On 9/11/2011 5:35 PM, Dave Funk wrote: [snip] >> Set up an SPF record for your domain and make sure its valid by testing >> it with a validation tool.
You missed this point. > However a simple SPF fail doesn't score many points. To deal with the > exact same issue I added a custom local rule (a __rule so it doesn't > score points) that looks for our domain name in the From and combined > that with SPF_FAIL in a meta that really whacks the score. > > IE, in general it's not safe to use SPF_FAIL as a one-shot-kill but > when restricted to our domain I can trust it. Scoring has nothing to do with the real fix. A SPF "validation tool", or as I put it: your mail server configuration, doesn't allow receiving spoofed messages. -- René Berber
