Matus UHLAR - fantomas wrote: > On 23.02.10 16:17, Bowie Bailey wrote: > >> SPF enforcement at the MTA is useless for the reasons you specified. >> The only exception is if you have a strict SPF policy for your own >> domain, you can use it to reject spam pretending to be from your users. >> > > And what is this, if not enforcing SPF at MTA level? >
This is selective enforcement of a domain (or list of domains) that are known to have working SPF records. > Also, this can be solved at MTA level without SPF enforcement. Afaik some > servers are already rejecting mail from "their users" without proper > authentification. > True, but then you need to keep track of which mail servers are allowed to send mail for each domain. Which, coincidentally, is exactly what SPF does. (This is assuming a more complex configuration than just rejecting everything that does not originate locally.) -- Bowie
