Hi * SPF provides a mechanism of designating valid outbound smtp servers for a certain domain. This value is then matched against the Envelope-From (Return-Path) of an e-mail (except for SA 3.0, which also does HELO header-checking, but that's non-standard and merely a fallback mechanism).
The main reason, I guess, for slow SPF adaption is the fear of breaking something. As a hosting-only-provider we were facing the additional problem that many customers are not using our SMTP-server (even though they are advised to do so) but their ISP's. Forcing them to use our SMTP is not an option, so we were looking for a way of implementing SPF without breaking anything. SPF is implemented as DNS TXT record. Here's an example: "v=spf1 mx -all" To break this down: v=spf1 SPF identifier mx This means that all servers listed as MX are also allowed to act as outbound mail servers -all "all" describes what should happen if the client ip does not match any rule in the SPF record. This can be prefixed by: "-" fail, "~" soft fail, "+" pass and "?" neutral. More about mechanisms is described here: http://spf.pobox.com/mechanisms.html Records for our customer's domains look like this: "v=spf1 mx ?all" This means that if a mail comes from our server "mx" it can be considered legitimate. If it comes from another one "?all" don't do anything. This is far from being optimal, but at least we can give a hint on which server(s) are explicitly allowed to send mails. This information can be used for whitelisting. SPF is a community effort which will only work if everyone publishes their records and hereby you are encouraged to do so :) If you follow the above example you won't break anything. More information on SPF is available here (see "Find out more about SPF for: .. Sysadmins"): http://spf.pobox.com/ Here's a wizard to generate SPF records: http://spf.pobox.com/wizard.html -- Kind Regards Daniel Lorch Full-time SPF evangelist Hostpoint GmbH | The Data Residence | Zürcherstrasse 2 | 8640 Rapperswil | Schweiz Tel +41 55 220 0404 | Fax +41 55 220 0409 | www.hostpoint.ch _______________________________________________ swinog mailing list [EMAIL PROTECTED] http://lists.init7.net/cgi-bin/mailman/listinfo/swinog