In an effort to reduce spam further we tried implementing SPF enforcement.
Within three days we turned it off. What we found was that:
- domain owners are allowing SPF records to be added to their zone files
without understanding the implications or that are just not correct
- domain owners and their employees regularly send email from mailservers
that violate their SPF.
- our customers were unable to receive email from important business contacts
- our customers were unable to understand why we would be enforcing a
system that prevented
them from getting important email.
- our customers couldn't understand what SPF does.
- our customers could not explain SPF to their business contacts who would
have had to contact their IT people to correct the SPF records.
Our assessment is that SPF is a good idea but pretty much unworkable for an
ISP/host without a major education program which we neither have the time
or money to do. Since we like our customers and they pay the bills it is
now a dead issue.
Any other experiences? I love to hear.
Best Regards,
Jeff Koch, Intersessions
