From: Martin Gregorie <mar...@gregorie.org> Date: Tue, 23 Feb 2010 22:04:07 +0000 On Tue, 2010-02-23 at 16:17 -0500, Bowie Bailey wrote: > The only exception is if you have a strict SPF policy for your own > domain, you can use it to reject spam pretending to be from your users. Agreed. That's all I use it for.
The SPF checks in SpamAssassin will score SPF_FAIL without adding enough points to block the email by itself. I'm not ready to outright block email that fail SPF. I installed SPF during a backscatter storm, which immediately decreased in volume. Since then the periodic backscatter showers have got steadily smaller, so it looks as though mailservers configured check SPF before bouncing undeliverable mail have been getting steadily more common. Either that or spammers tend to avoid forging domains that have SPF. -jeff
