Leonardo Rodrigues Magalhães a écrit : > > > Matt Kettler escreveu: > >> Screaming Eagle wrote: >> >> >>> All, >>> I am getting spam email with return-path of my domain name, but: >>> >>> Received: from friend (dsl-201-135-40-163.prod-infinitum.com.mx >>> <http://dsl-201-135-40-163.prod-infinitum.com.mx> [201.135.40.163 >>> <http://201.135.40.163>] (may be forged)) >>> >> >> >> Three letters. SPF. >> >> Publish a SPF record for your domain, and enable the SPF plugin. >> >> After that all mail forging your domain, or any other SPF domain, will >> get >> penalized SPF_FAIL or SPF_SOFTFAIL (depending on what your "all" >> record looks >> like). >> > > Even better ..... get your MTA to reject spoofed messages with your > domain !!! >
It's not better: - for people using fetchmail or getting mail from other MX'es (MSP...): they can't reject at mta level (in the fetchamil case, that would cause an unwanted bounce). so SA comes in handy. - In direct reception case, you should also allow other people to benefit from the same protection if you do that. so set an spf record: no reason to let other people accept mail that you would consider forged. note that this "breaks forwarding", but that's a different story.
