David Woodhouse wrote: > On Sun, 2007-04-15 at 13:12 +0100, Alan Hicks wrote: >> Tommy Phipps wrote: >>> Our company is receiving spoofed emails using our domain name along >> with >>> many combinations of user names. >>> >>> I'm wondering if Exim can be set up to detect these spoofed messages >> to keep >>> them from being passed to Exchange. >>> >>> Thanks in advance for your help. >>> >>> Tommy Phipps >> Yes, I'm using the experimental Sender Policy Framework and it works >> well for this scenario. I used to get spoofed mail for most of the >> domains I manage. Now they are stopped when they say who they are >> sending as. > > Yes, but unfortunately SPF blocks _valid_ mail too. But let's not repeat > that debate again. The facts are obvious enough to anyone who actually > thinks about it for a while. http://david.woodhou.se/why-not-spf.html >
I agree that SPF is not without its issues but for the domains I manage it is an effective solution that has: - reduced spam by about 10%; - reduced the traffic I receive because the mail is rejected before the body is sent; - is rejected with a clear reason so anyone who is genuinely trying to send an email can address the issue through other channels; - to date, no one has identified any mail that has been incorrectly blocked to any of the organisations I manage. For me and the organisations I manage it works well. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
