--On 15 May 2009 11:33:15 +1000 Richard Salts <exim@???> wrote:
>
> I'm not sure that SPF is such a great utility, except for whitelisting
> valid senders emails. Receiving a message from a host not listed for the
> domain isn't a good indication that the email is a forgery, as
> forwarding breaks this assumption.
It's too late to worry about this. Already several important domains
publish spf records with "-all", and some large email providers like Google
use spf records in their spam assessments.
You can see a list of top domains with spf "-all" records at
<
http://spf-all.com/>.
If you're forwarding mail for your users without rewriting the sender
domain, then you should expect some of that forwarding to fail.
SPF will cause some pain for the next few years, while forwarders catch up.
In the end, it'll give us a huge benefit of allowing us to assign
reputation to a sender address - before we see the body of an email.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see
http://www.sussex.ac.uk/its/help/
