Security Vulnerability - SMTP protection not used

Ethan Blanton elb at
Wed Jan 27 10:16:29 EST 2016


Ketankumar Godhani spake unto us the following wisdom:
> I'm checking your website found SPF record there.
> You should apply strict SMPT policy to stop spoofed email sending from your
> domain.

We are aware of SPF, we understand SPF, and we do not implement it for
practical reasons.  Your scenario is irrelevant and wrong for multiple
reasons, among which that we do not have or offer accounts with web
password forms that protect particularly sensitive data.  This is in
addition to the fact that SPF is commonly ignored due to false
positives arising from a number of limitations.

We have noted your comments.  We will not be installing SPF records
any time soon.


More information about the security mailing list