Hacker News new | past | comments | ask | show | jobs | submit login

SPF, DKIM, DMARC are must have for today mail and yet many domain owners fail to make even the first and easiest step - publish a valid SPF record. Some mistakes I commonly see (don't do this):

  * no space between directives: "v=spf1 ip4:192.0.2.0/24 include:example.org-all"
  * space inside a directive: "v=spf1 ip4:192. 0.2.0/24 -all"
  * bad mechanism: "v=spf1 ipv4:192.0.2.1 -all"
  * no mechanism: "v=spf1 192.0.2.1 example.com"
  * = instead of : "v=spf1 include=example.com"
  * Unicode, mostly dashes (but I've seen zero-width spaces too): "v=spf1 —all"
  * Two SPF records for the same domain: "v=spf1 mx:example.com -all", "v=spd1 include:example.net ?all"
Don't know where it coming from, but IMHO we see a generation of developers/admins raised by Google search: you can type a search query with mistakes and still get what you want. Or may be web browsers to blame - you can screw up HTML/CSS in dozens ways and they'll render content anyway. And they start to think that all IT systems forgive small mistakes and typos. They just don't get that sometimes you have to read RFC (or at least simplified how-to) and follow it exactly.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: