I use it just the same for the domains I have complete controm over. Unfortunately, be aware that this setup maybe forbid your legitimate emails to be forwarded by a foreign host:
let's say your authorized server sends email in your name to a remote mailbox (let's say Yahoo!), which is setup to forward to another server that is doing spf checking (let's say mine). Yahoo's mail servers (like most of mails servers) do not rewrite return-path when forwarding mails and so my server would reject the mail as the yahoo servers are not authorized sending hosts for your domains. Just a choice to make. Being aware of this I choosed to forget about it. regards Le lundi 15 novembre 2010 à 11:56 -0500, David F. Skoll a écrit : > On Mon, 15 Nov 2010 11:50:50 -0500 > Michael Scheidell <michael.scheid...@secnap.com> wrote: > > > then don't use it: > > Our record follows the way I said SPF should work. It specifies only > 4 hosts as authorized to send for us and has a hard -all at the end. > That's because we took the time and trouble to set up our email > infrastructure so roaming users could VPN in and send through our > designated sending hosts. > > If you are not going to take the time and trouble to do that, then > don't publish an SPF record. Unfortunately, that means about 90% of > SPF records wouldn't be published. > > > add this to local.cf: > > We don't use SpamAssassin to evaluate SPF records. > > Regards, > > David. > > PS: How much backscatter do you think our SPF record has saved us from? > Probably none... -- Follow us on: twitter https://www.twitter.com/manainternet
