Thanks for the tip! I didn't know how to debug that stuff. Here's what happens with a spammer faking one of my own domains:
>spamd[21654]: spf: query for >isabelle.2...@nro.ca/41.203.191.125/!41.203.191.125!: result: permerror, >comment: , text: Included domain 'srs.bis.na.blackberry.com' has no applicable >sender policy Looks like Mail::SPF is broken on my system. srs.bis.na.blackberry.com has legit spf txt records. What's weird is that the spfquery command gives correct results. I started reading SPF.pm and saw that I could hack it to avoid using Mail::SPF and instead use (what seems to be) the less preferred Mail::SPF::Query Installing Mail::SPF::Query had to be forced because most of its tests fail but it looks like it is returning correct SPF evaluations. It's recognizing mail sent via blackberry trusted relays, and giving me fail results on spammers as it should. If I get the time I'll look into the guts of Mail::SPF and try to figure out where it's going wrong.
