establishing a good reputation in terms of the email you send.
Actually many of the big email providers have a policy of blacklisting all domains by default these days, and waiting for the domain operators to contact them and ask to be allowed to send mail to them.
Both AOL and yahoo seem to do this.
With yahoo, you can fill out a form to convince them you're not evil, and if the info on the form satisfies them, they stop blacklisting you.
One of their criteria is that they're more likely to approve you if you implement DKIM.
If you tell them you're using DKIM, then they won't accept mail from your domain that isn't DKIM-signed; this is to your advantage, because then their users won't be clicking on the spam button on mail that claims to be from you but isn't.
</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483714</id>
	<title>Yes, but no</title>
	<author>slimjim8094</author>
	<datestamp>1261072380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I have Dreamhost. They provide a copy and paste line for a DNS entry. See <a href="http://wiki.dreamhost.com/SPF" title="dreamhost.com">http://wiki.dreamhost.com/SPF</a> [dreamhost.com]</p><p>It's one of those things that won't be useful until just about everybody has implemented it. The way it works is by defining which IPs can send email purporting to be from a domain; if you receive an email "from" a yahoo address but coming from some cable modem, you can block it. And as long as not everyone has SPF, you can't just block emails that fail a SPF check...</p><p>So yes - I do use it. But it's mostly altruistic, as it really has no effect on incoming email unless you just block no/invalid SPF.</p><p>I don't understand why everybody doesn't just enable it - it's a few minutes' worth of a TXT field.</p></htmltext>
<tokenext>I have Dreamhost .
They provide a copy and paste line for a DNS entry .
See http : //wiki.dreamhost.com/SPF [ dreamhost.com ] It 's one of those things that wo n't be useful until just about everybody has implemented it .
The way it works is by defining which IPs can send email purporting to be from a domain ; if you receive an email " from " a yahoo address but coming from some cable modem , you can block it .
And as long as not everyone has SPF , you ca n't just block emails that fail a SPF check...So yes - I do use it .
But it 's mostly altruistic , as it really has no effect on incoming email unless you just block no/invalid SPF.I do n't understand why everybody does n't just enable it - it 's a few minutes ' worth of a TXT field .</tokentext>
<sentencetext>I have Dreamhost.
They provide a copy and paste line for a DNS entry.
See http://wiki.dreamhost.com/SPF [dreamhost.com]It's one of those things that won't be useful until just about everybody has implemented it.
The way it works is by defining which IPs can send email purporting to be from a domain; if you receive an email "from" a yahoo address but coming from some cable modem, you can block it.
And as long as not everyone has SPF, you can't just block emails that fail a SPF check...So yes - I do use it.
But it's mostly altruistic, as it really has no effect on incoming email unless you just block no/invalid SPF.I don't understand why everybody doesn't just enable it - it's a few minutes' worth of a TXT field.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482052</id>
	<title>Re:Yes.</title>
	<author>maxwell demon</author>
	<datestamp>1261058580000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>1</modscore>
	<htmltext><p>Do all people you send mails to expect you to send mails to them?<br>Did you eventually get no answer to a mail you sent to someone you don't normally send mail to?</p><p>People won't complain about not getting your mail if they don't have a clue that you sent them any mail.</p></htmltext>
<tokenext>Do all people you send mails to expect you to send mails to them ? Did you eventually get no answer to a mail you sent to someone you do n't normally send mail to ? People wo n't complain about not getting your mail if they do n't have a clue that you sent them any mail .</tokentext>
<sentencetext>Do all people you send mails to expect you to send mails to them?Did you eventually get no answer to a mail you sent to someone you don't normally send mail to?People won't complain about not getting your mail if they don't have a clue that you sent them any mail.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481468</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482870</id>
	<title>Use SPF = Get Your Own Mail Deleted</title>
	<author>CritterNYC</author>
	<datestamp>1261064280000</datestamp>
	<modclass>Troll</modclass>
	<modscore>0</modscore>
	<htmltext><p>If you use SPF, you only succeed in getting your own email deleted.</p><p>When you send email to your buddy, let's call him Jim, with his own vanity domain, it gets forwarded to his ISP email account.  Since his ISP is checking SPF records, it'll check your domain's, see that your email isn't coming from your own server (it's coming from Jim's vanity domain host) and block it.  Like most vanity domain hosts, no message will be sent back to you to let you know your mail was blocked.</p><p>Congratulations, you just got your own legitimate email blocked and disappeared with no way for you or your friend Jim to know.</p><p>SPF makes incorrect assumptions about the way everyone uses email.  It then attempts to make up for these incorrect assumptions by suggesting that everyone use <a href="http://www.openspf.org/SRS" title="openspf.org" rel="nofollow">SRS</a> [openspf.org]... which, of course, no one uses.</p><p>If you use SPF, you get your own email deleted.  Don't use SPF.</p></htmltext>
<tokenext>If you use SPF , you only succeed in getting your own email deleted.When you send email to your buddy , let 's call him Jim , with his own vanity domain , it gets forwarded to his ISP email account .
Since his ISP is checking SPF records , it 'll check your domain 's , see that your email is n't coming from your own server ( it 's coming from Jim 's vanity domain host ) and block it .
Like most vanity domain hosts , no message will be sent back to you to let you know your mail was blocked.Congratulations , you just got your own legitimate email blocked and disappeared with no way for you or your friend Jim to know.SPF makes incorrect assumptions about the way everyone uses email .
It then attempts to make up for these incorrect assumptions by suggesting that everyone use SRS [ openspf.org ] ... which , of course , no one uses.If you use SPF , you get your own email deleted .
Do n't use SPF .</tokentext>
<sentencetext>If you use SPF, you only succeed in getting your own email deleted.When you send email to your buddy, let's call him Jim, with his own vanity domain, it gets forwarded to his ISP email account.
Since his ISP is checking SPF records, it'll check your domain's, see that your email isn't coming from your own server (it's coming from Jim's vanity domain host) and block it.
Like most vanity domain hosts, no message will be sent back to you to let you know your mail was blocked.Congratulations, you just got your own legitimate email blocked and disappeared with no way for you or your friend Jim to know.SPF makes incorrect assumptions about the way everyone uses email.
It then attempts to make up for these incorrect assumptions by suggesting that everyone use SRS [openspf.org]... which, of course, no one uses.If you use SPF, you get your own email deleted.
Don't use SPF.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484950</id>
	<title>Re:Got it on Google's advice</title>
	<author>Anonymous</author>
	<datestamp>1261132800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>One day, you send email to someone who forwards email from an address at one provider to another.</p><p>The second provider checks the originating IP of the message. It doesn't match the SPF record, because it came via the first provider. They throw your message away.</p><p>SPF is a simple solution to the problem, but not a correct or well though-out one. At least for all its clumsiness, DKIM signing depends on the message sender, not the last SMTP relay hop it went through, which could be anything.</p></htmltext>
<tokenext>One day , you send email to someone who forwards email from an address at one provider to another.The second provider checks the originating IP of the message .
It does n't match the SPF record , because it came via the first provider .
They throw your message away.SPF is a simple solution to the problem , but not a correct or well though-out one .
At least for all its clumsiness , DKIM signing depends on the message sender , not the last SMTP relay hop it went through , which could be anything .</tokentext>
<sentencetext>One day, you send email to someone who forwards email from an address at one provider to another.The second provider checks the originating IP of the message.
It doesn't match the SPF record, because it came via the first provider.
They throw your message away.SPF is a simple solution to the problem, but not a correct or well though-out one.
At least for all its clumsiness, DKIM signing depends on the message sender, not the last SMTP relay hop it went through, which could be anything.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481672</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483890</id>
	<title>You ARE asking people to throw away your own email</title>
	<author>CritterNYC</author>
	<datestamp>1261074540000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>The thing is that due to forwarding and vanity servers, you ARE asking people down the wire (which you can't predict and have NO control over) to throw away mail you sent.  When you send to a buddy's vanity domain (that you don't know is a vanity domain) and it forwards your email to their ISP or work account that does check SPF records, your mail gets ditched.  And you usually won't get any notice, so your email just disappears.</p><p>Using SPF increases the likelihood of your email getting sent into the ether to not return.</p><p>The SPF folks themselves acknowledge this as an issue and recommend using SRS to combat it.  Of course, since no one uses SRS, it's still an issue.</p></htmltext>
<tokenext>The thing is that due to forwarding and vanity servers , you ARE asking people down the wire ( which you ca n't predict and have NO control over ) to throw away mail you sent .
When you send to a buddy 's vanity domain ( that you do n't know is a vanity domain ) and it forwards your email to their ISP or work account that does check SPF records , your mail gets ditched .
And you usually wo n't get any notice , so your email just disappears.Using SPF increases the likelihood of your email getting sent into the ether to not return.The SPF folks themselves acknowledge this as an issue and recommend using SRS to combat it .
Of course , since no one uses SRS , it 's still an issue .</tokentext>
<sentencetext>The thing is that due to forwarding and vanity servers, you ARE asking people down the wire (which you can't predict and have NO control over) to throw away mail you sent.
When you send to a buddy's vanity domain (that you don't know is a vanity domain) and it forwards your email to their ISP or work account that does check SPF records, your mail gets ditched.
And you usually won't get any notice, so your email just disappears.Using SPF increases the likelihood of your email getting sent into the ether to not return.The SPF folks themselves acknowledge this as an issue and recommend using SRS to combat it.
Of course, since no one uses SRS, it's still an issue.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481594</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482646</id>
	<title>Graph showing adoption</title>
	<author>kingradar</author>
	<datestamp>1261062780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I am one of the admins for the free email service Lavabit. We have a graph on the net showing adoption, built from about 150k messages a day. (We don't include messages for users who have disabled this inbound check, or for messages which are blocked for some reason other than SPF.)</p><p><a href="http://lauren.lavabit.com/export/graph\_162.html" title="lavabit.com" rel="nofollow">http://lauren.lavabit.com/export/graph\_162.html</a> [lavabit.com]</p></htmltext>
<tokenext>I am one of the admins for the free email service Lavabit .
We have a graph on the net showing adoption , built from about 150k messages a day .
( We do n't include messages for users who have disabled this inbound check , or for messages which are blocked for some reason other than SPF .
) http : //lauren.lavabit.com/export/graph \ _162.html [ lavabit.com ]</tokentext>
<sentencetext>I am one of the admins for the free email service Lavabit.
We have a graph on the net showing adoption, built from about 150k messages a day.
(We don't include messages for users who have disabled this inbound check, or for messages which are blocked for some reason other than SPF.
)http://lauren.lavabit.com/export/graph\_162.html [lavabit.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484964</id>
	<title>Re:Anti-spam vendor's perspective</title>
	<author>Barnett</author>
	<datestamp>1261132920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>You said that SPF records "aren't part of reputation", but rather "if you emit junk, your reputation will be junk."  But if others are allowed to forge your email addresses, then their junk will be attributed to you, and so affect you reputation.  So it sounds to me like SPF can in fact affect reputation.  There seems to be a contradiction here...</htmltext>
<tokenext>You said that SPF records " are n't part of reputation " , but rather " if you emit junk , your reputation will be junk .
" But if others are allowed to forge your email addresses , then their junk will be attributed to you , and so affect you reputation .
So it sounds to me like SPF can in fact affect reputation .
There seems to be a contradiction here.. .</tokentext>
<sentencetext>You said that SPF records "aren't part of reputation", but rather "if you emit junk, your reputation will be junk.
"  But if others are allowed to forge your email addresses, then their junk will be attributed to you, and so affect you reputation.
So it sounds to me like SPF can in fact affect reputation.
There seems to be a contradiction here...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481694</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483228</id>
	<title>spf - seems to reduce forged spam</title>
	<author>Teunis</author>
	<datestamp>1261067520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I've used this on various servers.  A couple had high rates of forged email before and it was reduced after.   Mind I also put a lot of other email security in place so it could have been that too.   We had hard requirements for validity internally and soft for external - which helped a lot more in tracing down some internal computers that had been compromised.</htmltext>
<tokenext>I 've used this on various servers .
A couple had high rates of forged email before and it was reduced after .
Mind I also put a lot of other email security in place so it could have been that too .
We had hard requirements for validity internally and soft for external - which helped a lot more in tracing down some internal computers that had been compromised .</tokentext>
<sentencetext>I've used this on various servers.
A couple had high rates of forged email before and it was reduced after.
Mind I also put a lot of other email security in place so it could have been that too.
We had hard requirements for validity internally and soft for external - which helped a lot more in tracing down some internal computers that had been compromised.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481672</id>
	<title>Got it on Google's advice</title>
	<author>Anonymous</author>
	<datestamp>1261056480000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>Four years ago, I got hit by a Joe-job, i.e. some spammer used my domain in the 'From' field. I deleted the thousands of resulting messages in the following days and then didn't think about it anymore.</p><p>Two years ago, I shut down my mail server and moved it to Google Apps. Basically it involves creating a Google Apps account which tells you to point your domain its MX (mail exchange) records to GMail. The second, optional, step was to add SPF records. I thought about the Joe-job. Since the GMail wizard is good and explains everything, I just executed that step. It's actually really simple.</p><p>Anyone else have this experience? I.e. creating SPF records was too easy to just skip it?</p></htmltext>
<tokenext>Four years ago , I got hit by a Joe-job , i.e .
some spammer used my domain in the 'From ' field .
I deleted the thousands of resulting messages in the following days and then did n't think about it anymore.Two years ago , I shut down my mail server and moved it to Google Apps .
Basically it involves creating a Google Apps account which tells you to point your domain its MX ( mail exchange ) records to GMail .
The second , optional , step was to add SPF records .
I thought about the Joe-job .
Since the GMail wizard is good and explains everything , I just executed that step .
It 's actually really simple.Anyone else have this experience ?
I.e. creating SPF records was too easy to just skip it ?</tokentext>
<sentencetext>Four years ago, I got hit by a Joe-job, i.e.
some spammer used my domain in the 'From' field.
I deleted the thousands of resulting messages in the following days and then didn't think about it anymore.Two years ago, I shut down my mail server and moved it to Google Apps.
Basically it involves creating a Google Apps account which tells you to point your domain its MX (mail exchange) records to GMail.
The second, optional, step was to add SPF records.
I thought about the Joe-job.
Since the GMail wizard is good and explains everything, I just executed that step.
It's actually really simple.Anyone else have this experience?
I.e. creating SPF records was too easy to just skip it?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484134</id>
	<title>Yahoo's 17 Questions</title>
	<author>Newt-dog</author>
	<datestamp>1261078200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I've had this floating around on my hard drive for quite a while, and have used it on occasion.  Not sure if Yahoo still sends it out, but you get the drift from their questions....</p><p> <b>Yahoo's 17 Questions</b> </p><p>1. Do you rent, lease, buy or otherwise obtain email lists from
  companies, individuals, organizations, or websites (other than those you
  own) that do not indicate that the customer will be subscribed to this
specific email list? <br>
 a. If yes, do you explicitly send an opt-in confirmation email to the
  email addresses you have acquired?<br>
 -- If yes, please send a text-only example of this email.<br>
 b. If no, please explain how you obtain email addresses.</p><p>2. How do you verify that the true owner of the email address you have
  obtained is valid?</p><p>3. Do you offer list management services for other companies (i.e., as
  an ASP)? If so, please provide us with your standards for accepting your
  clients' email lists.<br>
  <br>
  4. Do you rent, lease, sell, or otherwise give email lists to other
  companies, individuals, organizations, or affiliates without providing
  notice to the email users that they will be subscribed to the buyer's
  specific email list?<br>
  <br>
  5. Please indicate the information below pertaining to email sent to
  Yahoo! mail.<br>
 a. How frequently do you send email to Yahoo! users in a given month
  and how many emails are sent in the average mailing?<br>
 b. If you send email to multiple addresses, how many addresses are
  sent to, for an average mailing?<br>
 c. If you are an ASP, what has your average client mailing frequency
  been over the past six months?<br>
d. Are you emails informational and subscriber based (newsletters)?<br>
 e. Are your emails for marketing to other than existing customers?</p><p>6. Please specify your policies pertaining to both soft (4xx) and hard
  (5xx) SMTP response codes or bounce messages.<br>

  a. Do you remove email addresses from your mail server or list if
  emails to them bounce? <br>
  Soft:<br>
  Hard:<br>

  b. How many bounced emails are required before you consider an email
  address to be inactive and subject to removal from your list? <br>
  Soft: <br>
  Hard: <br>
 -After an email address reaches your bounce limit, how long
  (i.e., minutes, hours, etc.) does it typically take to remove the email
  address from your list?<br>
  Soft:<br>
Hard:<br>
 c. Are there any circumstances under which you ignore the standard
  definitions (4xx) being temporary and (5xx) being permanent, and instead
  apply your own non standard interpretation?  If so, when/what/how? </p><p>7. If a user requests removal from your email list, how long (i.e.,
  minutes, hours, etc.) does it typically take to remove the email
  address?<br>
  When user clicks an unsubscribe link (if applicable):<br>
  When user requests removal:<br>
  Other: <br>
  <br>
  8. If a user is removed from your email list, what happens to that email
  address in your database? </p><p>9. Please copy and paste a text-only example of a recent mailing, having
  the delivery issue, including full Internet headers.  Include the entire
  error message if email is being returned or undeliverable.</p><p>Within a Yahoo! Mail account, you can display this information by
  clicking the &quot;Full Headers&quot; link located within the message in the
  bottom right-hand corner.</p><p>10. Please provide all of the active email IP address(es) and domain
  names you are currently using to send your mailings including notes with
  regards to dedicated or shared status for each.  We do request email
  administrators to describe which of their clients corresponds to each IP
  address.  Please submit this information in the following format:</p><p> IP Address:  xxx.xxx.xxx.xxx<br>
  Mail Server Domain Name:  server\_name.domain.com<br>
  Notes: dedicated IP, domain/list server<br>
At this time we can only consider active and correctly configured mail
  servers/IPs for possible addition to the whitelist. </p><p>11. Are these IP addresses dedicated solely for your company's mai</p></htmltext>
<tokenext>I 've had this floating around on my hard drive for quite a while , and have used it on occasion .
Not sure if Yahoo still sends it out , but you get the drift from their questions.... Yahoo 's 17 Questions 1 .
Do you rent , lease , buy or otherwise obtain email lists from companies , individuals , organizations , or websites ( other than those you own ) that do not indicate that the customer will be subscribed to this specific email list ?
a. If yes , do you explicitly send an opt-in confirmation email to the email addresses you have acquired ?
-- If yes , please send a text-only example of this email .
b. If no , please explain how you obtain email addresses.2 .
How do you verify that the true owner of the email address you have obtained is valid ? 3 .
Do you offer list management services for other companies ( i.e. , as an ASP ) ?
If so , please provide us with your standards for accepting your clients ' email lists .
4. Do you rent , lease , sell , or otherwise give email lists to other companies , individuals , organizations , or affiliates without providing notice to the email users that they will be subscribed to the buyer 's specific email list ?
5. Please indicate the information below pertaining to email sent to Yahoo !
mail . a. How frequently do you send email to Yahoo !
users in a given month and how many emails are sent in the average mailing ?
b. If you send email to multiple addresses , how many addresses are sent to , for an average mailing ?
c. If you are an ASP , what has your average client mailing frequency been over the past six months ?
d. Are you emails informational and subscriber based ( newsletters ) ?
e. Are your emails for marketing to other than existing customers ? 6 .
Please specify your policies pertaining to both soft ( 4xx ) and hard ( 5xx ) SMTP response codes or bounce messages .
a. Do you remove email addresses from your mail server or list if emails to them bounce ?
Soft : Hard : b. How many bounced emails are required before you consider an email address to be inactive and subject to removal from your list ?
Soft : Hard : -After an email address reaches your bounce limit , how long ( i.e. , minutes , hours , etc .
) does it typically take to remove the email address from your list ?
Soft : Hard : c. Are there any circumstances under which you ignore the standard definitions ( 4xx ) being temporary and ( 5xx ) being permanent , and instead apply your own non standard interpretation ?
If so , when/what/how ?
7. If a user requests removal from your email list , how long ( i.e. , minutes , hours , etc .
) does it typically take to remove the email address ?
When user clicks an unsubscribe link ( if applicable ) : When user requests removal : Other : 8 .
If a user is removed from your email list , what happens to that email address in your database ?
9. Please copy and paste a text-only example of a recent mailing , having the delivery issue , including full Internet headers .
Include the entire error message if email is being returned or undeliverable.Within a Yahoo !
Mail account , you can display this information by clicking the " Full Headers " link located within the message in the bottom right-hand corner.10 .
Please provide all of the active email IP address ( es ) and domain names you are currently using to send your mailings including notes with regards to dedicated or shared status for each .
We do request email administrators to describe which of their clients corresponds to each IP address .
Please submit this information in the following format : IP Address : xxx.xxx.xxx.xxx Mail Server Domain Name : server \ _name.domain.com Notes : dedicated IP , domain/list server At this time we can only consider active and correctly configured mail servers/IPs for possible addition to the whitelist .
11. Are these IP addresses dedicated solely for your company 's mai</tokentext>
<sentencetext>I've had this floating around on my hard drive for quite a while, and have used it on occasion.
Not sure if Yahoo still sends it out, but you get the drift from their questions.... Yahoo's 17 Questions 1.
Do you rent, lease, buy or otherwise obtain email lists from
  companies, individuals, organizations, or websites (other than those you
  own) that do not indicate that the customer will be subscribed to this
specific email list?
a. If yes, do you explicitly send an opt-in confirmation email to the
  email addresses you have acquired?
-- If yes, please send a text-only example of this email.
b. If no, please explain how you obtain email addresses.2.
How do you verify that the true owner of the email address you have
  obtained is valid?3.
Do you offer list management services for other companies (i.e., as
  an ASP)?
If so, please provide us with your standards for accepting your
  clients' email lists.
4. Do you rent, lease, sell, or otherwise give email lists to other
  companies, individuals, organizations, or affiliates without providing
  notice to the email users that they will be subscribed to the buyer's
  specific email list?
5. Please indicate the information below pertaining to email sent to
  Yahoo!
mail.
 a. How frequently do you send email to Yahoo!
users in a given month
  and how many emails are sent in the average mailing?
b. If you send email to multiple addresses, how many addresses are
  sent to, for an average mailing?
c. If you are an ASP, what has your average client mailing frequency
  been over the past six months?
d. Are you emails informational and subscriber based (newsletters)?
e. Are your emails for marketing to other than existing customers?6.
Please specify your policies pertaining to both soft (4xx) and hard
  (5xx) SMTP response codes or bounce messages.
a. Do you remove email addresses from your mail server or list if
  emails to them bounce?
Soft:
  Hard:

  b. How many bounced emails are required before you consider an email
  address to be inactive and subject to removal from your list?
Soft: 
  Hard: 
 -After an email address reaches your bounce limit, how long
  (i.e., minutes, hours, etc.
) does it typically take to remove the email
  address from your list?
Soft:
Hard:
 c. Are there any circumstances under which you ignore the standard
  definitions (4xx) being temporary and (5xx) being permanent, and instead
  apply your own non standard interpretation?
If so, when/what/how?
7. If a user requests removal from your email list, how long (i.e.,
  minutes, hours, etc.
) does it typically take to remove the email
  address?
When user clicks an unsubscribe link (if applicable):
  When user requests removal:
  Other: 
  
  8.
If a user is removed from your email list, what happens to that email
  address in your database?
9. Please copy and paste a text-only example of a recent mailing, having
  the delivery issue, including full Internet headers.
Include the entire
  error message if email is being returned or undeliverable.Within a Yahoo!
Mail account, you can display this information by
  clicking the "Full Headers" link located within the message in the
  bottom right-hand corner.10.
Please provide all of the active email IP address(es) and domain
  names you are currently using to send your mailings including notes with
  regards to dedicated or shared status for each.
We do request email
  administrators to describe which of their clients corresponds to each IP
  address.
Please submit this information in the following format: IP Address:  xxx.xxx.xxx.xxx
  Mail Server Domain Name:  server\_name.domain.com
  Notes: dedicated IP, domain/list server
At this time we can only consider active and correctly configured mail
  servers/IPs for possible addition to the whitelist.
11. Are these IP addresses dedicated solely for your company's mai</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483008</id>
	<title>Re:No, and I won't</title>
	<author>sprior</author>
	<datestamp>1261065480000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>While I can see the reason for your points, I don't agree with the conclusion.</p><p>The fact is that implementing SPF comes with a bigger responsibility to account for every machine your email might be sent from.  No doubt this can be a big pain and imply compromise.</p><p>I have implemented SPF and for me the big downside is that OTHERS don't check it and pay attention to what I've implemented.  I still get bounced email which the receiver SHOULD have ignored as forged because it failed SPF checks, but they didn't and bounced it to me anyway.</p><p>So my complaint is that being responsible hasn't bought me as much as it should have.</p></htmltext>
<tokenext>While I can see the reason for your points , I do n't agree with the conclusion.The fact is that implementing SPF comes with a bigger responsibility to account for every machine your email might be sent from .
No doubt this can be a big pain and imply compromise.I have implemented SPF and for me the big downside is that OTHERS do n't check it and pay attention to what I 've implemented .
I still get bounced email which the receiver SHOULD have ignored as forged because it failed SPF checks , but they did n't and bounced it to me anyway.So my complaint is that being responsible has n't bought me as much as it should have .</tokentext>
<sentencetext>While I can see the reason for your points, I don't agree with the conclusion.The fact is that implementing SPF comes with a bigger responsibility to account for every machine your email might be sent from.
No doubt this can be a big pain and imply compromise.I have implemented SPF and for me the big downside is that OTHERS don't check it and pay attention to what I've implemented.
I still get bounced email which the receiver SHOULD have ignored as forged because it failed SPF checks, but they didn't and bounced it to me anyway.So my complaint is that being responsible hasn't bought me as much as it should have.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482370</id>
	<title>Re:Bless me server, for I have sinned</title>
	<author>element-o.p.</author>
	<datestamp>1261060680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>What should I do, server?</p></div><p>
Move to Postfix<nobr> <wbr></nobr>;)
<br> <br>
On a completely off-topic, well...topic, I love the &quot;#include&quot; in your sig</p></div>
	</htmltext>
<tokenext>What should I do , server ?
Move to Postfix ; ) On a completely off-topic , well...topic , I love the " # include " in your sig</tokentext>
<sentencetext>What should I do, server?
Move to Postfix ;)
 
On a completely off-topic, well...topic, I love the "#include" in your sig
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481692</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30486432</id>
	<title>Re:Got it on Google's advice</title>
	<author>Anonymous</author>
	<datestamp>1261147980000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Like wise, when setting up google apps for my domain I did the SPF since it was so simple (and I didn't really want people saying that yes they would by my viagra).</p><p>However, I was a bit confused, since I'm only sending email from gmails' servers, why does google recommend ~all instead of a hard -all?</p><p>Anyone (google?) have an answer for this? Is it just because google figures not everyone knows what's up and might fubar their migration if they're not managing their mailserver properly?</p></htmltext>
<tokenext>Like wise , when setting up google apps for my domain I did the SPF since it was so simple ( and I did n't really want people saying that yes they would by my viagra ) .However , I was a bit confused , since I 'm only sending email from gmails ' servers , why does google recommend ~ all instead of a hard -all ? Anyone ( google ?
) have an answer for this ?
Is it just because google figures not everyone knows what 's up and might fubar their migration if they 're not managing their mailserver properly ?</tokentext>
<sentencetext>Like wise, when setting up google apps for my domain I did the SPF since it was so simple (and I didn't really want people saying that yes they would by my viagra).However, I was a bit confused, since I'm only sending email from gmails' servers, why does google recommend ~all instead of a hard -all?Anyone (google?
) have an answer for this?
Is it just because google figures not everyone knows what's up and might fubar their migration if they're not managing their mailserver properly?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481672</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30497582</id>
	<title>Re:dkim; convincing individual mail providers</title>
	<author>GPLHost-Thomas</author>
	<datestamp>1261221180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Are you using Debian? If so, can you try my latest package for it, before it's sent to SID and report if it's running well or not?<nobr> <wbr></nobr>:) <a href="http://ftparchive.gplhost.com/debian/pool/lenny/main/d/dkimproxy/" title="gplhost.com" rel="nofollow">http://ftparchive.gplhost.com/debian/pool/lenny/main/d/dkimproxy/</a> [gplhost.com]</htmltext>
<tokenext>Are you using Debian ?
If so , can you try my latest package for it , before it 's sent to SID and report if it 's running well or not ?
: ) http : //ftparchive.gplhost.com/debian/pool/lenny/main/d/dkimproxy/ [ gplhost.com ]</tokentext>
<sentencetext>Are you using Debian?
If so, can you try my latest package for it, before it's sent to SID and report if it's running well or not?
:) http://ftparchive.gplhost.com/debian/pool/lenny/main/d/dkimproxy/ [gplhost.com]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481724</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30496448</id>
	<title>SPF, DKIM, Best Practices, none of it matters...</title>
	<author>TFGeditor</author>
	<datestamp>1261156500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>...if a handful of AOL users flag your email as spam, AOL will not whitelist your server. This includes double-opt in email sent to verify registration for a newsletter or service. I swear to Bob, AOL use will mark these as spam then complain because they cannot register for your site.</p><p>We now simply tell potential registrants who enter an AOL address, "Sorry, get a real email service then we will talk."</p></htmltext>
<tokenext>...if a handful of AOL users flag your email as spam , AOL will not whitelist your server .
This includes double-opt in email sent to verify registration for a newsletter or service .
I swear to Bob , AOL use will mark these as spam then complain because they can not register for your site.We now simply tell potential registrants who enter an AOL address , " Sorry , get a real email service then we will talk .
"</tokentext>
<sentencetext>...if a handful of AOL users flag your email as spam, AOL will not whitelist your server.
This includes double-opt in email sent to verify registration for a newsletter or service.
I swear to Bob, AOL use will mark these as spam then complain because they cannot register for your site.We now simply tell potential registrants who enter an AOL address, "Sorry, get a real email service then we will talk.
"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481694</id>
	<title>Anti-spam vendor's perspective</title>
	<author>gujo-odori</author>
	<datestamp>1261056540000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>I work for a major anti-spam vendor.</p><p>Yes, SPF records are part of the mix at many anti-spam vendors.</p><p>However, they aren't part of reputation. Reputation, to describe it simply and without giving away any secrets, is determined by the kind of mail a host or network emits. Whether it has SPF records and/or DKIM-signs its mail does not affect reputation; if you emit junk, your reputation will be junk.</p><p>SPF and (moreso) DKIM have value in assessing whether a given mail is a forgery or not (think phishing and related scams). They are not weighted overly much, since people do foolish things like put their work email address into their webmail account all the time, and it causes FPs, for some value of false positive. That is, it's not an FP per se, but the mail is technically legit, so dropping it on the floor isn't the desired action.</p><p>In short, don't expect having SPF and DKIM to improve your deliverability much, if at all. That's not where the value-add is. The value-add is helping to separate the sheep from the goats among mail that purports to be from your domain. If you want recipients to be able to (theoretically, since most of them don't/won't check) have greater confidence that a mail that claims to have come from your organization really did so, then yes, implement both SPF and DKIM.</p><p>If you're an organization whose customers might be phishing targets, definitely do both. Orgs I've seen targeted for phishing include financial institutions of any size (even a single branch!), various government agencies, educational institutions (not just universities, either), BBB, auto clubs, World of Warcraft accounts, Vonage, Craig's List, all the free webmail providers. If it has a login, and anything a phisher could find to be of value (for practically any value of "value"), there will be phishing attempts.</p><p>If your company is one of those - or even if it's not, really - I recommend both SPF and DKIM.</p></htmltext>
<tokenext>I work for a major anti-spam vendor.Yes , SPF records are part of the mix at many anti-spam vendors.However , they are n't part of reputation .
Reputation , to describe it simply and without giving away any secrets , is determined by the kind of mail a host or network emits .
Whether it has SPF records and/or DKIM-signs its mail does not affect reputation ; if you emit junk , your reputation will be junk.SPF and ( moreso ) DKIM have value in assessing whether a given mail is a forgery or not ( think phishing and related scams ) .
They are not weighted overly much , since people do foolish things like put their work email address into their webmail account all the time , and it causes FPs , for some value of false positive .
That is , it 's not an FP per se , but the mail is technically legit , so dropping it on the floor is n't the desired action.In short , do n't expect having SPF and DKIM to improve your deliverability much , if at all .
That 's not where the value-add is .
The value-add is helping to separate the sheep from the goats among mail that purports to be from your domain .
If you want recipients to be able to ( theoretically , since most of them do n't/wo n't check ) have greater confidence that a mail that claims to have come from your organization really did so , then yes , implement both SPF and DKIM.If you 're an organization whose customers might be phishing targets , definitely do both .
Orgs I 've seen targeted for phishing include financial institutions of any size ( even a single branch !
) , various government agencies , educational institutions ( not just universities , either ) , BBB , auto clubs , World of Warcraft accounts , Vonage , Craig 's List , all the free webmail providers .
If it has a login , and anything a phisher could find to be of value ( for practically any value of " value " ) , there will be phishing attempts.If your company is one of those - or even if it 's not , really - I recommend both SPF and DKIM .</tokentext>
<sentencetext>I work for a major anti-spam vendor.Yes, SPF records are part of the mix at many anti-spam vendors.However, they aren't part of reputation.
Reputation, to describe it simply and without giving away any secrets, is determined by the kind of mail a host or network emits.
Whether it has SPF records and/or DKIM-signs its mail does not affect reputation; if you emit junk, your reputation will be junk.SPF and (moreso) DKIM have value in assessing whether a given mail is a forgery or not (think phishing and related scams).
They are not weighted overly much, since people do foolish things like put their work email address into their webmail account all the time, and it causes FPs, for some value of false positive.
That is, it's not an FP per se, but the mail is technically legit, so dropping it on the floor isn't the desired action.In short, don't expect having SPF and DKIM to improve your deliverability much, if at all.
That's not where the value-add is.
The value-add is helping to separate the sheep from the goats among mail that purports to be from your domain.
If you want recipients to be able to (theoretically, since most of them don't/won't check) have greater confidence that a mail that claims to have come from your organization really did so, then yes, implement both SPF and DKIM.If you're an organization whose customers might be phishing targets, definitely do both.
Orgs I've seen targeted for phishing include financial institutions of any size (even a single branch!
), various government agencies, educational institutions (not just universities, either), BBB, auto clubs, World of Warcraft accounts, Vonage, Craig's List, all the free webmail providers.
If it has a login, and anything a phisher could find to be of value (for practically any value of "value"), there will be phishing attempts.If your company is one of those - or even if it's not, really - I recommend both SPF and DKIM.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481784</id>
	<title>Nope</title>
	<author>menelaus</author>
	<datestamp>1261056960000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>I don't use them personally and we have very few customers at my current job that will request them.</p><p>I used to work for an anti-spam company and the request would come in from time to time to have SPF checking built into our appliances.  As developers, we did see the benefit of it.  But at the time, there was the SPF vs SenderID vs Domain Keys battle going on.  Who would win out?</p><p>As it appears years later, no one really did.</p><p>The problem with the technology is adoption rates.  Unfortunately, many of these technologies are not being adopted by the masses.  I'm not saying its hurting you by having these in place, but it also might not be doing as much good as you think that it is.</p></htmltext>
<tokenext>I do n't use them personally and we have very few customers at my current job that will request them.I used to work for an anti-spam company and the request would come in from time to time to have SPF checking built into our appliances .
As developers , we did see the benefit of it .
But at the time , there was the SPF vs SenderID vs Domain Keys battle going on .
Who would win out ? As it appears years later , no one really did.The problem with the technology is adoption rates .
Unfortunately , many of these technologies are not being adopted by the masses .
I 'm not saying its hurting you by having these in place , but it also might not be doing as much good as you think that it is .</tokentext>
<sentencetext>I don't use them personally and we have very few customers at my current job that will request them.I used to work for an anti-spam company and the request would come in from time to time to have SPF checking built into our appliances.
As developers, we did see the benefit of it.
But at the time, there was the SPF vs SenderID vs Domain Keys battle going on.
Who would win out?As it appears years later, no one really did.The problem with the technology is adoption rates.
Unfortunately, many of these technologies are not being adopted by the masses.
I'm not saying its hurting you by having these in place, but it also might not be doing as much good as you think that it is.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484124</id>
	<title>I do use it, but only to some level.</title>
	<author>KingRobot</author>
	<datestamp>1261078080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I use SPF, but only to block known or likely forgeries. That is, an e-mail that claims to be from somehost.com AND somehost.com has SPF records, but the message fails the SPF test. In this case, either the message is forged, or the admin of somehost.com hasn't properly educated his users.

I also block a very limited case of messages that claim to be from our own domain, but are in fact spoofed. It has to do with a mismatch of the From: header and the MAIL FROM response. You can read more about it here: <a href="http://www.eisbox.net/2009/07/23/2395-mail-from-vs-from-vs-sender-exploiting-spf/" title="eisbox.net" rel="nofollow">http://www.eisbox.net/2009/07/23/2395-mail-from-vs-from-vs-sender-exploiting-spf/</a> [eisbox.net]</htmltext>
<tokenext>I use SPF , but only to block known or likely forgeries .
That is , an e-mail that claims to be from somehost.com AND somehost.com has SPF records , but the message fails the SPF test .
In this case , either the message is forged , or the admin of somehost.com has n't properly educated his users .
I also block a very limited case of messages that claim to be from our own domain , but are in fact spoofed .
It has to do with a mismatch of the From : header and the MAIL FROM response .
You can read more about it here : http : //www.eisbox.net/2009/07/23/2395-mail-from-vs-from-vs-sender-exploiting-spf/ [ eisbox.net ]</tokentext>
<sentencetext>I use SPF, but only to block known or likely forgeries.
That is, an e-mail that claims to be from somehost.com AND somehost.com has SPF records, but the message fails the SPF test.
In this case, either the message is forged, or the admin of somehost.com hasn't properly educated his users.
I also block a very limited case of messages that claim to be from our own domain, but are in fact spoofed.
It has to do with a mismatch of the From: header and the MAIL FROM response.
You can read more about it here: http://www.eisbox.net/2009/07/23/2395-mail-from-vs-from-vs-sender-exploiting-spf/ [eisbox.net]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481942</id>
	<title>They help, but only slightly!</title>
	<author>Anonymous</author>
	<datestamp>1261057860000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>I also use SPF records for all my domains, most are simply: "v=spf1 a mx -all".

"-all" as in hard fail. I don't know why there is a soft fail "~all" option, if it's not from a known host / IP, it should fail. What's the point in returning an unknown response? Like as if there was no SPF record in the first place? It's amazing how many domains actually use soft fail. Anyone know why?

They only help stop backscatter and other IPs from sending emails from @youdomain.com as long as the other mail server does a SPF lookup. We have become dependant on the email protocol and the way it works, pitty it's in such a mess<nobr> <wbr></nobr>:( Damn you SPAMBOTS!!!</htmltext>
<tokenext>I also use SPF records for all my domains , most are simply : " v = spf1 a mx -all " .
" -all " as in hard fail .
I do n't know why there is a soft fail " ~ all " option , if it 's not from a known host / IP , it should fail .
What 's the point in returning an unknown response ?
Like as if there was no SPF record in the first place ?
It 's amazing how many domains actually use soft fail .
Anyone know why ?
They only help stop backscatter and other IPs from sending emails from @ youdomain.com as long as the other mail server does a SPF lookup .
We have become dependant on the email protocol and the way it works , pitty it 's in such a mess : ( Damn you SPAMBOTS ! !
!</tokentext>
<sentencetext>I also use SPF records for all my domains, most are simply: "v=spf1 a mx -all".
"-all" as in hard fail.
I don't know why there is a soft fail "~all" option, if it's not from a known host / IP, it should fail.
What's the point in returning an unknown response?
Like as if there was no SPF record in the first place?
It's amazing how many domains actually use soft fail.
Anyone know why?
They only help stop backscatter and other IPs from sending emails from @youdomain.com as long as the other mail server does a SPF lookup.
We have become dependant on the email protocol and the way it works, pitty it's in such a mess :( Damn you SPAMBOTS!!
!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30510152</id>
	<title>25 Hours of complete Hell</title>
	<author>JCota</author>
	<datestamp>1261391040000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>I completely dislike SPF... I had to enable them when completely legitimate emails, from the company I work for, were blocked by SPAM Haus. The emails we were attempting to send were ALL properly solicited emails to customers that were using Yahoo and MSN / hotmail / live accounts. These email / webmail providers chose to use SPAM Haus Spam filtering and would bounce every email back.  It took me almost 25 Hours to identify the problem and present a solution to my boss, who had to approve the change before I could add it to our mail servers.  Also, I have to say that Microsoft surprisingly was very helpful and was able to assist me in identifying the problem ( well, after I was placed on hold for 3 of the 25 hours ) .  So long story short I was quite mad about having a boss breathing down my neck to fix our mail systems while I was on a much earned and deserved vacation, since then SPF is still the bane of my existence and I would never have chosen to use it if I hadn't be made to.</htmltext>
<tokenext>I completely dislike SPF... I had to enable them when completely legitimate emails , from the company I work for , were blocked by SPAM Haus .
The emails we were attempting to send were ALL properly solicited emails to customers that were using Yahoo and MSN / hotmail / live accounts .
These email / webmail providers chose to use SPAM Haus Spam filtering and would bounce every email back .
It took me almost 25 Hours to identify the problem and present a solution to my boss , who had to approve the change before I could add it to our mail servers .
Also , I have to say that Microsoft surprisingly was very helpful and was able to assist me in identifying the problem ( well , after I was placed on hold for 3 of the 25 hours ) .
So long story short I was quite mad about having a boss breathing down my neck to fix our mail systems while I was on a much earned and deserved vacation , since then SPF is still the bane of my existence and I would never have chosen to use it if I had n't be made to .</tokentext>
<sentencetext>I completely dislike SPF... I had to enable them when completely legitimate emails, from the company I work for, were blocked by SPAM Haus.
The emails we were attempting to send were ALL properly solicited emails to customers that were using Yahoo and MSN / hotmail / live accounts.
These email / webmail providers chose to use SPAM Haus Spam filtering and would bounce every email back.
It took me almost 25 Hours to identify the problem and present a solution to my boss, who had to approve the change before I could add it to our mail servers.
Also, I have to say that Microsoft surprisingly was very helpful and was able to assist me in identifying the problem ( well, after I was placed on hold for 3 of the 25 hours ) .
So long story short I was quite mad about having a boss breathing down my neck to fix our mail systems while I was on a much earned and deserved vacation, since then SPF is still the bane of my existence and I would never have chosen to use it if I hadn't be made to.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482084</id>
	<title>Professional email services should be using this</title>
	<author>david.emery</author>
	<datestamp>1261058760000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>My ISP (satisfied customer for 20 years!) uses a very effective anti-spam device (http://www.escom.com) that includes SPF checking.  (No business connection, just a very satisfied customer.  I get less than 1 spam/quarter that isn't trapped in quarantine or flat rejected...)</p><p>I'm appalled at the "professional" electronic contact service companies that fail to set up SPF records, e.g. Bronto.com that sends emails on behalf of the IEEE Computer Society.  If this is your business, you have every obligation to make sure your services on behalf of -paying customers- are properly configured, even if some anti-spam devices do not use SPF as part of their spam detection approach.</p><p>Failure to include SPF records usually causes an email to get trapped in quarantine on my ISP.  That's not "catastrophic" but it is most certainly annoying for something that can be very easily prevented, particularly by companies/organizations that actively invest in email.</p></htmltext>
<tokenext>My ISP ( satisfied customer for 20 years !
) uses a very effective anti-spam device ( http : //www.escom.com ) that includes SPF checking .
( No business connection , just a very satisfied customer .
I get less than 1 spam/quarter that is n't trapped in quarantine or flat rejected... ) I 'm appalled at the " professional " electronic contact service companies that fail to set up SPF records , e.g .
Bronto.com that sends emails on behalf of the IEEE Computer Society .
If this is your business , you have every obligation to make sure your services on behalf of -paying customers- are properly configured , even if some anti-spam devices do not use SPF as part of their spam detection approach.Failure to include SPF records usually causes an email to get trapped in quarantine on my ISP .
That 's not " catastrophic " but it is most certainly annoying for something that can be very easily prevented , particularly by companies/organizations that actively invest in email .</tokentext>
<sentencetext>My ISP (satisfied customer for 20 years!
) uses a very effective anti-spam device (http://www.escom.com) that includes SPF checking.
(No business connection, just a very satisfied customer.
I get less than 1 spam/quarter that isn't trapped in quarantine or flat rejected...)I'm appalled at the "professional" electronic contact service companies that fail to set up SPF records, e.g.
Bronto.com that sends emails on behalf of the IEEE Computer Society.
If this is your business, you have every obligation to make sure your services on behalf of -paying customers- are properly configured, even if some anti-spam devices do not use SPF as part of their spam detection approach.Failure to include SPF records usually causes an email to get trapped in quarantine on my ISP.
That's not "catastrophic" but it is most certainly annoying for something that can be very easily prevented, particularly by companies/organizations that actively invest in email.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30488704</id>
	<title>I Cannot, Really</title>
	<author>Anonymous</author>
	<datestamp>1261157880000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I did set up SPF some time back, but was soon contacted by quite a few of my users (I run the mail servers for our family with the family name as the domain) contacted me and said that they could not send E-mails to some destinations. The problem is that some ISPs demand that all outgoing mail go through their servers (in a spam-prevention measure) and my users therefore could not go directly through my servers. I could try to update my SPF-records with these servers, but that would be one more thing to administer -- and the same goes for setting up VPN connections to my servers and use it that way through. The latter also means more strain on my limited bandwidth.</p><p>In view of the problems and of the (so far) limited benefit from SPF, I will not use it.</p></htmltext>
<tokenext>I did set up SPF some time back , but was soon contacted by quite a few of my users ( I run the mail servers for our family with the family name as the domain ) contacted me and said that they could not send E-mails to some destinations .
The problem is that some ISPs demand that all outgoing mail go through their servers ( in a spam-prevention measure ) and my users therefore could not go directly through my servers .
I could try to update my SPF-records with these servers , but that would be one more thing to administer -- and the same goes for setting up VPN connections to my servers and use it that way through .
The latter also means more strain on my limited bandwidth.In view of the problems and of the ( so far ) limited benefit from SPF , I will not use it .</tokentext>
<sentencetext>I did set up SPF some time back, but was soon contacted by quite a few of my users (I run the mail servers for our family with the family name as the domain) contacted me and said that they could not send E-mails to some destinations.
The problem is that some ISPs demand that all outgoing mail go through their servers (in a spam-prevention measure) and my users therefore could not go directly through my servers.
I could try to update my SPF-records with these servers, but that would be one more thing to administer -- and the same goes for setting up VPN connections to my servers and use it that way through.
The latter also means more strain on my limited bandwidth.In view of the problems and of the (so far) limited benefit from SPF, I will not use it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482098</id>
	<title>Re:Use DomainKeys..</title>
	<author>Curmudgeonlyoldbloke</author>
	<datestamp>1261058820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>MSN/Hotmail's postmaster guidelines don't seem to mention DomainKeys, but do mention SPF:</p><p><a href="http://postmaster.hotmail.com/Guidelines.aspx" title="hotmail.com">http://postmaster.hotmail.com/Guidelines.aspx</a> [hotmail.com]</p><p>"4. Authenticate your outbound e-mail: Publish Sender Policy Framework (SPF) records"</p></htmltext>
<tokenext>MSN/Hotmail 's postmaster guidelines do n't seem to mention DomainKeys , but do mention SPF : http : //postmaster.hotmail.com/Guidelines.aspx [ hotmail.com ] " 4 .
Authenticate your outbound e-mail : Publish Sender Policy Framework ( SPF ) records "</tokentext>
<sentencetext>MSN/Hotmail's postmaster guidelines don't seem to mention DomainKeys, but do mention SPF:http://postmaster.hotmail.com/Guidelines.aspx [hotmail.com]"4.
Authenticate your outbound e-mail: Publish Sender Policy Framework (SPF) records"</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481584</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481594</id>
	<title>Re:No, and I won't</title>
	<author>Anonymous</author>
	<datestamp>1261056120000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>While that article raises valid points, I think it goes too far when saying "If you publish SPF records, you are going to be asking people to throw away genuine email which you did actually send." I am perfectly capable of limiting my mail-sending practices to be compatible with SPF, and I am not personally all that inconvenienced by people with misconfigured email systems trying to do both SPF and forwarding.<p>
Of course, people to whom email is just another way to make a quick buck may have different ideas.</p></htmltext>
<tokenext>While that article raises valid points , I think it goes too far when saying " If you publish SPF records , you are going to be asking people to throw away genuine email which you did actually send .
" I am perfectly capable of limiting my mail-sending practices to be compatible with SPF , and I am not personally all that inconvenienced by people with misconfigured email systems trying to do both SPF and forwarding .
Of course , people to whom email is just another way to make a quick buck may have different ideas .</tokentext>
<sentencetext>While that article raises valid points, I think it goes too far when saying "If you publish SPF records, you are going to be asking people to throw away genuine email which you did actually send.
" I am perfectly capable of limiting my mail-sending practices to be compatible with SPF, and I am not personally all that inconvenienced by people with misconfigured email systems trying to do both SPF and forwarding.
Of course, people to whom email is just another way to make a quick buck may have different ideas.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481600</id>
	<title>Re:No, and I won't</title>
	<author>Anonymous</author>
	<datestamp>1261056120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>All that and the author forgot the number one most important reason why SPF will never work:</p><blockquote><div><p>Sent by BlackBerry</p></div></blockquote></div>
	</htmltext>
<tokenext>All that and the author forgot the number one most important reason why SPF will never work : Sent by BlackBerry</tokentext>
<sentencetext>All that and the author forgot the number one most important reason why SPF will never work:Sent by BlackBerry
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30538118</id>
	<title>Yes, I have, and it cut down spam by 90+ \%.</title>
	<author>Doctor O</author>
	<datestamp>1259786820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>See subject. Nuff said.</p></htmltext>
<tokenext>See subject .
Nuff said .</tokentext>
<sentencetext>See subject.
Nuff said.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482340</id>
	<title>I've been using SPF for several years...</title>
	<author>dpilot</author>
	<datestamp>1261060440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>...in conjunction with my DynDNS vanity domain.  When I first set it up, there was a rush of backscatter, then it tapered off and went away, never to return.</p><p>More recently I've started having problems of a different sort.  I've been on a certain mailing list for over a year, though not posting very often.  Last week I posted to a thread, and got an SPF violation notice from what looks like AOL in Australia, on behalf of someone with 2 apparent domains, neither of which is AOL.  The violation notices seem to think that MY mail is originating from an AOL server, so the AOL server is generating an SPF fail.  These notices are being generated for only one list subscriber, for every time I post to the list.  It looks like a misconfigured AOL server (Would you expect anything else?) to me.  Still, that's one aspect of SPF and presumably DKIM - other peoples' misconfigured machines.</p></htmltext>
<tokenext>...in conjunction with my DynDNS vanity domain .
When I first set it up , there was a rush of backscatter , then it tapered off and went away , never to return.More recently I 've started having problems of a different sort .
I 've been on a certain mailing list for over a year , though not posting very often .
Last week I posted to a thread , and got an SPF violation notice from what looks like AOL in Australia , on behalf of someone with 2 apparent domains , neither of which is AOL .
The violation notices seem to think that MY mail is originating from an AOL server , so the AOL server is generating an SPF fail .
These notices are being generated for only one list subscriber , for every time I post to the list .
It looks like a misconfigured AOL server ( Would you expect anything else ?
) to me .
Still , that 's one aspect of SPF and presumably DKIM - other peoples ' misconfigured machines .</tokentext>
<sentencetext>...in conjunction with my DynDNS vanity domain.
When I first set it up, there was a rush of backscatter, then it tapered off and went away, never to return.More recently I've started having problems of a different sort.
I've been on a certain mailing list for over a year, though not posting very often.
Last week I posted to a thread, and got an SPF violation notice from what looks like AOL in Australia, on behalf of someone with 2 apparent domains, neither of which is AOL.
The violation notices seem to think that MY mail is originating from an AOL server, so the AOL server is generating an SPF fail.
These notices are being generated for only one list subscriber, for every time I post to the list.
It looks like a misconfigured AOL server (Would you expect anything else?
) to me.
Still, that's one aspect of SPF and presumably DKIM - other peoples' misconfigured machines.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482668</id>
	<title>Re:Yes.</title>
	<author>pclminion</author>
	<datestamp>1261062900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I communicate with the homeless by thought projection. I like to let them know that they can come over for steak and beer any time they want. I think these thoughts vigorously every night. I have yet to hear any homeless person tell me they are not receiving my messages.</htmltext>
<tokenext>I communicate with the homeless by thought projection .
I like to let them know that they can come over for steak and beer any time they want .
I think these thoughts vigorously every night .
I have yet to hear any homeless person tell me they are not receiving my messages .</tokentext>
<sentencetext>I communicate with the homeless by thought projection.
I like to let them know that they can come over for steak and beer any time they want.
I think these thoughts vigorously every night.
I have yet to hear any homeless person tell me they are not receiving my messages.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481468</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30485120</id>
	<title>Yay for SPF</title>
	<author>Anonymous</author>
	<datestamp>1261135440000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>We are a small business.  We're using a shared hosting service (quite big but still heavily abused).  We used to have a regular stream of calls from people not getting our emails.  We implemented SPF a year ago and have had no problems since.</p></htmltext>
<tokenext>We are a small business .
We 're using a shared hosting service ( quite big but still heavily abused ) .
We used to have a regular stream of calls from people not getting our emails .
We implemented SPF a year ago and have had no problems since .</tokentext>
<sentencetext>We are a small business.
We're using a shared hosting service (quite big but still heavily abused).
We used to have a regular stream of calls from people not getting our emails.
We implemented SPF a year ago and have had no problems since.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30509266</id>
	<title>SPF Almost Eliminates Backscatter</title>
	<author>herbierobinson</author>
	<datestamp>1261333140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I started using SPF because the backscatter from spammers forging my domain was getting to be 5-10 times more than the amount of spam I was getting.  The backscatter stopped almost completely and it stopped immediately.  Every once in a while I get a small burst of backscatter, but it doesn't last long.</p><p>I don't know this for sure, but I suspect that the spammers are checking for SPF before using a domain for forgeries.  It would make sense, because using a domain with SPF records for spam makes it possible for anybody to determine it's spam.  In particular, if any tier one suppliers are using SPF combined with mail volume to identify spam, they could spot the spam almost instantly -- no wait for complaints to come in.  In particular, the spam could be spotted quickly enough to shut down the sender.  It probably doesn't happen that much, but if one was sending spam, why would one forge a domain with an SPF record when there are so many others out there with no SPF record.</p></htmltext>
<tokenext>I started using SPF because the backscatter from spammers forging my domain was getting to be 5-10 times more than the amount of spam I was getting .
The backscatter stopped almost completely and it stopped immediately .
Every once in a while I get a small burst of backscatter , but it does n't last long.I do n't know this for sure , but I suspect that the spammers are checking for SPF before using a domain for forgeries .
It would make sense , because using a domain with SPF records for spam makes it possible for anybody to determine it 's spam .
In particular , if any tier one suppliers are using SPF combined with mail volume to identify spam , they could spot the spam almost instantly -- no wait for complaints to come in .
In particular , the spam could be spotted quickly enough to shut down the sender .
It probably does n't happen that much , but if one was sending spam , why would one forge a domain with an SPF record when there are so many others out there with no SPF record .</tokentext>
<sentencetext>I started using SPF because the backscatter from spammers forging my domain was getting to be 5-10 times more than the amount of spam I was getting.
The backscatter stopped almost completely and it stopped immediately.
Every once in a while I get a small burst of backscatter, but it doesn't last long.I don't know this for sure, but I suspect that the spammers are checking for SPF before using a domain for forgeries.
It would make sense, because using a domain with SPF records for spam makes it possible for anybody to determine it's spam.
In particular, if any tier one suppliers are using SPF combined with mail volume to identify spam, they could spot the spam almost instantly -- no wait for complaints to come in.
In particular, the spam could be spotted quickly enough to shut down the sender.
It probably doesn't happen that much, but if one was sending spam, why would one forge a domain with an SPF record when there are so many others out there with no SPF record.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481880</id>
	<title>Re:No, and I won't</title>
	<author>nsayer</author>
	<datestamp>1261057500000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>His protest is without teeth. If he really objects to the concept of SPF, then he should publish an SPF record of "?ALL". That way, people will know he's just not being apathetic.</p></htmltext>
<tokenext>His protest is without teeth .
If he really objects to the concept of SPF , then he should publish an SPF record of " ? ALL " .
That way , people will know he 's just not being apathetic .</tokentext>
<sentencetext>His protest is without teeth.
If he really objects to the concept of SPF, then he should publish an SPF record of "?ALL".
That way, people will know he's just not being apathetic.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482658</id>
	<title>Yes and it helps</title>
	<author>vvaduva</author>
	<datestamp>1261062840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I use them for all the domains I manage (maybe about 200+ domains) and forged spam has disappeared since.  It doesn't take that much time to set it up, so why not do it?</p></htmltext>
<tokenext>I use them for all the domains I manage ( maybe about 200 + domains ) and forged spam has disappeared since .
It does n't take that much time to set it up , so why not do it ?</tokentext>
<sentencetext>I use them for all the domains I manage (maybe about 200+ domains) and forged spam has disappeared since.
It doesn't take that much time to set it up, so why not do it?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30537620</id>
	<title>Re:No, and I won't</title>
	<author>plague3106</author>
	<datestamp>1259783760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Bull.  I have an email address, which I give to everyone.  The service I use to get the address provides NO STORAGE, it's only purpose is to forward mail to another address I specify.</p><p>This is very useful because I can give this address out, and not have to worry about changing who's hosting my mail.</p></htmltext>
<tokenext>Bull .
I have an email address , which I give to everyone .
The service I use to get the address provides NO STORAGE , it 's only purpose is to forward mail to another address I specify.This is very useful because I can give this address out , and not have to worry about changing who 's hosting my mail .</tokentext>
<sentencetext>Bull.
I have an email address, which I give to everyone.
The service I use to get the address provides NO STORAGE, it's only purpose is to forward mail to another address I specify.This is very useful because I can give this address out, and not have to worry about changing who's hosting my mail.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482456</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482888</id>
	<title>As postmaster for a large public university:</title>
	<author>Anonymous</author>
	<datestamp>1261064460000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>...No, we do not use or publish SPF records in any way. Spamassassin assigns a score of zero to the SPF\_PASS rule for incoming email.</p><p>Every 6-12 months or so, someone asks why. The reasons have not changed in the several years that I've been here:</p><p>* For a large, non-centralized research institution like ours, any SPF record we could conceivably come up with would have to be permissive to the point of rendering it useless. We have countless departments, nearly a hundred thousand users, and they all have their clients (both on and off campus) configured about a hundred different ways. Some relay through our servers, some through their ISPs (either by choice or due to a heavy-handed ISP filtering policy that restricts outbound SMTP on TCP/25 and/or TCP/587), some through departmental servers, some through sendmail running on their own workstations (damn you, CS faculty). The work necessary to construct, publish, and maintain an SPF record for our purposes has been deemed not worth the effort.</p><p>* SPF has been embraced widely by spammers, perhaps more so than legitimate institutions. This alone keeps us from assigning any stock to SPF records when making delivery decisions on our own incoming mail.</p><p>We have yet to encounter any notable issues getting our mail delivered to the "big boys" like Hotmail, Google, Yahoo, etc. based on our lack of SPF kool-aid consumption.</p></htmltext>
<tokenext>...No , we do not use or publish SPF records in any way .
Spamassassin assigns a score of zero to the SPF \ _PASS rule for incoming email.Every 6-12 months or so , someone asks why .
The reasons have not changed in the several years that I 've been here : * For a large , non-centralized research institution like ours , any SPF record we could conceivably come up with would have to be permissive to the point of rendering it useless .
We have countless departments , nearly a hundred thousand users , and they all have their clients ( both on and off campus ) configured about a hundred different ways .
Some relay through our servers , some through their ISPs ( either by choice or due to a heavy-handed ISP filtering policy that restricts outbound SMTP on TCP/25 and/or TCP/587 ) , some through departmental servers , some through sendmail running on their own workstations ( damn you , CS faculty ) .
The work necessary to construct , publish , and maintain an SPF record for our purposes has been deemed not worth the effort .
* SPF has been embraced widely by spammers , perhaps more so than legitimate institutions .
This alone keeps us from assigning any stock to SPF records when making delivery decisions on our own incoming mail.We have yet to encounter any notable issues getting our mail delivered to the " big boys " like Hotmail , Google , Yahoo , etc .
based on our lack of SPF kool-aid consumption .</tokentext>
<sentencetext>...No, we do not use or publish SPF records in any way.
Spamassassin assigns a score of zero to the SPF\_PASS rule for incoming email.Every 6-12 months or so, someone asks why.
The reasons have not changed in the several years that I've been here:* For a large, non-centralized research institution like ours, any SPF record we could conceivably come up with would have to be permissive to the point of rendering it useless.
We have countless departments, nearly a hundred thousand users, and they all have their clients (both on and off campus) configured about a hundred different ways.
Some relay through our servers, some through their ISPs (either by choice or due to a heavy-handed ISP filtering policy that restricts outbound SMTP on TCP/25 and/or TCP/587), some through departmental servers, some through sendmail running on their own workstations (damn you, CS faculty).
The work necessary to construct, publish, and maintain an SPF record for our purposes has been deemed not worth the effort.
* SPF has been embraced widely by spammers, perhaps more so than legitimate institutions.
This alone keeps us from assigning any stock to SPF records when making delivery decisions on our own incoming mail.We have yet to encounter any notable issues getting our mail delivered to the "big boys" like Hotmail, Google, Yahoo, etc.
based on our lack of SPF kool-aid consumption.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481746</id>
	<title>Yes</title>
	<author>Kevinv</author>
	<datestamp>1261056780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I use it on all my domains, and check it on all inbound mail.  I especially make sure i define no servers are valid for several domains I have that are web pages only, or use for throwaway e-mail addresses (i receive e-mail at that domain, never send from that domain.)</p><p>I do support a domain hosted on google apps and setting it up for that ends up with a less firm ~all option that allows bogus senders to slip through.</p><p>I can see SPF fails in my logs so it looks like many other domains are using it as well.</p></htmltext>
<tokenext>I use it on all my domains , and check it on all inbound mail .
I especially make sure i define no servers are valid for several domains I have that are web pages only , or use for throwaway e-mail addresses ( i receive e-mail at that domain , never send from that domain .
) I do support a domain hosted on google apps and setting it up for that ends up with a less firm ~ all option that allows bogus senders to slip through.I can see SPF fails in my logs so it looks like many other domains are using it as well .</tokentext>
<sentencetext>I use it on all my domains, and check it on all inbound mail.
I especially make sure i define no servers are valid for several domains I have that are web pages only, or use for throwaway e-mail addresses (i receive e-mail at that domain, never send from that domain.
)I do support a domain hosted on google apps and setting it up for that ends up with a less firm ~all option that allows bogus senders to slip through.I can see SPF fails in my logs so it looks like many other domains are using it as well.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481468</id>
	<title>Yes.</title>
	<author>Anonymous</author>
	<datestamp>1261055460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Yes, I use an SPF for my domain. No I don't have any idea how effective it is, because my SPF record is used by other people. I haven't had any complaints about people not getting my mails.</htmltext>
<tokenext>Yes , I use an SPF for my domain .
No I do n't have any idea how effective it is , because my SPF record is used by other people .
I have n't had any complaints about people not getting my mails .</tokentext>
<sentencetext>Yes, I use an SPF for my domain.
No I don't have any idea how effective it is, because my SPF record is used by other people.
I haven't had any complaints about people not getting my mails.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481684</id>
	<title>Some spam filters score on SPF</title>
	<author>kosmosik</author>
	<datestamp>1261056480000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>Some spam filters score on SPF. So not having SPF increases chance of false positives for your legitimate mail when you don't have SPF. And since SPF is free and painless to implement (just few DNS records) I don't see any reason not to use it. Also not like it is something that much significant either.</p></htmltext>
<tokenext>Some spam filters score on SPF .
So not having SPF increases chance of false positives for your legitimate mail when you do n't have SPF .
And since SPF is free and painless to implement ( just few DNS records ) I do n't see any reason not to use it .
Also not like it is something that much significant either .</tokentext>
<sentencetext>Some spam filters score on SPF.
So not having SPF increases chance of false positives for your legitimate mail when you don't have SPF.
And since SPF is free and painless to implement (just few DNS records) I don't see any reason not to use it.
Also not like it is something that much significant either.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481964</id>
	<title>Sometimes, sometimes not</title>
	<author>Anonymous</author>
	<datestamp>1261058040000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>1</modscore>
	<htmltext><p>In the summer I like to use SPF-15 or higher. In the winter it's pretty cloudy around here, so I don't bother.</p></htmltext>
<tokenext>In the summer I like to use SPF-15 or higher .
In the winter it 's pretty cloudy around here , so I do n't bother .</tokentext>
<sentencetext>In the summer I like to use SPF-15 or higher.
In the winter it's pretty cloudy around here, so I don't bother.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481692</id>
	<title>Bless me server, for I have sinned</title>
	<author>ndogg</author>
	<datestamp>1261056540000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p>It's been, umm, a very long time since I've been to confession.</p><p>It's true, I don't use SPF.  I've at least got the TXT line in my DNS hosts file.</p><p>But I'm using <a href="http://www.exim.org/" title="exim.org">exim</a> [exim.org], which only has <a href="http://wiki.exim.org/SPF" title="exim.org">experimental support</a> [exim.org], and I'm too afraid to use something experimental like that.</p><p>What should I do, server?</p></htmltext>
<tokenext>It 's been , umm , a very long time since I 've been to confession.It 's true , I do n't use SPF .
I 've at least got the TXT line in my DNS hosts file.But I 'm using exim [ exim.org ] , which only has experimental support [ exim.org ] , and I 'm too afraid to use something experimental like that.What should I do , server ?</tokentext>
<sentencetext>It's been, umm, a very long time since I've been to confession.It's true, I don't use SPF.
I've at least got the TXT line in my DNS hosts file.But I'm using exim [exim.org], which only has experimental support [exim.org], and I'm too afraid to use something experimental like that.What should I do, server?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484990</id>
	<title>No</title>
	<author>Anonymous</author>
	<datestamp>1261133340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I tried to implement SPF for our clients not long after the spec was released, but found two problems with it:</p><p>* Most of our clients send e-mail through their ISP's MXs. Most of the ISPs wouldn't provide an SPF record with a list of all their outbound MXs that I could refer to.<br>* Even when I was able to set it up because the ISP was cooperative, the client often ended up complaining that messages they sent to mailing lists were being rejected.</p><p>Because of these two problems I wrote the system off as useless.  The first is an administrative hassle that I cold do without, but the second produces false positive swhich is an absolute fail, IMO.</p></htmltext>
<tokenext>I tried to implement SPF for our clients not long after the spec was released , but found two problems with it : * Most of our clients send e-mail through their ISP 's MXs .
Most of the ISPs would n't provide an SPF record with a list of all their outbound MXs that I could refer to .
* Even when I was able to set it up because the ISP was cooperative , the client often ended up complaining that messages they sent to mailing lists were being rejected.Because of these two problems I wrote the system off as useless .
The first is an administrative hassle that I cold do without , but the second produces false positive swhich is an absolute fail , IMO .</tokentext>
<sentencetext>I tried to implement SPF for our clients not long after the spec was released, but found two problems with it:* Most of our clients send e-mail through their ISP's MXs.
Most of the ISPs wouldn't provide an SPF record with a list of all their outbound MXs that I could refer to.
* Even when I was able to set it up because the ISP was cooperative, the client often ended up complaining that messages they sent to mailing lists were being rejected.Because of these two problems I wrote the system off as useless.
The first is an administrative hassle that I cold do without, but the second produces false positive swhich is an absolute fail, IMO.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481624</id>
	<title>Yes</title>
	<author>S-100</author>
	<datestamp>1261056240000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>Yes, I used SPF records on all the domains that I host that have email accounts.  SPF records I believe have cut way down on backscatter.  Before SPF, accounts would get dozens to hundreds of bounces when their email address was forged as the reply-to address in spam.  Now the backscatter is almost completely gone.<br> <br>But I can tell that Hotmail still ignores SPF since almost all the backscatter that still comes through is from Hotmail.  They should know better.<br> <br>Having valid SPF records also helps outgoing mail get through.  I would frequently have to deal with large ISPs that would flag my mail or my domain as a spam source, based on their misinterpretation of forged headers.  But since I have SPF records in place, this has not happened.

I also check incoming SPF.  If the SPF check fails, the mail is dumped.  If SPF passes or there's no SPF, it goes through.  Works great as one step in spam control.</htmltext>
<tokenext>Yes , I used SPF records on all the domains that I host that have email accounts .
SPF records I believe have cut way down on backscatter .
Before SPF , accounts would get dozens to hundreds of bounces when their email address was forged as the reply-to address in spam .
Now the backscatter is almost completely gone .
But I can tell that Hotmail still ignores SPF since almost all the backscatter that still comes through is from Hotmail .
They should know better .
Having valid SPF records also helps outgoing mail get through .
I would frequently have to deal with large ISPs that would flag my mail or my domain as a spam source , based on their misinterpretation of forged headers .
But since I have SPF records in place , this has not happened .
I also check incoming SPF .
If the SPF check fails , the mail is dumped .
If SPF passes or there 's no SPF , it goes through .
Works great as one step in spam control .</tokentext>
<sentencetext>Yes, I used SPF records on all the domains that I host that have email accounts.
SPF records I believe have cut way down on backscatter.
Before SPF, accounts would get dozens to hundreds of bounces when their email address was forged as the reply-to address in spam.
Now the backscatter is almost completely gone.
But I can tell that Hotmail still ignores SPF since almost all the backscatter that still comes through is from Hotmail.
They should know better.
Having valid SPF records also helps outgoing mail get through.
I would frequently have to deal with large ISPs that would flag my mail or my domain as a spam source, based on their misinterpretation of forged headers.
But since I have SPF records in place, this has not happened.
I also check incoming SPF.
If the SPF check fails, the mail is dumped.
If SPF passes or there's no SPF, it goes through.
Works great as one step in spam control.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482336</id>
	<title>Yes &amp; Yes</title>
	<author>Iphtashu Fitz</author>
	<datestamp>1261060380000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>Yes, I use SPF to identify the MX's of three domains I own, and Yes I use SPF as one of the things SpamAssassin uses for identifying spam.  Granted these domains are tiny in the grand scheme of things (one is for family, one for some shareware I wrote, and one for a non-profit my brother is involved in), but it definitely helps.  I wrote a script that sends me monthly stats of spam, and here are the results for the last month:</p><p>sa score : 1       messages<nobr> <wbr></nobr>:299<br>sa score : 2       messages<nobr> <wbr></nobr>:194<br>sa score : 3       messages<nobr> <wbr></nobr>:235<br>sa score : 4       messages<nobr> <wbr></nobr>:299<br>sa score : 5       messages<nobr> <wbr></nobr>:477<br>sa score : 6       messages<nobr> <wbr></nobr>:597<br>sa score &gt; 10       messages :  31678<br>highest sa score = 57</p><p>total probable spam (sa score of 5 or more) : 32752<br>total spam blocked outright by sa  : 37110</p><p>e-mail blocked via SPF : 3007<br>Unique IP's that passed SPF check : 1389</p><p>We only block spam if the SpamAssassin score is above 10, but we tag anything above 5 as spam so the end users can decide what to do with it.  As far as SPF goes, in the last month over 3000 bogus e-mails were dropped due to SPF failures, and 1389 other e-mails that were accepted were approved in part because the domains had SPF records that passed the check.</p></htmltext>
<tokenext>Yes , I use SPF to identify the MX 's of three domains I own , and Yes I use SPF as one of the things SpamAssassin uses for identifying spam .
Granted these domains are tiny in the grand scheme of things ( one is for family , one for some shareware I wrote , and one for a non-profit my brother is involved in ) , but it definitely helps .
I wrote a script that sends me monthly stats of spam , and here are the results for the last month : sa score : 1 messages : 299sa score : 2 messages : 194sa score : 3 messages : 235sa score : 4 messages : 299sa score : 5 messages : 477sa score : 6 messages : 597sa score &gt; 10 messages : 31678highest sa score = 57total probable spam ( sa score of 5 or more ) : 32752total spam blocked outright by sa : 37110e-mail blocked via SPF : 3007Unique IP 's that passed SPF check : 1389We only block spam if the SpamAssassin score is above 10 , but we tag anything above 5 as spam so the end users can decide what to do with it .
As far as SPF goes , in the last month over 3000 bogus e-mails were dropped due to SPF failures , and 1389 other e-mails that were accepted were approved in part because the domains had SPF records that passed the check .</tokentext>
<sentencetext>Yes, I use SPF to identify the MX's of three domains I own, and Yes I use SPF as one of the things SpamAssassin uses for identifying spam.
Granted these domains are tiny in the grand scheme of things (one is for family, one for some shareware I wrote, and one for a non-profit my brother is involved in), but it definitely helps.
I wrote a script that sends me monthly stats of spam, and here are the results for the last month:sa score : 1       messages :299sa score : 2       messages :194sa score : 3       messages :235sa score : 4       messages :299sa score : 5       messages :477sa score : 6       messages :597sa score &gt; 10       messages :  31678highest sa score = 57total probable spam (sa score of 5 or more) : 32752total spam blocked outright by sa  : 37110e-mail blocked via SPF : 3007Unique IP's that passed SPF check : 1389We only block spam if the SpamAssassin score is above 10, but we tag anything above 5 as spam so the end users can decide what to do with it.
As far as SPF goes, in the last month over 3000 bogus e-mails were dropped due to SPF failures, and 1389 other e-mails that were accepted were approved in part because the domains had SPF records that passed the check.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30488580</id>
	<title>Re:Yes</title>
	<author>Degrees</author>
	<datestamp>1261157400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Seconded.  After putting in my SPF records, the amount of backscatter dropped a huge amount.  Presumably the rest of the world got a little better too, as they could tell who the forgers are.</p></htmltext>
<tokenext>Seconded .
After putting in my SPF records , the amount of backscatter dropped a huge amount .
Presumably the rest of the world got a little better too , as they could tell who the forgers are .</tokentext>
<sentencetext>Seconded.
After putting in my SPF records, the amount of backscatter dropped a huge amount.
Presumably the rest of the world got a little better too, as they could tell who the forgers are.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481624</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482214</id>
	<title>Re:I use them</title>
	<author>digitalchinky</author>
	<datestamp>1261059540000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>Not just to add a 'me too' but I recently removed SPF completely - mostly because other people couldn't get their entries correct, or just completely failed to update it when they add in extra servers. Legitimate messages were hitting our spam folders. Since I can't train our fine worker drones to actually look in their spam, I opted just to remove it. With greylisting and spamassassin its removal hasn't made any noticeable difference aside from the false positives now being delivered properly.</p></htmltext>
<tokenext>Not just to add a 'me too ' but I recently removed SPF completely - mostly because other people could n't get their entries correct , or just completely failed to update it when they add in extra servers .
Legitimate messages were hitting our spam folders .
Since I ca n't train our fine worker drones to actually look in their spam , I opted just to remove it .
With greylisting and spamassassin its removal has n't made any noticeable difference aside from the false positives now being delivered properly .</tokentext>
<sentencetext>Not just to add a 'me too' but I recently removed SPF completely - mostly because other people couldn't get their entries correct, or just completely failed to update it when they add in extra servers.
Legitimate messages were hitting our spam folders.
Since I can't train our fine worker drones to actually look in their spam, I opted just to remove it.
With greylisting and spamassassin its removal hasn't made any noticeable difference aside from the false positives now being delivered properly.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481476</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484646</id>
	<title>Re:I use them</title>
	<author>Anonymous</author>
	<datestamp>1261129680000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The only difference I see is no more bounced mail from yahoo using fake accounts from my mailserver.<br>This alone was worth it.</p></htmltext>
<tokenext>The only difference I see is no more bounced mail from yahoo using fake accounts from my mailserver.This alone was worth it .</tokentext>
<sentencetext>The only difference I see is no more bounced mail from yahoo using fake accounts from my mailserver.This alone was worth it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481476</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483758</id>
	<title>Re:Use DomainKeys..</title>
	<author>danomac</author>
	<datestamp>1261072920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Yahoo, Gmail, MSN/Hotmail, and AOL pretty much require that you have DomainKeys implemented if you want to email their users</p></div></blockquote><p>

I send mail to these services without DomainKeys. In fact, we started getting bounces from them saying we don't have a SPF record for our domain. I've added one for our domain and haven't had any issues since.</p></div>
	</htmltext>
<tokenext>Yahoo , Gmail , MSN/Hotmail , and AOL pretty much require that you have DomainKeys implemented if you want to email their users I send mail to these services without DomainKeys .
In fact , we started getting bounces from them saying we do n't have a SPF record for our domain .
I 've added one for our domain and have n't had any issues since .</tokentext>
<sentencetext>Yahoo, Gmail, MSN/Hotmail, and AOL pretty much require that you have DomainKeys implemented if you want to email their users

I send mail to these services without DomainKeys.
In fact, we started getting bounces from them saying we don't have a SPF record for our domain.
I've added one for our domain and haven't had any issues since.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481584</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482936</id>
	<title>Screw SPF and the admins who use it</title>
	<author>synthesizerpatel</author>
	<datestamp>1261064760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The only times I've come across SPF servers it's been an employee at my company asking why they got an email from a foreign server 'warning' them that because \_we\_ don't use SPF there's something wrong with \_our\_ email system.</p><p>1. If everyone isn't using it, it's not a standard.</p><p>2. Soft-warnings to uneducated people result in busy-work for IT people. Worse yet, try explaining to a marketing person that no, in fact, OUR email system works fine, it's the remote guy's server that's got the issue.</p><p>SPF is a good idea in theory and if everyone used it (and it worked properly) it'd be great. But we don't and I won't be switching until a real solution is available that gets adopted by everyone. Sorry folks, email isn't going to be changing drastically any time soon.</p><p>If we were smart we'd set everyone to be white-list email only, if an email bounces the sender is told to call you on the phone and get a whitelist one-time-code to get added to your list. Everything else is just going to be statistical attempts at solving this problem which will never be 100\% correct. Either spam gets through or important email gets lost.</p></htmltext>
<tokenext>The only times I 've come across SPF servers it 's been an employee at my company asking why they got an email from a foreign server 'warning ' them that because \ _we \ _ do n't use SPF there 's something wrong with \ _our \ _ email system.1 .
If everyone is n't using it , it 's not a standard.2 .
Soft-warnings to uneducated people result in busy-work for IT people .
Worse yet , try explaining to a marketing person that no , in fact , OUR email system works fine , it 's the remote guy 's server that 's got the issue.SPF is a good idea in theory and if everyone used it ( and it worked properly ) it 'd be great .
But we do n't and I wo n't be switching until a real solution is available that gets adopted by everyone .
Sorry folks , email is n't going to be changing drastically any time soon.If we were smart we 'd set everyone to be white-list email only , if an email bounces the sender is told to call you on the phone and get a whitelist one-time-code to get added to your list .
Everything else is just going to be statistical attempts at solving this problem which will never be 100 \ % correct .
Either spam gets through or important email gets lost .</tokentext>
<sentencetext>The only times I've come across SPF servers it's been an employee at my company asking why they got an email from a foreign server 'warning' them that because \_we\_ don't use SPF there's something wrong with \_our\_ email system.1.
If everyone isn't using it, it's not a standard.2.
Soft-warnings to uneducated people result in busy-work for IT people.
Worse yet, try explaining to a marketing person that no, in fact, OUR email system works fine, it's the remote guy's server that's got the issue.SPF is a good idea in theory and if everyone used it (and it worked properly) it'd be great.
But we don't and I won't be switching until a real solution is available that gets adopted by everyone.
Sorry folks, email isn't going to be changing drastically any time soon.If we were smart we'd set everyone to be white-list email only, if an email bounces the sender is told to call you on the phone and get a whitelist one-time-code to get added to your list.
Everything else is just going to be statistical attempts at solving this problem which will never be 100\% correct.
Either spam gets through or important email gets lost.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482878</id>
	<title>Re:SPF is usless</title>
	<author>Anonymous</author>
	<datestamp>1261064340000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><blockquote><div><p>Its not helpful in reducing SPAM</p></div></blockquote><p>Not true, it prevents domains being forged by spammers and hence reduces backscatter.  That's a win for anybody who's ever been hit with 10s of thousands of messages over a short space of time.</p><blockquote><div><p>Its not good as an anti spoofing technique in general because there are lots of ways you could make it look like you were sending from the correct host.</p></div></blockquote><p>Err, no.  SSL and signed email can be just as easily subverted if you're talking about poisoning DNS and publishing falsified routes.  1 cert authority without proper checks or MITM and you're done.  For criminals going to that much trouble, bank accounts are a more attractive target than forging email.</p><blockquote><div><p>A public private key scheme on the message bodies would, be much much more secure, and reliable for the anti spoof use.</p></div></blockquote><p>I, sometimes, use, one, you, may, have, heard, of, it's called PGP.  SPF promised and delivered rejects at SMTP time, before DATA.</p><blockquote><div><p>Sometimes you want to temporarily run your mail out a different IP or relay from another domain, and if you used SPF and your recipients have the dns record cached you are kinda screwed if you need to do anything in a hurry.</p></div></blockquote><p>Sometimes you want to come up with a valid argument but find the best you can do is foolish, contrived hypothesis.  Most admins anticipate having to move a mailserver and set a reasonable TTL on their DNS records.</p><blockquote><div><p>SPF is an infective solution at best and really amounts to needless complexity which can only cause problems at worst.</p></div></blockquote><p>I've been publishing -all and checking SPF since 2004 on multiple low-mid valume domains.  7-8 issues in all that time.  I had more problems trying to upgrade to GPG 2 before finally reverting back to 1.x.</p><blockquote><div><p>The SPAM and tamper issues are both better solved with message signing.</p></div></blockquote><p>Maybe but I want to reject spam at SMTP time, accepting entire messages by the thousand is fucking pointless.  SPF has it's place, nobody is saying you have to like it.</p></div>
	</htmltext>
<tokenext>Its not helpful in reducing SPAMNot true , it prevents domains being forged by spammers and hence reduces backscatter .
That 's a win for anybody who 's ever been hit with 10s of thousands of messages over a short space of time.Its not good as an anti spoofing technique in general because there are lots of ways you could make it look like you were sending from the correct host.Err , no .
SSL and signed email can be just as easily subverted if you 're talking about poisoning DNS and publishing falsified routes .
1 cert authority without proper checks or MITM and you 're done .
For criminals going to that much trouble , bank accounts are a more attractive target than forging email.A public private key scheme on the message bodies would , be much much more secure , and reliable for the anti spoof use.I , sometimes , use , one , you , may , have , heard , of , it 's called PGP .
SPF promised and delivered rejects at SMTP time , before DATA.Sometimes you want to temporarily run your mail out a different IP or relay from another domain , and if you used SPF and your recipients have the dns record cached you are kinda screwed if you need to do anything in a hurry.Sometimes you want to come up with a valid argument but find the best you can do is foolish , contrived hypothesis .
Most admins anticipate having to move a mailserver and set a reasonable TTL on their DNS records.SPF is an infective solution at best and really amounts to needless complexity which can only cause problems at worst.I 've been publishing -all and checking SPF since 2004 on multiple low-mid valume domains .
7-8 issues in all that time .
I had more problems trying to upgrade to GPG 2 before finally reverting back to 1.x.The SPAM and tamper issues are both better solved with message signing.Maybe but I want to reject spam at SMTP time , accepting entire messages by the thousand is fucking pointless .
SPF has it 's place , nobody is saying you have to like it .</tokentext>
<sentencetext>Its not helpful in reducing SPAMNot true, it prevents domains being forged by spammers and hence reduces backscatter.
That's a win for anybody who's ever been hit with 10s of thousands of messages over a short space of time.Its not good as an anti spoofing technique in general because there are lots of ways you could make it look like you were sending from the correct host.Err, no.
SSL and signed email can be just as easily subverted if you're talking about poisoning DNS and publishing falsified routes.
1 cert authority without proper checks or MITM and you're done.
For criminals going to that much trouble, bank accounts are a more attractive target than forging email.A public private key scheme on the message bodies would, be much much more secure, and reliable for the anti spoof use.I, sometimes, use, one, you, may, have, heard, of, it's called PGP.
SPF promised and delivered rejects at SMTP time, before DATA.Sometimes you want to temporarily run your mail out a different IP or relay from another domain, and if you used SPF and your recipients have the dns record cached you are kinda screwed if you need to do anything in a hurry.Sometimes you want to come up with a valid argument but find the best you can do is foolish, contrived hypothesis.
Most admins anticipate having to move a mailserver and set a reasonable TTL on their DNS records.SPF is an infective solution at best and really amounts to needless complexity which can only cause problems at worst.I've been publishing -all and checking SPF since 2004 on multiple low-mid valume domains.
7-8 issues in all that time.
I had more problems trying to upgrade to GPG 2 before finally reverting back to 1.x.The SPAM and tamper issues are both better solved with message signing.Maybe but I want to reject spam at SMTP time, accepting entire messages by the thousand is fucking pointless.
SPF has it's place, nobody is saying you have to like it.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481730</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483034</id>
	<title>Outgoing Mail Gets Spammed</title>
	<author>Torrance</author>
	<datestamp>1261065840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I've just today been reading up on SPF records. My problem is that mail coming from a new server we've set up is being spammed by Big Mail (Gmail, Hotmail, etc.).</p><p>The server has a primary domain (domain.com) but many other domains are hosted on it too (eg. mine.com). When I try to send mail with the from field set to me@mine.com (as opposed to me@domain.com) it gets spammed.</p><p>We're not on any blacklists, the A records for mine.com point to domain.com as do the MX records, domain.com has PTR records, and I've just put in a SPF record for mine.com.</p><p>So far no luck. Sigh.</p></htmltext>
<tokenext>I 've just today been reading up on SPF records .
My problem is that mail coming from a new server we 've set up is being spammed by Big Mail ( Gmail , Hotmail , etc .
) .The server has a primary domain ( domain.com ) but many other domains are hosted on it too ( eg .
mine.com ) . When I try to send mail with the from field set to me @ mine.com ( as opposed to me @ domain.com ) it gets spammed.We 're not on any blacklists , the A records for mine.com point to domain.com as do the MX records , domain.com has PTR records , and I 've just put in a SPF record for mine.com.So far no luck .
Sigh .</tokentext>
<sentencetext>I've just today been reading up on SPF records.
My problem is that mail coming from a new server we've set up is being spammed by Big Mail (Gmail, Hotmail, etc.
).The server has a primary domain (domain.com) but many other domains are hosted on it too (eg.
mine.com). When I try to send mail with the from field set to me@mine.com (as opposed to me@domain.com) it gets spammed.We're not on any blacklists, the A records for mine.com point to domain.com as do the MX records, domain.com has PTR records, and I've just put in a SPF record for mine.com.So far no luck.
Sigh.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482116</id>
	<title>Yes! Prevents forged Froms</title>
	<author>bziman</author>
	<datestamp>1261059000000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>SPF is great. It's one of the technical means of making sure that the IP address that is trying to send you a message is authorized to use the sender that it claims to be from.  That means you can automatically reject spam that claims to be from any of the big mailers.
</p><p>
One common problem right now, is misconfigured mail servers.  An e-mail admin configures the SPF entry in DNS, and then forgets about it.  Then they change their IP address, or they outsource their e-mail to a third party, and suddenly, SPF is saying that all of their legit mail is not legit.  The other problem is when a company has (for example) an order fulfillment system that generates its own e-mails, instead of routing them through the proper mail server.  If that system isn't identified in the SPF entry, those messages can be rejected.
</p><p>
Another "problem" is when organizations send messages on behalf of other individuals or organizations (like the legit message that avon.com tried to send me this morning that was being generated by filltek.com, but without the permission of avon.com's SPF entry).  I put "problem" in quotes, because really, third party messaging services should not forge the From line of the message.
</p><p>
On the other hand, it's great, in that it blocks all those stupid e-cards, because they claim to be from your.friend@gmail.com, when really they're being sent by stupid-e-card.com.
</p><p>
The biggest problem is dealing with "forwarding" services, like your @acm.org e-mail address.  On my server, I have to keep a list of domains that "bypass" SPF checks, because any message sent to a forwarded address is going to arrive at your mail server from the forwarded (i.e. mail.acm.org), but it's going to have the header information associated with the original message.  OpenSPF.org talks about some ways to deal with this, but I haven't look at it in a while.
</p><p>
Since SPF is still not universally accepted, it has a "soft fail" option that you can use for testing, until you're sure that it works the way you want it to.  It's not the be-all-and-end-all, but it is a useful piece of the puzzle.
</p></htmltext>
<tokenext>SPF is great .
It 's one of the technical means of making sure that the IP address that is trying to send you a message is authorized to use the sender that it claims to be from .
That means you can automatically reject spam that claims to be from any of the big mailers .
One common problem right now , is misconfigured mail servers .
An e-mail admin configures the SPF entry in DNS , and then forgets about it .
Then they change their IP address , or they outsource their e-mail to a third party , and suddenly , SPF is saying that all of their legit mail is not legit .
The other problem is when a company has ( for example ) an order fulfillment system that generates its own e-mails , instead of routing them through the proper mail server .
If that system is n't identified in the SPF entry , those messages can be rejected .
Another " problem " is when organizations send messages on behalf of other individuals or organizations ( like the legit message that avon.com tried to send me this morning that was being generated by filltek.com , but without the permission of avon.com 's SPF entry ) .
I put " problem " in quotes , because really , third party messaging services should not forge the From line of the message .
On the other hand , it 's great , in that it blocks all those stupid e-cards , because they claim to be from your.friend @ gmail.com , when really they 're being sent by stupid-e-card.com .
The biggest problem is dealing with " forwarding " services , like your @ acm.org e-mail address .
On my server , I have to keep a list of domains that " bypass " SPF checks , because any message sent to a forwarded address is going to arrive at your mail server from the forwarded ( i.e .
mail.acm.org ) , but it 's going to have the header information associated with the original message .
OpenSPF.org talks about some ways to deal with this , but I have n't look at it in a while .
Since SPF is still not universally accepted , it has a " soft fail " option that you can use for testing , until you 're sure that it works the way you want it to .
It 's not the be-all-and-end-all , but it is a useful piece of the puzzle .</tokentext>
<sentencetext>SPF is great.
It's one of the technical means of making sure that the IP address that is trying to send you a message is authorized to use the sender that it claims to be from.
That means you can automatically reject spam that claims to be from any of the big mailers.
One common problem right now, is misconfigured mail servers.
An e-mail admin configures the SPF entry in DNS, and then forgets about it.
Then they change their IP address, or they outsource their e-mail to a third party, and suddenly, SPF is saying that all of their legit mail is not legit.
The other problem is when a company has (for example) an order fulfillment system that generates its own e-mails, instead of routing them through the proper mail server.
If that system isn't identified in the SPF entry, those messages can be rejected.
Another "problem" is when organizations send messages on behalf of other individuals or organizations (like the legit message that avon.com tried to send me this morning that was being generated by filltek.com, but without the permission of avon.com's SPF entry).
I put "problem" in quotes, because really, third party messaging services should not forge the From line of the message.
On the other hand, it's great, in that it blocks all those stupid e-cards, because they claim to be from your.friend@gmail.com, when really they're being sent by stupid-e-card.com.
The biggest problem is dealing with "forwarding" services, like your @acm.org e-mail address.
On my server, I have to keep a list of domains that "bypass" SPF checks, because any message sent to a forwarded address is going to arrive at your mail server from the forwarded (i.e.
mail.acm.org), but it's going to have the header information associated with the original message.
OpenSPF.org talks about some ways to deal with this, but I haven't look at it in a while.
Since SPF is still not universally accepted, it has a "soft fail" option that you can use for testing, until you're sure that it works the way you want it to.
It's not the be-all-and-end-all, but it is a useful piece of the puzzle.
</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482170</id>
	<title>Now to get sites to read the SPF records.</title>
	<author>Animats</author>
	<datestamp>1261059300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
I have strict "-all" SPF records on all my web sites.  But I still get mail bounces from joe-jobs that the recipient host should have rejected during the SMTP session from the spammer.</p></htmltext>
<tokenext>I have strict " -all " SPF records on all my web sites .
But I still get mail bounces from joe-jobs that the recipient host should have rejected during the SMTP session from the spammer .</tokentext>
<sentencetext>
I have strict "-all" SPF records on all my web sites.
But I still get mail bounces from joe-jobs that the recipient host should have rejected during the SMTP session from the spammer.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482316</id>
	<title>It's caused us some problems.</title>
	<author>Fross</author>
	<datestamp>1261060320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I work for an organisation that has a private email system (private as in hardware, network lines).  SPF works fine on that, though is also redundant. However, the network is accessible to other networks (ie the internet, as in, people can send mail to regular mail addresses, and vice versa), and SPF breaks here.</p><p>Due to the jump to the network, the "sender" is always the provider who handles said connectivity, where our area of the private network touches the internet.  Thus we've had to completely disable SPF as it always comes back with negative results.</p><p>A good idea in principle, but fails when the two mail servers cannot immediately talk to one another.  You'd need something like a validation chain to allow that scenario to work.</p></htmltext>
<tokenext>I work for an organisation that has a private email system ( private as in hardware , network lines ) .
SPF works fine on that , though is also redundant .
However , the network is accessible to other networks ( ie the internet , as in , people can send mail to regular mail addresses , and vice versa ) , and SPF breaks here.Due to the jump to the network , the " sender " is always the provider who handles said connectivity , where our area of the private network touches the internet .
Thus we 've had to completely disable SPF as it always comes back with negative results.A good idea in principle , but fails when the two mail servers can not immediately talk to one another .
You 'd need something like a validation chain to allow that scenario to work .</tokentext>
<sentencetext>I work for an organisation that has a private email system (private as in hardware, network lines).
SPF works fine on that, though is also redundant.
However, the network is accessible to other networks (ie the internet, as in, people can send mail to regular mail addresses, and vice versa), and SPF breaks here.Due to the jump to the network, the "sender" is always the provider who handles said connectivity, where our area of the private network touches the internet.
Thus we've had to completely disable SPF as it always comes back with negative results.A good idea in principle, but fails when the two mail servers cannot immediately talk to one another.
You'd need something like a validation chain to allow that scenario to work.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30486190</id>
	<title>use public key infrastructure</title>
	<author>viralMeme</author>
	<datestamp>1261146900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Use Public key infrastructure, register an email with a public directory. If the email sent from that address doesn't match the digital signature, then reject it - case closed<nobr> <wbr></nobr>...</htmltext>
<tokenext>Use Public key infrastructure , register an email with a public directory .
If the email sent from that address does n't match the digital signature , then reject it - case closed .. .</tokentext>
<sentencetext>Use Public key infrastructure, register an email with a public directory.
If the email sent from that address doesn't match the digital signature, then reject it - case closed ...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482026</id>
	<title>Yes</title>
	<author>cybersquid</author>
	<datestamp>1261058400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I do use it on the handful of domains I admin.</htmltext>
<tokenext>I do use it on the handful of domains I admin .</tokentext>
<sentencetext>I do use it on the handful of domains I admin.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30485306</id>
	<title>Re:No, and I won't</title>
	<author>Anonymous</author>
	<datestamp>1261138260000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Dumbass</p></htmltext>
<tokenext>Dumbass</tokentext>
<sentencetext>Dumbass</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30485722</id>
	<title>Microsoft?  No Thanks.</title>
	<author>Anonymous</author>
	<datestamp>1261143480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>No Thanks, M$.</p></htmltext>
<tokenext>No Thanks , M $ .</tokentext>
<sentencetext>No Thanks, M$.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482756</id>
	<title>Only once ...</title>
	<author>Tux2000</author>
	<datestamp>1261063440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>... in my last job, we had a lot of clients using Microsofts mail services. M$ gave you basically two choices: Implement SPF or have your mails delivered to the spam folder or refused. So, we made our DNS provider add SPF records and the problem was gone.</p><p>Tux2000</p></htmltext>
<tokenext>... in my last job , we had a lot of clients using Microsofts mail services .
M $ gave you basically two choices : Implement SPF or have your mails delivered to the spam folder or refused .
So , we made our DNS provider add SPF records and the problem was gone.Tux2000</tokentext>
<sentencetext>... in my last job, we had a lot of clients using Microsofts mail services.
M$ gave you basically two choices: Implement SPF or have your mails delivered to the spam folder or refused.
So, we made our DNS provider add SPF records and the problem was gone.Tux2000</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483210</id>
	<title>a bit</title>
	<author>Matthew Weigel</author>
	<datestamp>1261067220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I use greylisting to reduce spam volume, and I whitelist outgoing mail servers for domains that a) have trouble with greylisting and b) publish SPF records. In other words, I use SPF given existing trust for a particular domain, but only if not relying on SPF causes problems. I thought I hadn't set up SPF records for my own (vanity) domains, but apparently I have... not that I particularly notice. It's just not a big deal.</p></htmltext>
<tokenext>I use greylisting to reduce spam volume , and I whitelist outgoing mail servers for domains that a ) have trouble with greylisting and b ) publish SPF records .
In other words , I use SPF given existing trust for a particular domain , but only if not relying on SPF causes problems .
I thought I had n't set up SPF records for my own ( vanity ) domains , but apparently I have... not that I particularly notice .
It 's just not a big deal .</tokentext>
<sentencetext>I use greylisting to reduce spam volume, and I whitelist outgoing mail servers for domains that a) have trouble with greylisting and b) publish SPF records.
In other words, I use SPF given existing trust for a particular domain, but only if not relying on SPF causes problems.
I thought I hadn't set up SPF records for my own (vanity) domains, but apparently I have... not that I particularly notice.
It's just not a big deal.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482456</id>
	<title>Re:No, and I won't</title>
	<author>Albanach</author>
	<datestamp>1261061280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>So the argument is that because you can't forward mail, SPF is broken.</p><p>Forwarding mail is almost entirely  unnecessary. Every major webmail provider allows you to get mail from third party accounts via POP3/IMAP. Rather than forward mail just fetch it like any other client. It doesn't need anything to be upgraded, works reliably and allows you to use SPF verifying the hosts permitted to send mail from your domain.</p></htmltext>
<tokenext>So the argument is that because you ca n't forward mail , SPF is broken.Forwarding mail is almost entirely unnecessary .
Every major webmail provider allows you to get mail from third party accounts via POP3/IMAP .
Rather than forward mail just fetch it like any other client .
It does n't need anything to be upgraded , works reliably and allows you to use SPF verifying the hosts permitted to send mail from your domain .</tokentext>
<sentencetext>So the argument is that because you can't forward mail, SPF is broken.Forwarding mail is almost entirely  unnecessary.
Every major webmail provider allows you to get mail from third party accounts via POP3/IMAP.
Rather than forward mail just fetch it like any other client.
It doesn't need anything to be upgraded, works reliably and allows you to use SPF verifying the hosts permitted to send mail from your domain.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483300</id>
	<title>SPF is good stuff.</title>
	<author>jafo</author>
	<datestamp>1261068120000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>SPF is not an anti-spam measure, it's about preventing hijacking of domains.  People often seem to say "but spammers publish SPF records", and that is true, but it doesn't mean that SPF is not effective.<br><br>SPF allows me to publish information about what systems will legitimately send e-mail using that domain.  It also allows me to act on that information published by other third parties.<br><br>What this means is that I have to deal with dramatically less backscatter spam.  Since implementing SPF, I have not woken up to find 100,000 messages in my box that were bounces or outraged replies to spam sent by someone else.  Back in 1995 that exact issue happened to me, and to a lesser degree it happened regularly until SPF.<br><br>There are, of course, some difficulties with SPF, but despite those I have chosen to use and advocate SPF.<br><br>You do have to deal with legitimate third-parties sending mail from your domain.  We use an outsourced accounting package and have had to include their servers in our SPF records.  No big deal.<br><br>As a recipient, if you have one account forwarding to another, and the destination account implements SPF, then you either need to white-list the forwarding machine(s), or you need to implement SRS there.<br><br>DKIM and it's variants is, IMHO, useless because it only allows you to prove that e-mail came from an authorized sender for a domain, it does *NOT* allow you to tell if e-mail came from an UNAUTHORIZED system for a domain.  You cannot use DKIM to tell if a sender address is forging the domain.<br><br>So DKIM is *NOT* a "better SPF".  They *ARE* compatible though.  If you get a message claiming to be from a specific domain which fails the SPF check, you probably still want to allow it if it passes DKIM.  I don't know of any mail programs that do that though.  The unfortunate thing about this is that SPF-only can be implemented entirely at SMTP time (RECV FROM) where SPF+DKIM would have to be implemented after receiving the message (after DATA).<br><br>Sean</htmltext>
<tokenext>SPF is not an anti-spam measure , it 's about preventing hijacking of domains .
People often seem to say " but spammers publish SPF records " , and that is true , but it does n't mean that SPF is not effective.SPF allows me to publish information about what systems will legitimately send e-mail using that domain .
It also allows me to act on that information published by other third parties.What this means is that I have to deal with dramatically less backscatter spam .
Since implementing SPF , I have not woken up to find 100,000 messages in my box that were bounces or outraged replies to spam sent by someone else .
Back in 1995 that exact issue happened to me , and to a lesser degree it happened regularly until SPF.There are , of course , some difficulties with SPF , but despite those I have chosen to use and advocate SPF.You do have to deal with legitimate third-parties sending mail from your domain .
We use an outsourced accounting package and have had to include their servers in our SPF records .
No big deal.As a recipient , if you have one account forwarding to another , and the destination account implements SPF , then you either need to white-list the forwarding machine ( s ) , or you need to implement SRS there.DKIM and it 's variants is , IMHO , useless because it only allows you to prove that e-mail came from an authorized sender for a domain , it does * NOT * allow you to tell if e-mail came from an UNAUTHORIZED system for a domain .
You can not use DKIM to tell if a sender address is forging the domain.So DKIM is * NOT * a " better SPF " .
They * ARE * compatible though .
If you get a message claiming to be from a specific domain which fails the SPF check , you probably still want to allow it if it passes DKIM .
I do n't know of any mail programs that do that though .
The unfortunate thing about this is that SPF-only can be implemented entirely at SMTP time ( RECV FROM ) where SPF + DKIM would have to be implemented after receiving the message ( after DATA ) .Sean</tokentext>
<sentencetext>SPF is not an anti-spam measure, it's about preventing hijacking of domains.
People often seem to say "but spammers publish SPF records", and that is true, but it doesn't mean that SPF is not effective.SPF allows me to publish information about what systems will legitimately send e-mail using that domain.
It also allows me to act on that information published by other third parties.What this means is that I have to deal with dramatically less backscatter spam.
Since implementing SPF, I have not woken up to find 100,000 messages in my box that were bounces or outraged replies to spam sent by someone else.
Back in 1995 that exact issue happened to me, and to a lesser degree it happened regularly until SPF.There are, of course, some difficulties with SPF, but despite those I have chosen to use and advocate SPF.You do have to deal with legitimate third-parties sending mail from your domain.
We use an outsourced accounting package and have had to include their servers in our SPF records.
No big deal.As a recipient, if you have one account forwarding to another, and the destination account implements SPF, then you either need to white-list the forwarding machine(s), or you need to implement SRS there.DKIM and it's variants is, IMHO, useless because it only allows you to prove that e-mail came from an authorized sender for a domain, it does *NOT* allow you to tell if e-mail came from an UNAUTHORIZED system for a domain.
You cannot use DKIM to tell if a sender address is forging the domain.So DKIM is *NOT* a "better SPF".
They *ARE* compatible though.
If you get a message claiming to be from a specific domain which fails the SPF check, you probably still want to allow it if it passes DKIM.
I don't know of any mail programs that do that though.
The unfortunate thing about this is that SPF-only can be implemented entirely at SMTP time (RECV FROM) where SPF+DKIM would have to be implemented after receiving the message (after DATA).Sean</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481476</id>
	<title>I use them</title>
	<author>NormalVisual</author>
	<datestamp>1261055460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I use them for all of my domains, but I can't really see that it makes the first bit of difference.</htmltext>
<tokenext>I use them for all of my domains , but I ca n't really see that it makes the first bit of difference .</tokentext>
<sentencetext>I use them for all of my domains, but I can't really see that it makes the first bit of difference.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482446</id>
	<title>Need them to send to some domains</title>
	<author>Anonymous</author>
	<datestamp>1261061280000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I use them because you can't send to some domains without an SFP record. Mainly Asian email providers, but our business has alost of agents in Asia so the mail has to flow.</p></htmltext>
<tokenext>I use them because you ca n't send to some domains without an SFP record .
Mainly Asian email providers , but our business has alost of agents in Asia so the mail has to flow .</tokentext>
<sentencetext>I use them because you can't send to some domains without an SFP record.
Mainly Asian email providers, but our business has alost of agents in Asia so the mail has to flow.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30510952</id>
	<title>Yes, use SPF in and out, but don't expect much</title>
	<author>Anonymous</author>
	<datestamp>1261402020000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I used to work for an antispam provider.</p><p>Interestingly in the first couple of years of SPF et al, were almost a guaranteed indicator of a spam domain - the spammers immediately implemented SPF to make their domains look more legitimate!  Nowadays (as gujo-odori said), a valid SPF record is an indicator that the email has not been forged, but not whether it is spam or not.</p><p>There are two sides to SPF: having your own valid SPF record marginally improves the chance of your legitimate email being delivered correctly, but as has been alluded to by others, if you get it wrong or forget to update it when you change your email setup, then it could likewise adversely affect the delivery of your email.  The other side of it is checking incoming email for SPF records: if the SPF record is invalid then there is a good chance it has been spoofed, but any other result (e.g. inconclusive or valid) does not necessarily mean that the email is worth reading!</p></htmltext>
<tokenext>I used to work for an antispam provider.Interestingly in the first couple of years of SPF et al , were almost a guaranteed indicator of a spam domain - the spammers immediately implemented SPF to make their domains look more legitimate !
Nowadays ( as gujo-odori said ) , a valid SPF record is an indicator that the email has not been forged , but not whether it is spam or not.There are two sides to SPF : having your own valid SPF record marginally improves the chance of your legitimate email being delivered correctly , but as has been alluded to by others , if you get it wrong or forget to update it when you change your email setup , then it could likewise adversely affect the delivery of your email .
The other side of it is checking incoming email for SPF records : if the SPF record is invalid then there is a good chance it has been spoofed , but any other result ( e.g .
inconclusive or valid ) does not necessarily mean that the email is worth reading !</tokentext>
<sentencetext>I used to work for an antispam provider.Interestingly in the first couple of years of SPF et al, were almost a guaranteed indicator of a spam domain - the spammers immediately implemented SPF to make their domains look more legitimate!
Nowadays (as gujo-odori said), a valid SPF record is an indicator that the email has not been forged, but not whether it is spam or not.There are two sides to SPF: having your own valid SPF record marginally improves the chance of your legitimate email being delivered correctly, but as has been alluded to by others, if you get it wrong or forget to update it when you change your email setup, then it could likewise adversely affect the delivery of your email.
The other side of it is checking incoming email for SPF records: if the SPF record is invalid then there is a good chance it has been spoofed, but any other result (e.g.
inconclusive or valid) does not necessarily mean that the email is worth reading!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481850</id>
	<title>Yes</title>
	<author>marquinhocb</author>
	<datestamp>1261057320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>SPF is the way to go.  Most public email out there (GMail, Hotmail, Yahoo) will mark email as spam if an email is sent from a server that isn't listed on the SPF record.<br>Obviously this isn't the only technique to fight spam (You validate that the sender really belongs to X.com, not that X.com isn't a spammer), but it helps.</p><p>As for the link to "SPF is harmful", that's about the biggest load of bull I've ever seen.  It's inaccurate, and is an uncommon case (how often does mail forwarding happen these days with everyone using non-ISP-bound free email services?).  It's like saying we should shutdown the internet because it's not completely accessible to devices with black&amp;white screens.</p><p>As I said before, all the major free email service providers take SPF into account (test it out yourself - setup your domain with SPF, and send an email to your gmail/hotmail from an unauthorized IP).</p><p>That said, SPF is pretty easy to setup.  Just a quick little txt in your domain and you're good to go.  This site will help you with generating your SPF:<br><a href="http://www.openspf.org/Tools" title="openspf.org" rel="nofollow">http://www.openspf.org/Tools</a> [openspf.org]</p></htmltext>
<tokenext>SPF is the way to go .
Most public email out there ( GMail , Hotmail , Yahoo ) will mark email as spam if an email is sent from a server that is n't listed on the SPF record.Obviously this is n't the only technique to fight spam ( You validate that the sender really belongs to X.com , not that X.com is n't a spammer ) , but it helps.As for the link to " SPF is harmful " , that 's about the biggest load of bull I 've ever seen .
It 's inaccurate , and is an uncommon case ( how often does mail forwarding happen these days with everyone using non-ISP-bound free email services ? ) .
It 's like saying we should shutdown the internet because it 's not completely accessible to devices with black&amp;white screens.As I said before , all the major free email service providers take SPF into account ( test it out yourself - setup your domain with SPF , and send an email to your gmail/hotmail from an unauthorized IP ) .That said , SPF is pretty easy to setup .
Just a quick little txt in your domain and you 're good to go .
This site will help you with generating your SPF : http : //www.openspf.org/Tools [ openspf.org ]</tokentext>
<sentencetext>SPF is the way to go.
Most public email out there (GMail, Hotmail, Yahoo) will mark email as spam if an email is sent from a server that isn't listed on the SPF record.Obviously this isn't the only technique to fight spam (You validate that the sender really belongs to X.com, not that X.com isn't a spammer), but it helps.As for the link to "SPF is harmful", that's about the biggest load of bull I've ever seen.
It's inaccurate, and is an uncommon case (how often does mail forwarding happen these days with everyone using non-ISP-bound free email services?).
It's like saying we should shutdown the internet because it's not completely accessible to devices with black&amp;white screens.As I said before, all the major free email service providers take SPF into account (test it out yourself - setup your domain with SPF, and send an email to your gmail/hotmail from an unauthorized IP).That said, SPF is pretty easy to setup.
Just a quick little txt in your domain and you're good to go.
This site will help you with generating your SPF:http://www.openspf.org/Tools [openspf.org]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482732</id>
	<title>We use postini, and postini doesn't use it.</title>
	<author>zerofoo</author>
	<datestamp>1261063260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>We use Postini, and postini handles the delivery of our mail.  We have yet to have any organization block our mail while it is delivered by postini.  It seems that most mail admins implicitly trust that postini's servers aren't spewing spam.</p><p>As far as postini's position on using SPF to identify spam:</p><p><i>Postini has investigated SPF and has decided not to implement it as a<br>feature for inbound mail processing. Implementing SPF would add<br>significant processing overhead without adding any appreciable<br>effectiveness to the spam filtering. Almost all mail that would be<br>blocked by SPF are also identified as spam by our spam filters.</i></p><p><i>In addition, Postini tracks the IP addresses of Fortune 500<br>corporations and the most popular internet sites such as Yahoo,<br>Hotmail, eBay, etc. Adding these domains to the Approved Senders list,<br>particularly at the organization level, is not usually needed and can<br>result in spam appearing to be sent from those domains inadvertently<br>getting to users' mailboxes. For this reason, Postini recommends<br>against using the Approved Senders list in this way; rather, it should<br>be used only for mail from senders that has previously been falsely<br>quarantined as spam. </i></p><p>The other reason I have not published and SPF record:  Verizon is hosting our DNS services, and when I asked their business services about adding SPF records to my domain the guy on the other end of the telephone had NO idea what I was talking about.</p><p>After 3 or 4 call transfers I just gave up.</p><p>-ted</p></htmltext>
<tokenext>We use Postini , and postini handles the delivery of our mail .
We have yet to have any organization block our mail while it is delivered by postini .
It seems that most mail admins implicitly trust that postini 's servers are n't spewing spam.As far as postini 's position on using SPF to identify spam : Postini has investigated SPF and has decided not to implement it as afeature for inbound mail processing .
Implementing SPF would addsignificant processing overhead without adding any appreciableeffectiveness to the spam filtering .
Almost all mail that would beblocked by SPF are also identified as spam by our spam filters.In addition , Postini tracks the IP addresses of Fortune 500corporations and the most popular internet sites such as Yahoo,Hotmail , eBay , etc .
Adding these domains to the Approved Senders list,particularly at the organization level , is not usually needed and canresult in spam appearing to be sent from those domains inadvertentlygetting to users ' mailboxes .
For this reason , Postini recommendsagainst using the Approved Senders list in this way ; rather , it shouldbe used only for mail from senders that has previously been falselyquarantined as spam .
The other reason I have not published and SPF record : Verizon is hosting our DNS services , and when I asked their business services about adding SPF records to my domain the guy on the other end of the telephone had NO idea what I was talking about.After 3 or 4 call transfers I just gave up.-ted</tokentext>
<sentencetext>We use Postini, and postini handles the delivery of our mail.
We have yet to have any organization block our mail while it is delivered by postini.
It seems that most mail admins implicitly trust that postini's servers aren't spewing spam.As far as postini's position on using SPF to identify spam:Postini has investigated SPF and has decided not to implement it as afeature for inbound mail processing.
Implementing SPF would addsignificant processing overhead without adding any appreciableeffectiveness to the spam filtering.
Almost all mail that would beblocked by SPF are also identified as spam by our spam filters.In addition, Postini tracks the IP addresses of Fortune 500corporations and the most popular internet sites such as Yahoo,Hotmail, eBay, etc.
Adding these domains to the Approved Senders list,particularly at the organization level, is not usually needed and canresult in spam appearing to be sent from those domains inadvertentlygetting to users' mailboxes.
For this reason, Postini recommendsagainst using the Approved Senders list in this way; rather, it shouldbe used only for mail from senders that has previously been falselyquarantined as spam.
The other reason I have not published and SPF record:  Verizon is hosting our DNS services, and when I asked their business services about adding SPF records to my domain the guy on the other end of the telephone had NO idea what I was talking about.After 3 or 4 call transfers I just gave up.-ted</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483630</id>
	<title>Just get everyone to use PGP or GPG</title>
	<author>Anonymous</author>
	<datestamp>1261071600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>and sign their emails with public keys. That way you can store their public keys on your system to verify it is a valid email.</p><p>I really am not sure why PGP or GPG isn't added to Email servers to verify email. Most email clients work with them and if email clients and servers are modified to use PGP or GPG encryption to connect and send out messages and automatically sign them then the servers can verify the sender via the private key and passphrase and lock out the spammers and scammers. Anyone who does send scams or spams can be identified by their signature key which would be required to send an email.</p><p>Most scammers and spammers use Botnets that have built in SMTP servers that they can use via remote control to send email and fake the headers and SPF and fake being from a domain that isn't black listed. Not only would you have to change how email clients and servers work, but you'd have to find a way for millions of Microsoft Windows clients to avoid being infected with trojans to be part of a Botnet that fakes SMTP messages.</p></htmltext>
<tokenext>and sign their emails with public keys .
That way you can store their public keys on your system to verify it is a valid email.I really am not sure why PGP or GPG is n't added to Email servers to verify email .
Most email clients work with them and if email clients and servers are modified to use PGP or GPG encryption to connect and send out messages and automatically sign them then the servers can verify the sender via the private key and passphrase and lock out the spammers and scammers .
Anyone who does send scams or spams can be identified by their signature key which would be required to send an email.Most scammers and spammers use Botnets that have built in SMTP servers that they can use via remote control to send email and fake the headers and SPF and fake being from a domain that is n't black listed .
Not only would you have to change how email clients and servers work , but you 'd have to find a way for millions of Microsoft Windows clients to avoid being infected with trojans to be part of a Botnet that fakes SMTP messages .</tokentext>
<sentencetext>and sign their emails with public keys.
That way you can store their public keys on your system to verify it is a valid email.I really am not sure why PGP or GPG isn't added to Email servers to verify email.
Most email clients work with them and if email clients and servers are modified to use PGP or GPG encryption to connect and send out messages and automatically sign them then the servers can verify the sender via the private key and passphrase and lock out the spammers and scammers.
Anyone who does send scams or spams can be identified by their signature key which would be required to send an email.Most scammers and spammers use Botnets that have built in SMTP servers that they can use via remote control to send email and fake the headers and SPF and fake being from a domain that isn't black listed.
Not only would you have to change how email clients and servers work, but you'd have to find a way for millions of Microsoft Windows clients to avoid being infected with trojans to be part of a Botnet that fakes SMTP messages.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30487052</id>
	<title>Do penance</title>
	<author>Chemisor</author>
	<datestamp>1261151160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The server will forgive your sins, my son, if you say three Hail Linuses.</p></htmltext>
<tokenext>The server will forgive your sins , my son , if you say three Hail Linuses .</tokentext>
<sentencetext>The server will forgive your sins, my son, if you say three Hail Linuses.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481692</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482358</id>
	<title>Care about your domain's reputation? Do it anyway.</title>
	<author>harr2969</author>
	<datestamp>1261060620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If you're in business, or if you care about your domain's reputation, you should be implementing SPF to prevent others from sending mail (aka joe-jobbing) as your domain.</p><p>Even if you DON'T care about your reputation, your life will be easier if you don't have to deal with the back-scatter (complaints, threats, invalid postmaster replies, out of office messages, etc) from a massive joe-job/spamming effort which is spoofing your domain.</p><p>You CAN make a substantial dent in these types of attacks with SPF. There are levels of SPF "certainty". In order to be most effective, you need to list all your sending servers with a dash "-all" for example, a major financial uses:</p><p>text ="v=spf1 ip4:207.162.228.0/24 [shortened] -all"</p><p>On the receiving side, most SPF implementations will (and should) respect the certainty of the senders SPF record. In the above example the financial implemented the "-all" qualifier, so if mail comes in from a place not on that list, based on their assertion I can safely drop it as spam. If they used a "?all" or other, I might only increment the spam probability or tag it [maybe spam].</p><p>When implementing your DNS SPF record, it can take time to make sure you've identified all the legit sender's of mail with your domain name if you're a large company. Keep at it and come back here and let me know, I'll give you a pat on the virtual back for doing THE RIGHT THING.</p><p><a href="http://www.openspf.org/" title="openspf.org" rel="nofollow">http://www.openspf.org/</a> [openspf.org]</p></htmltext>
<tokenext>If you 're in business , or if you care about your domain 's reputation , you should be implementing SPF to prevent others from sending mail ( aka joe-jobbing ) as your domain.Even if you DO N'T care about your reputation , your life will be easier if you do n't have to deal with the back-scatter ( complaints , threats , invalid postmaster replies , out of office messages , etc ) from a massive joe-job/spamming effort which is spoofing your domain.You CAN make a substantial dent in these types of attacks with SPF .
There are levels of SPF " certainty " .
In order to be most effective , you need to list all your sending servers with a dash " -all " for example , a major financial uses : text = " v = spf1 ip4 : 207.162.228.0/24 [ shortened ] -all " On the receiving side , most SPF implementations will ( and should ) respect the certainty of the senders SPF record .
In the above example the financial implemented the " -all " qualifier , so if mail comes in from a place not on that list , based on their assertion I can safely drop it as spam .
If they used a " ? all " or other , I might only increment the spam probability or tag it [ maybe spam ] .When implementing your DNS SPF record , it can take time to make sure you 've identified all the legit sender 's of mail with your domain name if you 're a large company .
Keep at it and come back here and let me know , I 'll give you a pat on the virtual back for doing THE RIGHT THING.http : //www.openspf.org/ [ openspf.org ]</tokentext>
<sentencetext>If you're in business, or if you care about your domain's reputation, you should be implementing SPF to prevent others from sending mail (aka joe-jobbing) as your domain.Even if you DON'T care about your reputation, your life will be easier if you don't have to deal with the back-scatter (complaints, threats, invalid postmaster replies, out of office messages, etc) from a massive joe-job/spamming effort which is spoofing your domain.You CAN make a substantial dent in these types of attacks with SPF.
There are levels of SPF "certainty".
In order to be most effective, you need to list all your sending servers with a dash "-all" for example, a major financial uses:text ="v=spf1 ip4:207.162.228.0/24 [shortened] -all"On the receiving side, most SPF implementations will (and should) respect the certainty of the senders SPF record.
In the above example the financial implemented the "-all" qualifier, so if mail comes in from a place not on that list, based on their assertion I can safely drop it as spam.
If they used a "?all" or other, I might only increment the spam probability or tag it [maybe spam].When implementing your DNS SPF record, it can take time to make sure you've identified all the legit sender's of mail with your domain name if you're a large company.
Keep at it and come back here and let me know, I'll give you a pat on the virtual back for doing THE RIGHT THING.http://www.openspf.org/ [openspf.org]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30488410</id>
	<title>Re:I use them</title>
	<author>GreyFish</author>
	<datestamp>1261156680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It may be making a difference for *other people* who can now discard spams that use your domain name.</p></htmltext>
<tokenext>It may be making a difference for * other people * who can now discard spams that use your domain name .</tokentext>
<sentencetext>It may be making a difference for *other people* who can now discard spams that use your domain name.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481476</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481646</id>
	<title>no</title>
	<author>Uzik2</author>
	<datestamp>1261056360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>and spamhaus put me on the pbl as well. (I don't send spam)</htmltext>
<tokenext>and spamhaus put me on the pbl as well .
( I do n't send spam )</tokentext>
<sentencetext>and spamhaus put me on the pbl as well.
(I don't send spam)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481556</id>
	<title>I publish but I don't check them</title>
	<author>chrisj\_0</author>
	<datestamp>1261055880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I publish spf records. But I don't check them for any incoming mail.

I have seen some email rejected by spf checking. Last time was a internal contractor that had our domain's emails forwarded to godaddy hosted email.
I would never reject mail based on an spf but I do publish if others if their dumb enough to reject mail.</htmltext>
<tokenext>I publish spf records .
But I do n't check them for any incoming mail .
I have seen some email rejected by spf checking .
Last time was a internal contractor that had our domain 's emails forwarded to godaddy hosted email .
I would never reject mail based on an spf but I do publish if others if their dumb enough to reject mail .</tokentext>
<sentencetext>I publish spf records.
But I don't check them for any incoming mail.
I have seen some email rejected by spf checking.
Last time was a internal contractor that had our domain's emails forwarded to godaddy hosted email.
I would never reject mail based on an spf but I do publish if others if their dumb enough to reject mail.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482412</id>
	<title>Re:Use DomainKeys..</title>
	<author>Antique Geekmeister</author>
	<datestamp>1261061040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This is nonsense, at least for Gmail. I have no difficulty sending to their domain from unregistered hosts.</p><p>SPF is not an anti-spam tool: it's an anti-spoofing tool. It also helps prevent 'backscatter' from certain types of forged spam, the bouncing of forged emails from scattered SMTP servers around the world, because its classic form blocks the message before it is even fully transmitted when the bounce address is published. It still has issues with sites that do email forwarding, since most of them simply repeat the original sender's bounce address, and their forwarding host is not usually authorized to send mail from that bounce address.</p><p>And make no mistake. SPF isn't about the "From:" line, it's about the bounce address. This confuses many people who have to deal with it.</p></htmltext>
<tokenext>This is nonsense , at least for Gmail .
I have no difficulty sending to their domain from unregistered hosts.SPF is not an anti-spam tool : it 's an anti-spoofing tool .
It also helps prevent 'backscatter ' from certain types of forged spam , the bouncing of forged emails from scattered SMTP servers around the world , because its classic form blocks the message before it is even fully transmitted when the bounce address is published .
It still has issues with sites that do email forwarding , since most of them simply repeat the original sender 's bounce address , and their forwarding host is not usually authorized to send mail from that bounce address.And make no mistake .
SPF is n't about the " From : " line , it 's about the bounce address .
This confuses many people who have to deal with it .</tokentext>
<sentencetext>This is nonsense, at least for Gmail.
I have no difficulty sending to their domain from unregistered hosts.SPF is not an anti-spam tool: it's an anti-spoofing tool.
It also helps prevent 'backscatter' from certain types of forged spam, the bouncing of forged emails from scattered SMTP servers around the world, because its classic form blocks the message before it is even fully transmitted when the bounce address is published.
It still has issues with sites that do email forwarding, since most of them simply repeat the original sender's bounce address, and their forwarding host is not usually authorized to send mail from that bounce address.And make no mistake.
SPF isn't about the "From:" line, it's about the bounce address.
This confuses many people who have to deal with it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481584</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30496278</id>
	<title>Every domain with an MX record should have an SPF</title>
	<author>Anonymous</author>
	<datestamp>1261153920000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>At the very least use ?all if you're an MTA slut.</p></htmltext>
<tokenext>At the very least use ? all if you 're an MTA slut .</tokentext>
<sentencetext>At the very least use ?all if you're an MTA slut.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481590</id>
	<title>I use them, but mainly for deniability</title>
	<author>e9th</author>
	<datestamp>1261056060000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>My SPF records have gotten me un-blacklisted a few times, after I've pointed out that those machines in Brazil weren't authorized to send email from my domains.  But I think DomainKeys, DKIM, etc. will make eventually make SPF unnecessary.</htmltext>
<tokenext>My SPF records have gotten me un-blacklisted a few times , after I 've pointed out that those machines in Brazil were n't authorized to send email from my domains .
But I think DomainKeys , DKIM , etc .
will make eventually make SPF unnecessary .</tokentext>
<sentencetext>My SPF records have gotten me un-blacklisted a few times, after I've pointed out that those machines in Brazil weren't authorized to send email from my domains.
But I think DomainKeys, DKIM, etc.
will make eventually make SPF unnecessary.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30485374</id>
	<title>Re:Yes.</title>
	<author>fearlezz</author>
	<datestamp>1261139580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I have had a few complaints about people not getting my mails. But all times, the fault was on the receiving mailservers.
<br> <br>
Mostly, the situation was:<br>
[my-mailserver]&lt;------&gt;[their-barracuda]&lt;------&gt;[their-mailserver]<br>
When their-mailserver isn't configured to check the SPF of the second hop, mail gets rejected as their-barracuda clearly isn't one of my servers. I don't feel responsible for other organisations' misconfiguration.</htmltext>
<tokenext>I have had a few complaints about people not getting my mails .
But all times , the fault was on the receiving mailservers .
Mostly , the situation was : [ my-mailserver ] [ their-barracuda ] [ their-mailserver ] When their-mailserver is n't configured to check the SPF of the second hop , mail gets rejected as their-barracuda clearly is n't one of my servers .
I do n't feel responsible for other organisations ' misconfiguration .</tokentext>
<sentencetext>I have had a few complaints about people not getting my mails.
But all times, the fault was on the receiving mailservers.
Mostly, the situation was:
[my-mailserver][their-barracuda][their-mailserver]
When their-mailserver isn't configured to check the SPF of the second hop, mail gets rejected as their-barracuda clearly isn't one of my servers.
I don't feel responsible for other organisations' misconfiguration.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481468</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484372</id>
	<title>Re:Anti-spam vendor's perspective</title>
	<author>DNS-and-BIND</author>
	<datestamp>1261167960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p> <i>if you emit junk, your reputation will be junk.</i>Yeah, well how do you tell what is junk?  I operate a 100\% legitimate email list.  ALL THE TIME, I get people who click "this is spam" in gmail or hotmail or yahoo.  At least 2-5 every email list run. Why?  My list isn't spam.  It's just that people get tired of the emails, and they would rather not click on "unsubscribe" and instead click on "spam".  They volunteered for the emails!  And meanwhile yahoo/gmail/hotmail take this as a vote that my email list is spam, and it ends up in new subscribers' spam folder.  Yippee.</p></htmltext>
<tokenext>if you emit junk , your reputation will be junk.Yeah , well how do you tell what is junk ?
I operate a 100 \ % legitimate email list .
ALL THE TIME , I get people who click " this is spam " in gmail or hotmail or yahoo .
At least 2-5 every email list run .
Why ? My list is n't spam .
It 's just that people get tired of the emails , and they would rather not click on " unsubscribe " and instead click on " spam " .
They volunteered for the emails !
And meanwhile yahoo/gmail/hotmail take this as a vote that my email list is spam , and it ends up in new subscribers ' spam folder .
Yippee .</tokentext>
<sentencetext> if you emit junk, your reputation will be junk.Yeah, well how do you tell what is junk?
I operate a 100\% legitimate email list.
ALL THE TIME, I get people who click "this is spam" in gmail or hotmail or yahoo.
At least 2-5 every email list run.
Why?  My list isn't spam.
It's just that people get tired of the emails, and they would rather not click on "unsubscribe" and instead click on "spam".
They volunteered for the emails!
And meanwhile yahoo/gmail/hotmail take this as a vote that my email list is spam, and it ends up in new subscribers' spam folder.
Yippee.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481694</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_35</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481468
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30485374
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481692
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482370
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482544
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482456
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30537620
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_36</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481468
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482668
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481476
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482214
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481694
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483902
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30485306
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481476
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484646
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481590
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482444
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481538
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30490186
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481672
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484950
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481694
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484372
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481624
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30488580
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483008
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481584
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482098
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481624
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482616
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483180
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481694
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484964
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484990
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30492782
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481584
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482412
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481942
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482706
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482934
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481724
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30497582
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483294
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30492516
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481594
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483890
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481468
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482052
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481468
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483642
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482878
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481468
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30489898
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481692
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30487052
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481476
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30488410
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481880
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481600
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481672
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30486432
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481538
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30492408
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_12_17_2359241_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481584
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483758
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481646
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481694
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483902
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484372
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484964
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481624
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30488580
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482616
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481672
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30486432
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484950
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481684
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481468
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483642
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30485374
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30489898
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482052
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482668
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481730
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482544
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482878
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482344
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481964
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30487504
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481538
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30492408
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30490186
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481692
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30487052
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482370
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481560
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484990
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30492782
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484124
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481462
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483180
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481880
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30485306
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481600
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482456
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30537620
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481594
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483890
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483008
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482934
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481644
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483294
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30492516
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481486
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481590
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482444
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481942
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482706
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483300
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481784
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482336
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481476
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30488410
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30484646
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482214
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481608
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483630
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30488704
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482116
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482126
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481584
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30483758
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482412
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30482098
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_12_17_2359241.25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30481724
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_12_17_2359241.30497582
</commentlist>
</conversation>
